Re: Windows reverse Shell

[Ali Saifullah Khan <whipaz () gem net pk>]

In-Reply-To: <1028124981.20030204013745 () hotmail kg>

> Hello guys,
>
> David Litchfield in his Blackhat talk, talked about using socket handle
> from WSASocket() and pass that handle as a parameter to stdin, stdout
> and stderr for CreateProcess function. By doin this way his reverse
> cmd shellcode becomes much smaller. I tried coding that reverse
> command shell in C, but couldnt get it to work. It simply connects to
> my listening netcat listener and then disconnects. David Litchfield
> used 4 functions to achieva that WSASocket, bind, connect and
> CreateProcess. A lil help would b appreciated on building this reverse
> cmd shell. thanx.
>  
>
> -- 
> Best regards,
> Adik                         mailto:netninja () hotmail kg
Firstly, please elaborate on what you mean by "connecing and disconnecting 
immediately " ..... are you implying that it gets a FIN immediately, or 
are you watching netcat's non-verbose output on the cmdline :-)
 
Secondly, If i am correct, and WSASocket() gets you your socket handle, 
then it is apparent that WSASocket() is failing. You should check your 
initialization of winsock in the code (Include some error-checking code to 
see if its being started properly or not and paste the output in your 
reply)