Skip to content

EgeBalci/WSAAcceptBackdoor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
WSAAcceptBackdoor.sln
WSAAcceptBackdoor.sln
 
 
WSAAcceptBackdoor.vcxproj
WSAAcceptBackdoor.vcxproj
 
 
WSAAcceptBackdoor.vcxproj.filters
WSAAcceptBackdoor.vcxproj.filters
 
 
WSAAcceptBackdoor.vcxproj.user
WSAAcceptBackdoor.vcxproj.user
 
 
banner.png
banner.png
 
 
config_win.h
config_win.h
 
 
detours-x64.lib
detours-x64.lib
 
 
detours-x86.lib
detours-x86.lib
 
 
detours.h
detours.h
 
 
detver.h
detver.h
 
 
dllmain.cpp
dllmain.cpp
 
 
ncat.h
ncat.h
 
 
ncat_config.h
ncat_config.h
 
 
ncat_connect.h
ncat_connect.h
 
 
ncat_core.h
ncat_core.h
 
 
ncat_exec.h
ncat_exec.h
 
 
ncat_exec_win.c
ncat_exec_win.c
 
 
ncat_listen.h
ncat_listen.h
 
 
ncat_proxy.h
ncat_proxy.h
 
 
ncat_ssl.h
ncat_ssl.h
 
 
sockaddr_u.h
sockaddr_u.h
 
 
syelog.h
syelog.h
 
 
sys_wrap.h
sys_wrap.h
 
 
util.h
util.h
 
 

Repository files navigation

WSAAcceptBackdoor

This project is a POC implementation for a DLL implant that acts as a backdoor for accept Winsock API calls. Once the DLL is injected into the target process, every accept call is intercepted using the Microsoft's detour library and redirected into the BackdooredAccept function. When a socket connection with a pre-defined special source port is establised, BackdooredAccept function launches a cmd.exe process and binds the accepted socket to the process STD(OUT/IN) using a named pipe.


Demo: TTMO-4

About

Winsock accept() Backdoor Implant.

Topics

windows shell backdoor rootkit pentest winsock redteam implant winsock2

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

110 stars

Watchers

7 watching

Forks

23 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages