Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/egebalci/wsaacceptbackdoor
Winsock accept() Backdoor Implant.
https://github.com/egebalci/wsaacceptbackdoor
backdoor implant pentest redteam rootkit shell windows winsock winsock2
Last synced: about 4 hours ago
JSON representation
Winsock accept() Backdoor Implant.
- Host: GitHub
- URL: https://github.com/egebalci/wsaacceptbackdoor
- Owner: EgeBalci
- License: agpl-3.0
- Created: 2021-02-13T15:59:01.000Z (almost 4 years ago)
- Default Branch: master
- Last Pushed: 2021-02-13T19:18:41.000Z (almost 4 years ago)
- Last Synced: 2023-10-20T19:37:52.039Z (about 1 year ago)
- Topics: backdoor, implant, pentest, redteam, rootkit, shell, windows, winsock, winsock2
- Language: C
- Homepage:
- Size: 481 KB
- Stars: 111
- Watchers: 7
- Forks: 21
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# WSAAcceptBackdoor
This project is a POC implementation for a DLL implant that acts as a backdoor for `accept` Winsock API calls. Once the DLL is injected into the target process, every `accept` call is intercepted using the Microsoft's detour library and redirected into the `BackdooredAccept` function. When a socket connection with a pre-defined special source port is establised, `BackdooredAccept` function launches a `cmd.exe` process and binds the accepted socket to the process STD(OUT/IN) using a named pipe.
**Demo:** [TTMO-4](https://ttmo.re/)