https://github.com/egebalci/wsaacceptbackdoor

Winsock accept() Backdoor Implant.
https://github.com/egebalci/wsaacceptbackdoor

backdoor implant pentest redteam rootkit shell windows winsock winsock2

Last synced: 10 months ago
JSON representation

Winsock accept() Backdoor Implant.

Host: GitHub
URL: https://github.com/egebalci/wsaacceptbackdoor
Owner: EgeBalci
License: agpl-3.0
Created: 2021-02-13T15:59:01.000Z (about 5 years ago)
Default Branch: master
Last Pushed: 2021-02-13T19:18:41.000Z (about 5 years ago)
Last Synced: 2025-04-01T13:37:08.805Z (11 months ago)
Topics: backdoor, implant, pentest, redteam, rootkit, shell, windows, winsock, winsock2
Language: C
Homepage:
Size: 481 KB
Stars: 112
Watchers: 6
Forks: 23
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

          # WSAAcceptBackdoor

This project is a POC implementation for a DLL implant that acts as a backdoor for `accept` Winsock API calls. Once the DLL is injected into the target process, every `accept` call is intercepted using the Microsoft's detour library and redirected into the `BackdooredAccept` function. When a socket connection with a pre-defined special source port is establised, `BackdooredAccept` function launches a `cmd.exe` process and binds the accepted socket to the process STD(OUT/IN) using a named pipe.



  

  




**Demo:** [TTMO-4](https://ttmo.re/)

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/egebalci/wsaacceptbackdoor

Awesome Lists containing this project

README