Winsock accept() Backdoor Implant.

Last update: Nov 6, 2022

Overview

WSAAcceptBackdoor

This project is a POC implementation for a DLL implant that acts as a backdoor for accept Winsock API calls. Once the DLL is injected into the target process, every accept call is intercepted using the Microsoft's detour library and redirected into the BackdooredAccept function. When a socket connection with a pre-defined special source port is establised, BackdooredAccept function launches a cmd.exe process and binds the accepted socket to the process STD(OUT/IN) using a named pipe.

Demo: TTMO-4

You might also like...

Lsass NTLM Authentication Backdoor

nosferatu Lsass NTLM Authentication Backdoor How it Works First, the DLL is injected into the lsass.exe process, and will begin hooking authentication

190 Dec 24, 2022

Header-only VMWare Backdoor API Implementation & Effortless VMX Patcher for Custom Guest-to-Host RPCs

VmxHijack Header-only VMWare Backdoor API Implementation & Effortless VMX Patcher for Custom Guest-to-Host RPCs Sample // --- RPC Server Code (VmxHija

27 Sep 9, 2022

Create a fully undetectable backdoor with simple steps.

🔒 Generate FUD backdoor with a Python Crypter 🔒 Follow the steps bellow to generate a crypted shellcode that can be used on a C++ executable. Clone

58 Dec 12, 2022

Windows NTLM Authentication Backdoor

nosferatu Lsass NTLM Authentication Backdoor How it Works First, the DLL is injected into the lsass.exe process, and will begin hooking authentication

11 Nov 9, 2022

Owner

Ege Balcı

Security Researcher

GitHub

A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can be used to spawn a reverse shell to a remote host and more.

Umbra Umbra (/ˈʌmbrə/) is an experimental LKM rootkit for kernels 4.x and 5.x (up to 5.7) which opens a network backdoor that spawns reverse shells to

93 Dec 10, 2022

Linux Kernel module-less implant (backdoor)

0 KOPYCAT - Linux Kernel module-less implant (backdoor) Usage $ make $ sudo insmod kopycat.ko insmod: ERROR: could not insert module kopycat.ko: Inapp

52 Dec 28, 2022

The Kernel-Mode Winsock library, supporting TCP, UDP and Unix sockets (DGRAM and STREAM).

libwsk 简体中文 About libwsk is a wrapper for the WSK (Winsock-Kernel) interface. With libwsk, kernel-mode software modules can perform network I/O operat

149 Dec 28, 2022

TheMathU Similarity Index App will accept a mathematical problem as user input and return a list of similar problems that have memorandums.

Technologies MathU Similarity Index - Segmentation Cult The MathU Similarity Index App accepts a mathematical problem as user input and returns a list

7 Nov 2, 2022

WARFOX is a software-based HTTPS beaconing Windows implant that uses a multi-layered proxy network for C2 communications.

An HTTPS beaconing Windows implant and multi-layered proxy C2 network designed for covert APT emulation focused offensive operations

85 Nov 25, 2022

An HTTPS beaconing Windows implant and multi-layered proxy C2 network designed for covert APT emulation focused offensive operations

WARFOX is a software-based HTTPS beaconing Windows implant that uses a multi-layered proxy network for C2 communications. This kit was designed to emulate covert APT offensive operations. This kit includes WARFOX (Windows implant), HIGHTOWER (Listening Post), and other tools to build configs and set up a proxy network.

85 Nov 25, 2022

Header-only VMWare Backdoor API Implementation & Effortless VMX Patcher for Custom Guest-to-Host RPCs

VmxHijack Header-only VMWare Backdoor API Implementation & Effortless VMX Patcher for Custom Guest-to-Host RPCs Sample // --- RPC Server Code (VmxHija

87 Aug 18, 2022

A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can be used to spawn a reverse shell to a remote host and more.

Umbra Umbra (/ˈʌmbrə/) is an experimental LKM rootkit for kernels 4.x and 5.x (up to 5.7) which opens a network backdoor that spawns reverse shells to

93 Dec 10, 2022

Light-weight UNIX backdoor

JadedWraith Lightweight UNIX backdoor for ethical hacking. Useful for red team engagements and CTFs. Something I wrote a few years ago as part of a ga

128 Aug 24, 2022

Fully Undetectable Windows backdoor w/ C2-listener

Pwnbl0wz - Windows C2-Listener & Backdoor EDUCATIONAL PURPOSES ONLY! I AM NOT RESPONSIBLE FOR ANY HARM CAUSED BY PWNBL0WZ Fully Undetectable Windows b

6 Nov 24, 2022

Winsock accept() Backdoor Implant.

Related tags

Overview

WSAAcceptBackdoor

You might also like...

Lsass NTLM Authentication Backdoor

Header-only VMWare Backdoor API Implementation & Effortless VMX Patcher for Custom Guest-to-Host RPCs

Create a fully undetectable backdoor with simple steps.

Windows NTLM Authentication Backdoor

Owner

Ege Balcı

A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can be used to spawn a reverse shell to a remote host and more.

Linux Kernel module-less implant (backdoor)

The Kernel-Mode Winsock library, supporting TCP, UDP and Unix sockets (DGRAM and STREAM).

TheMathU Similarity Index App will accept a mathematical problem as user input and return a list of similar problems that have memorandums.

WARFOX is a software-based HTTPS beaconing Windows implant that uses a multi-layered proxy network for C2 communications.

An HTTPS beaconing Windows implant and multi-layered proxy C2 network designed for covert APT emulation focused offensive operations

Header-only VMWare Backdoor API Implementation & Effortless VMX Patcher for Custom Guest-to-Host RPCs

A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can be used to spawn a reverse shell to a remote host and more.

Light-weight UNIX backdoor

Fully Undetectable Windows backdoor w/ C2-listener