C++获取服务banner

(Updated: )
C++安全渗透
C++, 安全渗透

网上有很多获取服务banner的文章,但大多数都是写的python代码,根据python代码用C++写了一份。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
import socket
import sys
import time

if len(sys.argv) != 3:
    print("argv  error")
    sys.exit()
else:
    ip = sys.argv[1]

    port = int(sys.argv[2])

    banner = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    banner.connect((ip, port))

    banner_recv = banner.recv(4096)

    time.sleep(10)
    print(banner_recv)

    banner.close()

    exit()

看了一下,直接在建立连接之后,服务就会返回一份含有banner的信息。那么直接用C++的socket函数写一遍就OK了。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
WSADATA wsaData;
int iResult;

SOCKET ConnectSocket = INVALID_SOCKET;
struct sockaddr_in clientService;

char *sendbuf = "this is a test";
char recvbuf[DEFAULT_BUFLEN];
int recvbuflen = DEFAULT_BUFLEN;

//----------------------
// Initialize Winsock
iResult = WSAStartup(MAKEWORD(2, 2), &wsaData);
if (iResult != NO_ERROR) {
  printf("WSAStartup failed: %d\n", iResult);
  return 1;
}

//----------------------
// Create a SOCKET for connecting to server
ConnectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (ConnectSocket == INVALID_SOCKET) {
  printf("Error at socket(): %ld\n", WSAGetLastError());
  WSACleanup();
  return 1;
}

//----------------------
// The sockaddr_in structure specifies the address family,
// IP address, and port of the server to be connected to.
clientService.sin_family = AF_INET;
clientService.sin_addr.s_addr = inet_addr("122.51.26.63");
clientService.sin_port = htons(22);

//----------------------
// Connect to server.
iResult = connect(ConnectSocket, (SOCKADDR*)&clientService, sizeof(clientService));
if (iResult == SOCKET_ERROR) {
  closesocket(ConnectSocket);
  printf("Unable to connect to server: %ld\n", WSAGetLastError());
  WSACleanup();
  return 1;
}
do {

  iResult = recv(ConnectSocket, recvbuf, recvbuflen, 0);
  if (iResult > 0) {
    printf("Bytes received: %d\n", iResult);
    printf_s("recevied bytes: %s\n", recvbuf);
  }
  else if (iResult == 0)
    printf("Connection closed\n");
  else
    printf("recv failed: %d\n", WSAGetLastError());

} while (iResult > 0);

return true;

一开始是打算看一下nmap的banner script的源码写的,发现里面直接调用了一个banner函数,就没有继续深究下去了。