You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a persistent reverse shell that uses windows TCP sockets to communicate with a listener. The listener can be anything that accepts a remote connection, I used netcat to test (nc -lnvp 8080). Persistence is achieved through a registry run key that executes the backdoor path on a reboot. The purpose of this project was to gain a grasp of simple winAPI calls and sockets in C, as well as explore malware techniques. As of writing this, the executable goes undetected by windows defender and has a virustotal.com score of 3/72. The reason for its low detection rate could be due to the simplicity of the executable which doesn't pack/encrypt itself or use any typical process injection methods.
####Execution
### Execution
1. reverse shell executed
2. copy self to temp folder
Expand All
@@ -15,7 +15,7 @@ This is a persistent reverse shell that uses windows TCP sockets to communicate
*If the backdoor loses connection to the listener it will continue to beacon every 5 seconds to re-establish connection which could raise a red flag for Anti-virus*
### Notes:
####Notes:
- See Makefile for intended compilation and gcc flags for a compact exe
- Need to use a compiler that supports windows runtime (mingw)
