Opentelnet.exe source code

// Opentelnet.exe // Server Username Password ntlmauthtelnetport

# Include <stdio. h>
# Include <assert. h>
# Include <windows. h>
# Include <winnetwk. h>
# Include <winreg. h>
# Include <shlwapi. h>

# Pragma comment (Lib, "advapi32.lib ")
# Pragma comment (Lib, "MIP. lib ")

SC _handle g_schscmanager;
Hkey g_hkey;
DWORD g_defaulttelnetstarttype;
DWORD g_defaultregistrystarttype;
Lpbyte g_lpdefaulttelnetntlm;
Lpbyte g_lpdefaulttelnetport;

Void usage (char *);
Int restarttelnet ();
Int startremoteregistry ();
Int mystartservice (SC _handle, char *);

Int main (INT argc, char * argv [])
{
Int nretcode;
Char szipc [50] = "";
Hkey;
Lpstr lpusername, lppassword;
Netresource net;

DWORD dwntlm, dwtelnetport;

Usage (argv [0]); // displays welcome and help information
If (argc <5)
Return 0;

Sprintf (szipc, "% s /// IPC $", argv [1]);
Lpusername = argv [2]; // User Name
Lppassword = argv [3]; // Password

Net. lplocalname = NULL;
Net. lpremotename = szipc;
Net. dwtype = resourcetype_any;
Net. lpprovider = NULL;

Printf ("Connecting % s", argv [1]);

Reconnect:

// Clear the established IPC connection with the target
Nretcode = wnetcancelconnection2 (szipc, connect_update_profile, true );
If (nretcode = no_error)
Printf ("canncel successfully! // N ");

// Establish an IPC connection with the target
Nretcode = wnetaddconnection2 (& net, lppassword, lpusername, connect_interactive );
If (nretcode = error_already_assigned | nretcode = error_device_already_remembered)
{
Printf ("already conneted to the server! // N ");
Printf ("now re-connecting the server // n ");
Goto reconnect; // If an IPC connection already exists, the system returns reconnect to continue the attempt.
}
Else if (nretcode = no_error)
Printf ("successfully! // N "); // connection established successfully
Else
{
Printf ("// N // terr :");
Switch (nretcode) // handle errors
{
Case error_already_assigned:

Case error_access_denied:
Printf ("error_access_denied // n ");
Break;
Case error_bad_net_name:
Printf ("error_bad_net_name // n ");
Break;
Default:
Printf ("Connect err: % d! // N ", getlasterror ());
Break;
}
Return 0;
}

// Open the target service control management
G_schscmanager = openscmanager (argv [1], null, SC _manager_all_access );
If (g_schscmanager = NULL)
{
Printf ("open scmanager failed! // N ");
Return 0;
}

// Open the Remote Registry Service
If (! Startremoteregistry ())
{
Printf ("All process failed! // N ");
Return 0;
}

// Connect to the Remote Registry
If (! (Regconnectregistry (lpctstr) argv [1], HKEY_LOCAL_MACHINE, & g_hkey) = error_success ))
{
Printf ("Connect Remote Registry failed! // N ");
Return 0;
}

// Open the registry key value of the Telnet Service
If (! (Regopenkeyex (g_hkey, "software // Microsoft // telnetserver // 1.0", 0, key_all_access, & hkey) = error_success ))
{
Printf ("open key failed! // N ");
Return 0;
}

// Read the original Telnet values NTLM and port in the Registry
G_lpdefaulttelnetntlm = (lpbyte) localalloc (lptr, 50); // allocate space
G_lpdefaulttelnetport = (lpbyte) localalloc (lptr, 50 );
DWORD dwdatasize = 50;
// Read the NTLM key value to g_lpdefaulttelnetntlm In the allocated space. The default value is 2, which is used to restore Telnet.
If (! (Regqueryvalueex (hkey, "NTLM", null, null, g_lpdefaulttelnetntlm, & dwdatasize) = error_success ))
{
Printf ("Read NTLM failed! // N ");
Return 0;
}
// Read the telnetport key value to g_lpdefaulttelnetport. The default value is 23, which is used to restore Telnet.
If (! (Regqueryvalueex (hkey, "telnetport", null, null, g_lpdefaulttelnetport, & dwdatasize) = error_success ))
{
Printf ("Read port failed! // N ");
Return 0;
}

// Edit NTLM and port value
Dwntlm = atoi (argv [4]);
If (dwntlm> = 3)
{
Dwntlm = 1;
}
Dwtelnetport = atoi (argv [5]);

// Set the NTLM key value
If (! (Regsetvalueex (hkey, "NTLM", 0, REG_DWORD, (lpbyte) & dwntlm, sizeof (DWORD) = error_success ))
{
Printf ("Set NTLM value failed !");
Return 0;
}

// Set the port value
Regsetvalueex (hkey, "telnetport", 0, REG_DWORD, (lpbyte) & dwtelnetport, sizeof (DWORD ));

// Restart the Telnet Service
Nretcode = restarttelnet ();

If (nretcode)
{
Printf ("// nbingle !!! Yeah !! // N ");
Printf ("Telnet port is % d. You can try: //" Telnet IP % d // ", to connect the server !", Dwtelnetport, dwtelnetport );
}

// Now the telnet service is enabled. add several key values to save and modify the previous registry settings. You can use resumetelnet to restore the service.
If (! (Regsetvalueex (hkey, "default_ntlm", 0, REG_DWORD, g_lpdefaulttelnetntlm, sizeof (DWORD) = error_success ))
{
Printf ("Set defaultntlm value failed !");
Return 0;
}
If (! (Regsetvalueex (hkey, "default_port", 0, REG_DWORD, g_lpdefaulttelnetport, sizeof (DWORD) = error_success ))
{
Printf ("Set defaultport value failed !");
Return 0;
}
If (! (Regsetvalueex (hkey, "default_telnetstart", 0, REG_DWORD, (lpbyte) & g_defaulttelnetstarttype, sizeof (DWORD) = error_success ))
{
Printf ("Set defaulttelnetstart value failed !");
Return 0;
}
If (! (Regsetvalueex (hkey, "default_registrystart", 0, REG_DWORD, (lpbyte) & g_defaultregistrystarttype, sizeof (DWORD) = error_success ))
{
Printf ("Set defaultregistrystart value failed !");
Return 0;
}

Regclosekey (hkey );
Regclosekey (g_hkey); // close the opened registry key
 
// Close service control management scmanager
Closeservicehandle (g_schscmanager );

// Disconnect remote IPC
Printf ("// ndisconnecting server ");
Nretcode = wnetcancelconnection2 (argv [1], connect_update_profile, true );
If (nretcode = no_error)
Printf ("successfully! // N ");
Else
Printf ("failed! // N ");

Return 0;
}

Void usage (char * pcappname) // displays the welcome and help information
{
Printf ("*********************************** * **************** // n ");
Printf ("remote telnet configure, by refdom // n ");
Printf ("Email: refdom@263.net // n ");
Printf ("% S // N // n", pcappname );
Printf ("Usage: opentelnet.exe // Server Username Password ntlmauthtelnetport // n ");
Printf ("*********************************** * **************** // n ");
Return;
}

Int restarttelnet () // restart the Telnet Service
{
DWORD dwwaittime;
DWORD dwconfigsize;
SC _handle schtelnetservice;
Service_status sstelnetstatus;
Lpquery_service_config lptelnetconfig;

Printf ("// nnotice !!!!!! // N ");
Printf ("the telnet service default setting: ntlmauthor = 2 telnetport = 23 // N // n ");

// Enable the Telnet Service
Schtelnetservice = openservice (g_schscmanager, "TlntSvr", service_all_access );
If (schtelnetservice = NULL)
{
Printf ("open service failed! // N ");
Return 0;
}

Lptelnetconfig = (lpquery_service_config) localalloc (lptr, 1024 );
If (lptelnetconfig = NULL)
{
Printf ("alloc memory failed! // N ");
Return 0;
}

// Obtain the configuration parameters of the current Telnet Service
If (! Queryserviceconfig (schtelnetservice, lptelnetconfig, 1024, & dwconfigsize ))
{
Printf ("query service congfig failed! // N ");
Return 0;
}

// Save the default Telnet Service Startup Type
G_defaulttelnetstarttype = lptelnetconfig-> dwstarttype;

// Change the start type of the Telnet service to process startup by calling startservice
If (lptelnetconfig-> dwstarttype = service_disabled)
{
If (! Changeserviceconfig (schtelnetservice,
Service_no_change,
Service_demand_start,
Service_no_change,
Null, null, null ))
{
Printf ("Change Service Config failed! // N ");
Return 0;
}
}

// Obtain the current Telnet service status
If (! (Queryservicestatus (schtelnetservice, & sstelnetstatus )))
{
Printf ("query service status failed! // N ");
Return 0;
}

// If the current status of the Telnet service is not stop, stop the service.
If (sstelnetstatus. dwcurrentstate! = Service_stopped & sstelnetstatus. dwcurrentstate! = Service_stop_pending)
{
Printf ("Stopping Telnet service // n ");
If (! (Controlservice (schtelnetservice, service_control_stop, & sstelnetstatus )))
{
Printf ("control Telnet service status failed! // N ");
Return 0;
}

// Sleep for a period of time to wait for the telnet service to stop
Dwwaittime = sstelnetstatus. dwwaithint/10;
If (dwwaittime <1000)
Dwwaittime = 1000;
Else if (dwwaittime> 10000)
Dwwaittime = 10000;

Sleep (dwwaittime );
If (! Queryservicestatus (schtelnetservice, & sstelnetstatus ))
{
Printf ("query service status failed! // N ");
}

If (sstelnetstatus. dwcurrentstate = service_stopped | sstelnetstatus. dwcurrentstate = service_stop_pending)
{
Printf ("Telnet service is stopped successfully! // N ");
}
Else
{
Printf ("Stopping Telnet service failed! // N ");
Return 0;
}
} // At this time, the telnet service has been successfully stopped.

// Call mystartservice to restart the Telnet Service

If (! Mystartservice (schtelnetservice, "Telnet "))
Return 0;

Closeservicehandle (schtelnetservice); // close the Service handle
Return 1;
}

Int startremoteregistry () // start the Remote Registry Service
{
SC _handle schregistryservice;
Service_status ssregistrystatus;
Lpquery_service_config lpregistryconfig;
DWORD dwconfigsize;

Lpregistryconfig = (lpquery_service_config) localalloc (lptr, 1024 );
If (lpregistryconfig = NULL)
{
Printf ("alloc memory failed! // N ");
Return 0;
}

// Open the Remote Registry Service
Schregistryservice = openservice (g_schscmanager, "RemoteRegistry", service_all_access );
If (schregistryservice = NULL)
{
Printf ("open Remote Registry Service failed! // N ");
Return 0;
}

// Query the current service status
If (! Queryserviceconfig (schregistryservice, lpregistryconfig, 1024, & dwconfigsize ))
{
Printf ("Query registry Service Config failed! // N ");
Return 0;
}

// Determine the current Service Startup type. If it is disabled, it is changed to startservice.
G_defaultregistrystarttype = lpregistryconfig-> dwstarttype;
If (g_defaultregistrystarttype = service_disabled)
{
If (! Changeserviceconfig (schregistryservice,
Service_no_change,
Service_demand_start,
Service_no_change,
Null, null, null ))
{
Printf ("Change Registry Service Config failed! // N ");
Return 0;
}
}

// Query the service status
If (! Queryservicestatus (schregistryservice, & ssregistrystatus ))
{
Printf ("Query Remote Registry Service failed! // N ");
Return 0;
}

// If the current service is not started, call mystartservice to start
If (ssregistrystatus. dwcurrentstate! = Service_running)
{
If (! Mystartservice (schregistryservice, "Remote Registry "))
Return 0;
}
Closeservicehandle (schregistryservice );
Return 1;
}

Int mystartservice (SC _handle schservice, char * szservicename) // start the specified service
{
DWORD dwwaittime;
DWORD dwoldcheckpoint;
DWORD dwstarttickcount;
Service_status ssstatus;

// Call startservice to start the service
Printf ("starting % s service // n", szservicename );
If (! (Startservice (schservice, 0, null )))
{
Printf ("starting % s service failed! // N ", szservicename );
Return 0;
}

// Obtain the current service status
If (! (Queryservicestatus (schservice, & ssstatus )))
{
Printf ("Query % s service status failed! // N ", szservicename );
// Return;
}

Dwstarttickcount = gettickcount (); // get the process running time
Dwoldcheckpoint = ssstatus. dwcheckpoint;

While (ssstatus. dwcurrentstate = service_start_pending)
{
Dwwaittime = ssstatus. dwwaithint/10;
If (dwwaittime <1000)
Dwwaittime = 1000;
Else if (dwwaittime> 10000)
Dwwaittime = 10000;

Sleep (dwwaittime );

// Re-query the status

If (! Queryservicestatus (schservice, & ssstatus ))
Break;

If (ssstatus. dwcheckpoint> dwoldcheckpoint)
{
// Starting the service
Dwstarttickcount = gettickcount ();
Dwoldcheckpoint = ssstatus. dwcheckpoint;
}
Else
{
If (gettickcount ()-dwstarttickcount> ssstatus. dwwaithint)
{
// The service is not started within the recommended waiting time
Break;
}
}
}

If (ssstatus. dwcurrentstate = service_running)
{
Printf ("% s service is started successfully! % S service is running! // N ", szservicename, szservicename );
}
Else
{
Printf ("% s service is not started! // N ", szservicename );
Return 0;
}

Return 1;
}