Including the necessary libraries
In C there are some types of files which can be included in others, these are called “headers”, they contain information and let you use functions, variables and keywords that were defined in another place. These are libraries.
In order to properly develop each one of the things that are in our ToDo for the malware, we’ll need to include some libraries, these are the things our malware will be able to perform:
- Establish a connection between client and server (the client is the machine that awaits for a connection, in other words, the victim. And the server, is the one that connects to an address and sends information, that’s us. The attacker)
- Emulate a Shell, which will let us to execute commands in the client machine remotely
- Add persistence to our malware, that means, each the infected operating system boots, it’ll execute our malware as well.
- Execute other files
- A Change directory (cd-like) function to navigate through the victim’s machine
- A Keylogger (this will let us to capture and store all of the keys the victim presses)
To perform all of those tasks, we’ll need to include some libraries which will make the work easier. First, create a new “C” file (with the “.c” extension) and call it as you want, in my case, I’ll call it “Backdoor.c”.
Tip: To include libraries in C, write “#include <library_name.h>”
We’ll need to include the following libraries:
stdio.h: Will allow us to use Input/Output functions
stdlib.h: Will import some useful functions we’ll need later
unistd.h: As “stdlib.h”, this library will import some constants we’ll use later
winsock2.h: This library will import the sockets. We’ll use them later for creating a server/client connection
windows.h: As we are creating our malware for windows, we’ll need this library as it will let us use some platform-specific functions, constants and keywords
winuser.h: This library will let us use effects. We’ll use it for hiding our window, so when the malware is executed, none window will pop up.
wininet.h: Some windows-specific internet functions
windowsx.h: Some windows-specific useful functions
string.h: Will let us to create and manipulate strings
sys/stat.h: Will let us to read files metadata (size, name, creation date, modification date, etcetera)
These are all of the libraries we’ll need. If you want a deeper explanation about them, it’s as easy as fire up a web browser and searching for the library name, for example: “windows.h”, uou can do this with functions, variables and every thing you don’t understand in the code.
This is our code so far:
#include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <winsock2.h> #include <windows.h> #include <winuser.h> #include <wininet.h> #include <windowsx.h> #include <string.h> #include <sys/stat.h> #include <sys/types.h>