We are three students in cybersecurity working on a project in C++. What we have to do is to create a software able to modify a portable executable and implement a backdoor in it. For now, we are working on 32bits executables since we have not succeeded to make it work in 64bits.
The shellcode injection works well. For example, if we inject a payload launching a message box in Putty and then we run this infected Putty, the message box appears, we can click OK and then Putty is launching. This shows our problem: we can not have the shellcode and the real program at the same time.
If we try with a true payload launching a Meterpreter reverse TCP shell, we have almost the same problem but it’s slightly different: we gain the access in reverse shell, but as soon as we close the connection on the attacker side, Putty closes itself without even showing its interface.
By now, our software can create the backdoor by resizing the code section and putting the payload in it or by creating a new section containing only the payload.
The shellcode is given in hexadecimal.
After a lot of Internet researches, we did not found anything that resolves this problem.
We can obviously show code snippets, please tell us what you want to see.
Thank you very much for your answers!
If you want, you can also join our Discord to talk about that :
Source: Windows Questions C++