Skip to content

EgeBalci/WSAAcceptBackdoor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

WSAAcceptBackdoor.sln

WSAAcceptBackdoor.sln

 
 

WSAAcceptBackdoor.vcxproj

WSAAcceptBackdoor.vcxproj

 
 

WSAAcceptBackdoor.vcxproj.filters

WSAAcceptBackdoor.vcxproj.filters

 
 

WSAAcceptBackdoor.vcxproj.user

WSAAcceptBackdoor.vcxproj.user

 
 

banner.png

banner.png

 
 

config_win.h

config_win.h

 
 

detours-x64.lib

detours-x64.lib

 
 

detours-x86.lib

detours-x86.lib

 
 

detours.h

detours.h

 
 

detver.h

detver.h

 
 

dllmain.cpp

dllmain.cpp

 
 

ncat.h

ncat.h

 
 

ncat_config.h

ncat_config.h

 
 

ncat_connect.h

ncat_connect.h

 
 

ncat_core.h

ncat_core.h

 
 

ncat_exec.h

ncat_exec.h

 
 

ncat_exec_win.c

ncat_exec_win.c

 
 

ncat_listen.h

ncat_listen.h

 
 

ncat_proxy.h

ncat_proxy.h

 
 

ncat_ssl.h

ncat_ssl.h

 
 

sockaddr_u.h

sockaddr_u.h

 
 

syelog.h

syelog.h

 
 

sys_wrap.h

sys_wrap.h

 
 

util.h

util.h

 
 

Repository files navigation

WSAAcceptBackdoor

This project is a POC implementation for a DLL implant that acts as a backdoor for accept Winsock API calls. Once the DLL is injected into the target process, every accept call is intercepted using the Microsoft's detour library and redirected into the BackdooredAccept function. When a socket connection with a pre-defined special source port is establised, BackdooredAccept function launches a cmd.exe process and binds the accepted socket to the process STD(OUT/IN) using a named pipe.


Demo: TTMO-4

About

Winsock accept() Backdoor Implant.

Topics

windows shell backdoor rootkit pentest winsock redteam implant winsock2

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

112 stars

Watchers

7 watching

Forks

23 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages