zbeng Posted May 28, 2007 Report Share Posted May 28, 2007 Making a visual basic Trojan horse is pretty simple. In this brief tutorial I will attempt toshow how with Winsock you can connect two applications together over the Internet.When you see the average Trojan horse such as Messiah, you notice that they generally come intotwo parts, the Client and the Server. Client. ---------The Client application is usualy the application that connects to the server on a specific portwhich the server is listerning on.The coding itself to make winsock connect is pretty easy, however you will need to firstly drawa WINSOCK control on your form, so to do that go to the Projects menu, click Components, and look down the new list for "Microsoft Winsock Control 6.0", select it and hit apply. On your control toolbar, there should be a new thing added, select it and draw it on the form.Don't worry its invisible at runtime.Right, you now need to make a 2 text boxes, call one TXTIP and one TXTPort to make life easier,These are basically going to allow Winsock to connect to the correct IP addressn on the correctPort that the user specifies.ok, now draw a command button, this is basically going to be the (dis)connect button that is going to make Winsock actually (dis)connect.Ok, now for the coding bits. The code is going to go into your command button subs, so we shouldrename the command button to something like CMDCONNECTION so its easier to look back at at a later date or whatever. Anyway...When the command button is clicked, we need to set the properties of Winsock ie the IP and PORT,then we need to make it connect. This is actually pretty simple to do. below is the code, the full explanation is underneath.1) Private Sub CMDCONNECTION_Click()2) If CMDCONNECTION.Caption = "Connect" Then3) Winsock1.Close4) Winsock1.RemoteHost = TXTIP5) Winsock1.RemotePort = TXTPort6) Winsock1.Connect7) CMDCONNECTION.Caption = "Disconnect"8) Else9) Winsock1.Close10) Me.Caption = "Not connected"11) CMDCONNECTION.Caption = "Connect"12) End If13) End SubLine 1: The Connect button has been hit so do the code asigned to the button.Line 2: Ok, this checks if the use has allready hit the connect button, if they have then we need to prepare winsock and also change the command buton to allow them to disconnect if they do manage to connect.Line 3: Ok, so we are preparing to connect to a computer so we firstly need to make sure that we are not currently connected to any other computer, if we are then this line closes the current connection ready to allow a new one.Line 4: Right, now this line tells Winsock that the remote IP address that it is going to connect to is whatever the value of TxTIP is, hopefully an IP address otehrwise it's not going to connect.Line 5: Now we are telling Winsock which port it is going to connect on, this time the port is equal to whatever the value of TXTPORT is. Hopefully the user type in a numerica value, however we could always force the contents of the text box to be numeric.Line 6: Now we have set the port and IP address, winsock can attempt to make a connection.Line 7: This now sets the caption of the Connect button to Disconnect. This now means that when the button is passed, the connection code is not executed because the caption is not connect, this is where the Else statement on line 8 helps. Line 8: If the CMDCONNECTION button does not have the caption "Connect" ie its been pressed and Winsock is either connecting or allready has.Line 9: Tells Winsock to close the current connection (Disconnects the client)Line 10: Sets the forms caption to display that winsock is not conected.Line 11: Resets the CMDCONNECTION button to now make it try to connect when pressed.Ok, so how the hell do we know if Winsock is connected or not? Well that is pretty easy too thankfully, Winsock has a sub provided called "Connect" this basically means that when Winsock has connected, the code in the Connect Sub is executed, very handy.So if we want to change the caption to "Connected" when winsock connects successfully, we need to add the code... Private Sub Winsock1_Connect() Me.Caption = "Connected" End SubWe also should add some kind of message to say if Winsock is disconnected for whatever reason,this is pretty easy too but we must remember that if we wish to make the client capable to connect again, we need to set the caption of the command button back to "Connect".So how can we find if the Client is disconnected? Well, there is really one place we can use, the sub Error of winsock. Private Sub Winsock1_Error(ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, ByVal HelpContext As Long, CancelDisplay As Boolean) Winsock1.Close Command1.Caption = "Connect" End SubNote: Lines 1, 2 and three MUST be on one line.Thats now the Client connected to the server, now we can send data to the server which makes the server react occording to the data sent.TO test this, make a command button and call it CMDHELLO, in the Click sub of this command button insert the following code: Private Sub CMDHELLO_Click() On Error GoTo ErrorAlarm Winsock1.SendData "Hello" Exit Sub ErrorAlarm: MsgBox "You are not connected, please connect first" End SubThis basically tells winsock to send the data "Hello" (Case sensative) to the server listerning. Wen the server gets this data, we will make it do something like make a message box. That is in the server code. Server. ---------The server usualy listens on a port for the Client to connect, once there has been a connection the server then awaits for data to be sent from the client and then acts on it. In this example we will make a message box.However, first thing is first... We need to make the server listen and accept the clients connection.Right, making the Winsock listen is pretty easy, the code can go in a command button called Listen, but to hell with it, I will make Winsock listen when the application is launched. SO it will be placed in the Form_Load() sub.The code is below, after is an explanation line by line.1) Private Sub Form_Load()2) Winsock1.Close3) Winsock1.LocalPort = "1234"4) Winsock1.lsiten5) End SubLine 1: All code in the sub is launched when the form loadsLine 2: Closes Winsock incase it is allready connected.Line 3: Sets the port to listen on as 1234, can be changed to whatever as long as the client connects on this port.line 4: Tells the server now to listen on the port specified, when it lisetns it basically listens for a connection on the port.Ok, Winsock is now listerning, but what happens when the Client connects? Currenlty the connection will be rejected because the server has not approved the clients connection. So we need to accept the conenction request, pretty simple since WInsock has a Connectionrequest sub.So, we need the code... Private Sub Winsock1_ConnectionRequest(ByVal requestID As Long) winsock1.close Winsock1.Accept requestID end subThis closes Winsock incase it is allready conencted, and accepts the connection request made.Now the client we made should say "Connected" as its caption.This is all good and fine, but what if we want to say recieve data from the Client? Well this is probably the hardest part of Trojan horse making, even then its not to taxing when thaught about and understood.So lets begin.Wen the client sends data to the server OR VICA VERSA the server needs to get the data and act on it, when data is recieved another winsock sub called DataArrival is used (thankfuly - it makes life alot easier)Right, so we know that the code to get the data goes in a Winsock sub called dataarival, with this you can find... Private Sub Winsock1_DataArrival(ByVal bytesTotal As Long) End SubSo, now to make winsock get the data... Private Sub Winsock1_DataArrival(ByVal bytesTotal As Long) Dim DATA as string winsock1.getdata DATA End SubYou see here we have declared DATA as a string, this means that the data that we recieve is of stringged value, I would strongly advise this since it stops errors and it includes pretty much all data you will be sending.Anyway, now we have got the data, now to act on it. The method I am using is very simple and is not advisable for a big Trojan that sends data with text added on, its only good for doing a SET function or task like we are dong in this example.In the Client example, we send the data "Hello" so now in the server we can interpret this and make a message box on it. Private Sub Winsock1_DataArrival(ByVal bytesTotal As Long) Dim DATA as string winsock1.getdata DATA if data = "Hello" then msgbox "Hello to you" end if End SubThis now means that if the data = Hello (What the client sent and case sensative) then make the message box or do whatever.hats it, the server listerning and accepting basic commands. Quote Link to comment Share on other sites More sharing options...
kw3rln Posted May 28, 2007 Report Share Posted May 28, 2007 frumos 10x Quote Link to comment Share on other sites More sharing options...
vladiii Posted May 29, 2007 Report Share Posted May 29, 2007 parca ziceai ca nu stii visual basic bun codul, l-am mai vazut pe 100 de siteuri dar aici nu sunt prezentate decat optiunile de trimitere mesaje la victima, dar d'aia e simple Quote Link to comment Share on other sites More sharing options...
