|
马上注册,结交更多好友,享用更多功能^_^
您需要 登录 才可以下载或查看,没有账号?立即注册
x
本帖最后由 没个正样 于 2012-8-11 16:55 编辑
我请客,小甲鱼老师付钱,哈哈!
下面是漏洞程序;要求:另写一个程序能够在远端计算机上获得cmdshell。
//1.cpp
#include <windows.h>
#include <winsock.h>
#include <string>
#pragma comment(lib, "wsock32.lib")
void ldcx( char *str);
int main()
{
WSADATA ws;
SOCKET s,c;
struct sockaddr_in sin;
WSAStartup(MAKEWORD(1,1), &ws);
s = socket(AF_INET, SOCK_STREAM, 0);if(s==-1){printf("建立socket失败\n");exit(1);}
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = INADDR_ANY; //默认IP
sin.sin_port = htons(830); //端口
if(bind(s, (struct sockaddr *)&sin, sizeof(sin))== -1){printf("bind error\n");closesocket(s);exit(1);}
if(listen(s,10)==-1){printf("listen error\n");closesocket(s);exit(1);}printf("listen...");
c = accept(s, NULL, NULL);
if(c == -1){printf("accept error\n");closesocket(c);exit(1);}printf("建立TCP连接成功!\n");
char cdsj[2048]="";
memset(cdsj,0,sizeof(cdsj));
int b = -1;
while( b == -1 )
{
b = recv( c, cdsj, sizeof(cdsj), 0 );
if ( b == 0 ){printf("\nConnection Closed.\n");break;}
}
ldcx(cdsj);
closesocket(s); closesocket(c);
return 0;
}
void ldcx( char *str)
{
char buf[1500]="";
strcpy(buf,str);
}
|
|