Meh, I have not been able to fully do it. This is the result.
Exe:
/*
Connection Killer v0.1
Closes connections of selected process mathing port and ip
By ca0s [st4ck-3rr0r.blogspot.com] [ka0labs.org]
*/
#include <stdio.h>
#include <windows.h>
#include <Tlhelp32.h>
void error(char *err);
HANDLE myProc=NULL;
int main(int argc, char *argv[])
{
int rPort = 0, lPort = 0;
char *process = NULL, *ip = NULL;
int i=0;
FILE *args;
printf("-- Connection killer [ca0s] --\n");
char dll[]="KillConnect.dll";
for(i=1; i<argc-1; i++) {
if(strcmp(argv[i], "-lp") ==0) lPort = atoi(argv[i+1]);
if(strcmp(argv[i], "-rp") ==0) rPort = atoi(argv[i+1]);
if(strcmp(argv[i], "-p") ==0) process = argv[i+1];
if(strcmp(argv[i], "-ip") ==0) ip = argv[i+1];
}
if(!process) {
printf("Usage: %s -p PROCESS -rp REMOTE_PORT -lp LOCAL_PORT -ip REMOTE_IP\n", argv[0]);
printf("If argument left blank, assuming ALL. Process cannot be left empty.\n");
return -1;
}
printf("[/] Killing connections from:\n");
printf("\tProcess: %s\n", process);
printf("\tLocal port: %i\n", lPort);
printf("\tRemote port: %i\n", rPort);
printf("\tRemote IP: %s\n", ip);
HANDLE processList=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 pInfo;
BOOL st=TRUE;
pInfo.dwSize=sizeof(PROCESSENTRY32);
Process32First(processList, &pInfo);
int myPid=0;
do {
if(strcmp(pInfo.szExeFile, process)==0)
{
myPid=pInfo.th32ProcessID;
break;
}
st=Process32Next(processList, &pInfo);
}
while(st!=FALSE);
// Open process
printf("[+] Opening process %i\n", myPid);
myProc=OpenProcess(PROCESS_ALL_ACCESS, FALSE, myPid);
if(myProc==NULL) error("[-] Error opening process.\n");
else printf("[+] Process opened.\n");
// Reserve memory for argument (our DLL's name)
LPVOID dirToArg=VirtualAllocEx(myProc, NULL, strlen(dll), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if(dirToArg==NULL) error("[-] Error allocating arg memory.\n");
else printf("[+] Arg memory reserved (%i bytes).\n", strlen(dll));
// Write dll's name / handle in reserved memory
SIZE_T written=0;
if(WriteProcessMemory(myProc, dirToArg, (LPVOID)&dll, strlen(dll), &written)==0) error("[-] Error writing memory.\n");
else printf("[+] Memory successfuly written (arg %i bytes).\n", written);
// Write arguments to file
args = fopen("args.txt", "w");
if(!args) error("[-] Cannot create text file for arguments. Run me with elevated privileges.\n");
if(lPort) fprintf(args, "L%i\n", lPort);
if(rPort) fprintf(args, "R%i\n", rPort);
if(ip) fprintf(args, "I%s\n", ip);
fclose(args);
// Create thread in LoadLibrary()'s address
HANDLE rThread=CreateRemoteThread(myProc, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(LoadLibrary("Kernel32.dll"), "LoadLibraryA"), dirToArg, 0, NULL);
if(rThread==NULL) error("[-] Error creating remote thread.\n");
else printf("[+] Remote thread created.\n");
CloseHandle(myProc);
//unlink("args.txt");
printf("[+] Selected connections should have been killed.\n");
}
void error(char *err)
{
if(myProc!=NULL) CloseHandle(myProc);
printf("%s (%d)", err, GetLastError());
exit(0);
}
DLL:
/*
Connection Killer v0.1 DLL
Closes connections of selected process mathing port and ip
By ca0s [st4ck-3rr0r.blogspot.com] [ka0labs.org]
*/
#include <windows.h>
#include <process.h>
#include <stdio.h>
#include <stdlib.h>
#include <winsock2.h>
int getLine(char *linea, int len, FILE *file)
{
memset(linea, 0, len);
char *buf=(char *)malloc(sizeof(char));
memset(buf, 0, 1);
int count=0;
do
{
fread(buf, 1, 1, file);
strncat(linea, buf, 1);
count++;
}
while((!feof(file)) && (*buf!='\n') && (count<len));
free(buf);
if((!feof(file)) && (count<=1))
return 1;
else return count-1;
}
BOOL doShit(void)
{
char name[MAX_PATH], line[255];
char *a, *b;
struct sockaddr_in raddr, laddr;
struct linger slinger;
int i;
long n;
FILE *log, *args;
int len=sizeof(struct sockaddr_in);
BOOL isSock=FALSE;
int rPort = 0, lPort = 0;
char *ip = NULL;
slinger.l_onoff = 1;
slinger.l_linger = 0;
log = fopen("log.txt", "a");
if(!log) return FALSE;
GetModuleFileName(NULL, name, MAX_PATH);
fprintf(log, "[+] Attached to %s PID: %i\n", name, getpid());
// Get arguments
args = fopen("args.txt", "r");
if(!args) {
fprintf(log, "[-] Cannot get arguments.\n");
return FALSE;
}
i=getLine(line, 255, args);
do {
if(line[0] == 'I') { // IP
ip = (char*)malloc(i);
memset(ip, 0, i);
strncpy(ip, line+1, i-1);
}
if(line[0] == 'R') { // Remote Port
rPort = atoi(line+1);
}
if(line[0] == 'L') { // Local Port
lPort = atoi(line+1);
}
i=getLine(line, 255, args);
} while(i>1);
fprintf(log, "[+] LP: %i | RP: %i | IP: %s\n", lPort, rPort, ip);
for(i=0; i<256; i++)
{
isSock = FALSE;
if (getpeername(i, (struct sockaddr *)&raddr, &len)!=-1) isSock=TRUE;
if (getsockname(i, (struct sockaddr *)&laddr, &len)!=-1) isSock=TRUE;
if(!isSock) continue;
a=inet_ntoa(raddr.sin_addr);
b=inet_ntoa(laddr.sin_addr);
if ((ip) && (strcmp(ip, a)!=0) && (strcmp(ip, b)!=0)) continue;
if( ((rPort!=0) && (htons(rPort)!=raddr.sin_port)) && ((lPort!=0) && (htons(lPort)!=laddr.sin_port))) continue;
fprintf(log, "[/] Found %i\n", i);
setsockopt(i, SOL_SOCKET, SO_LINGER, (char *)&slinger, sizeof(struct linger));
if(closesocket(i)!=0) fprintf(log, "[-] Error %i\n", WSAGetLastError());
}
fclose(log);
return TRUE;
}
BOOL APIENTRY DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved)
{
BOOL st;
if(reason == DLL_PROCESS_ATTACH)
st = doShit();
return st;
}
But there are connections which won't shut down. IDK why.
