Autor
|
Tema: Ideas Troyano (Leído 1,743 veces)
|
HJZR4
Desconectado
Mensajes: 101
C0N0C1M13NT0
|
Abro este post para que la gente que no sea demasiado creativa (como yo), pueda tener idea de módulos para un troyano. Exponed ideas con o sin code, como querais. Yo sólo lo explico de manera esquemática, la conexión Cliente/Servidor corre por vuestra cuenta. 1. - Averiguar información básica de un equipo:'APIS Private Declare Function GetUserName Lib "advapi32.dll" Alias "GetUserNameA" (ByVal lpBuffer As String, nSize As Long) As Long Private Declare Function GetComputerName Lib "kernel32" Alias "GetComputerNameA" (ByVal lpBuffer As String, nSize As Long) As Long Private Declare Function GetWindowsDirectory Lib "kernel32" Alias "GetWindowsDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Private Sub Command1_Click() txtUser.Text = NombreUsuario txtWin.Text = WinDir txtPC.Text = NombreEquipo End Sub
Function WinDir() As String Dim Contenido As String Contenido = String(255, 0) W = GetWindowsDirectory(Contenido, Len(Contenido)) WinDir = Contenido End Function
Function NombreUsuario() As String Dim Contenido As String Contenido = String(255, 0) W = GetUserName(Contenido, Len(Contenido)) NombreUsuario = Contenido End Function Function NombreEquipo() As String Dim Contenido As String Contenido = String(255, 0) W = GetComputerName(Contenido, Len(Contenido)) NombreEquipo = Contenido End Function
2. - Minimizar ventanas:' APIS Private Declare Sub keybd_event Lib "user32" (ByVal bVk As Byte, _ ByVal bScan As Byte, ByVal dwFlags As Long, ByVal dwExtraInfo As Long) ' Constantes. Private Const KEYEVENTF_KEYUP = &H2 Private Const VK_LWIN = &H5B
Private Sub Command1_Click() Call keybd_event(VK_LWIN, 0, 0, 0) Call keybd_event(77, 0, 0, 0) Call keybd_event(VK_LWIN, 0, KEYEVENTF_KEYUP, 0) End Sub
3. - Capturar pantalla:' APIS Private Declare Sub keybd_event Lib "user32" (ByVal bVk As Byte, _ ByVal bScan As Byte, ByVal dwFlags As Long, ByVal dwExtraInfo As Long)
Private Sub Command1_Click() Call keybd_event(44, 0, 0&, 0&) DoEvents SavePicture Clipboard.GetData, App.Path & "\Captura.bmp" End Sub
|
|
|
En línea
|
Para aprender solo hay una solución: LeeR y Preguntar
|
|
|
70N1
Desconectado
Mensajes: 355
|
Hola. Yo no es que me interesen los troyanos... aunque en realidad estoy en uno. Pero mas bien lo hago como proyecto para aprender programacion. Cuando pido ayuda, en realidad no quiero que me digan el codigo, sino... que me digan de donde puedo sacar la informacion.
El ejemplo de las apis, vale, ahi pones como llamar a la api para ver informacion y tal... pero de donde as sacado tu eso??. Te lo inventaste?.xD Como saves que esa funcion es para eso?. Como aprendiste a usar la api?
Yo quiero aprender.
Si me puedes decir de donde sacar esa informacion me encantaria que me dijeses.
Me compre el libro Aprenda Visual Basic ya 6.0 Que mas me recomiendas?
Muchas gracias por tu tiempo.
|
|
|
En línea
|
70N1
|
|
|
~~
|
Descargate la Api Guide (es gratuita), ahí puedes encontrar el uso de las apis asi como sus declaraciones
|
|
|
En línea
|
|
|
|
70N1
Desconectado
Mensajes: 355
|
Muchas gracias.
En este mismo foro abri un tema con un hipervinculo a una especie de tutorial de la API de Windows, alomejor quieres echarle un vistaso... por curiosidad. Lo acavo de encontrar.
|
|
|
En línea
|
70N1
|
|
|
70N1
Desconectado
Mensajes: 355
|
Sabrias explicarme este codigo linea por linea... Se que es una gran perdida de tiempo por tu parte, pero me harias un gran favor y si lo haces en plan cursillo, pues mejor que mejor. Aver si asi puedo llegar a entender todo esto. Como por ejemplo: Me.AutoRedraw = True esto no tengo ni idea Set Obj = Me.Text1 carga un objeto en el text1 del caption Para que hace esto?.
Este codigo lo sake del api guide que tu mencionaste. Bueno, espero que me puedas ayudar y si no es asi dimelo para hacer un nuevo tema y ver si alguien le interesaria ayudarme vale. Un saludo.. Private Sub Form_Load() 'KPD-Team 2000 'URL: http://www.allapi.net/ 'E-Mail: KPDTeam@Allapi.net Dim sSave As String Me.AutoRedraw = True Set Obj = Me.Text1 'Start subclassing HookForm Me 'create a new winsock session StartWinsock sSave 'show the winsock version on this form If InStr(1, sSave, Chr$(0)) > 0 Then sSave = Left$(sSave, InStr(1, sSave, Chr$(0)) - 1) Me.Print sSave 'connect to Microsoft.com lSocket = ConnectSock("www.microsoft.com", 80, 0, Me.hwnd, False) End Sub Private Sub Form_Unload(Cancel As Integer) 'close our connection to microsoft.com closesocket lSocket 'end winsock session EndWinsock 'stop subclassing UnHookForm Me End Sub
'En el modulo
Public Const AF_INET = 2 Public Const INVALID_SOCKET = -1 Public Const SOCKET_ERROR = -1 Public Const FD_READ = &H1& Public Const FD_WRITE = &H2& Public Const FD_CONNECT = &H10& Public Const FD_CLOSE = &H20& Public Const PF_INET = 2 Public Const SOCK_STREAM = 1 Public Const IPPROTO_TCP = 6 Public Const GWL_WNDPROC = (-4) Public Const WINSOCKMSG = 1025 Public Const WSA_DESCRIPTIONLEN = 256 Public Const WSA_DescriptionSize = WSA_DESCRIPTIONLEN + 1 Public Const WSA_SYS_STATUS_LEN = 128 Public Const WSA_SysStatusSize = WSA_SYS_STATUS_LEN + 1 Public Const INADDR_NONE = &HFFFF Public Const SOL_SOCKET = &HFFFF& Public Const SO_LINGER = &H80& Public Const hostent_size = 16 Public Const sockaddr_size = 16 Type WSADataType wVersion As Integer wHighVersion As Integer szDescription As String * WSA_DescriptionSize szSystemStatus As String * WSA_SysStatusSize iMaxSockets As Integer iMaxUdpDg As Integer lpVendorInfo As Long End Type Type HostEnt h_name As Long h_aliases As Long h_addrtype As Integer h_length As Integer h_addr_list As Long End Type Type sockaddr sin_family As Integer sin_port As Integer sin_addr As Long sin_zero As String * 8 End Type Type LingerType l_onoff As Integer l_linger As Integer End Type Public Declare Function setsockopt Lib "wsock32.dll" (ByVal s As Long, ByVal Level As Long, ByVal optname As Long, optval As Any, ByVal optlen As Long) As Long Public Declare Function getsockopt Lib "wsock32.dll" (ByVal s As Long, ByVal Level As Long, ByVal optname As Long, optval As Any, optlen As Long) As Long Public Declare Function WSAGetLastError Lib "wsock32.dll" () As Long Declare Function SetWindowLong Lib "user32" Alias "SetWindowLongA" (ByVal hwnd As Long, ByVal nIndex As Long, ByVal dwNewLong As Long) As Long Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hwnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long Public Declare Function WSAIsBlocking Lib "wsock32.dll" () As Long Public Declare Function WSACleanup Lib "wsock32.dll" () As Long Public Declare Function Send Lib "wsock32.dll" Alias "send" (ByVal s As Long, buf As Any, ByVal buflen As Long, ByVal flags As Long) As Long Public Declare Function recv Lib "wsock32.dll" (ByVal s As Long, buf As Any, ByVal buflen As Long, ByVal flags As Long) As Long Public Declare Function WSAStartup Lib "wsock32.dll" (ByVal wVR As Long, lpWSAD As WSADataType) As Long Public Declare Function htons Lib "wsock32.dll" (ByVal hostshort As Long) As Integer Public Declare Function ntohs Lib "wsock32.dll" (ByVal netshort As Long) As Integer Public Declare Function socket Lib "wsock32.dll" (ByVal af As Long, ByVal s_type As Long, ByVal protocol As Long) As Long Public Declare Function closesocket Lib "wsock32.dll" (ByVal s As Long) As Long Public Declare Function Connect Lib "wsock32.dll" Alias "connect" (ByVal s As Long, addr As sockaddr, ByVal namelen As Long) As Long Public Declare Function WSAAsyncSelect Lib "wsock32.dll" (ByVal s As Long, ByVal hwnd As Long, ByVal wMsg As Long, ByVal lEvent As Long) As Long Public Declare Function inet_addr Lib "wsock32.dll" (ByVal cp As String) As Long Public Declare Function gethostbyname Lib "wsock32.dll" (ByVal host_name As String) As Long Public Declare Sub MemCopy Lib "kernel32" Alias "RtlMoveMemory" (Dest As Any, Src As Any, ByVal cb&) Public Declare Function inet_ntoa Lib "wsock32.dll" (ByVal inn As Long) As Long Public Declare Function lstrlen Lib "kernel32" Alias "lstrlenA" (ByVal lpString As Any) As Long Public Declare Function WSACancelBlockingCall Lib "wsock32.dll" () As Long Public saZero As sockaddr Public WSAStartedUp As Boolean, Obj As TextBox Public PrevProc As Long, lSocket As Long 'subclassing functions 'for more information about subclassing, 'check out the subclassing tutorial at http://www.allapi.net/ Public Sub HookForm(F As Form) PrevProc = SetWindowLong(F.hwnd, GWL_WNDPROC, AddressOf WindowProc) End Sub Public Sub UnHookForm(F As Form) If PrevProc <> 0 Then SetWindowLong F.hwnd, GWL_WNDPROC, PrevProc PrevProc = 0 End If End Sub Public Function WindowProc(ByVal hwnd As Long, ByVal uMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long If uMsg = WINSOCKMSG Then ProcessMessage wParam, lParam Else WindowProc = CallWindowProc(PrevProc, hwnd, uMsg, wParam, lParam) End If End Function 'our Winsock-message handler Public Sub ProcessMessage(ByVal lFromSocket As Long, ByVal lParam As Long) Dim X As Long, ReadBuffer(1 To 1024) As Byte, strCommand As String Select Case lParam Case FD_CONNECT 'we are connected to microsoft.com Case FD_WRITE 'we can write to our connection 'this is a part of the HTTP protocol 'for more information about this protocol, visit http://www.w3c.org/ strCommand = "GET http://www.microsoft.com/ HTTP/1.0" + vbCrLf strcomand = strCommand + "Pragma: no-cache" + vbCrLf strCommand = strCommand + "Accept: */*" + vbCrLf strCommand = strCommand + "Accept: text/html" + vbCrLf + vbCrLf 'send the data to our microsoft.com-connection SendData lFromSocket, strCommand Case FD_READ 'we have data waiting to be processed 'start reading the data Do X = recv(lFromSocket, ReadBuffer(1), 1024, 0) If X > 0 Then Obj.Text = Obj.Text + Left$(StrConv(ReadBuffer, vbUnicode), X) End If If X <> 1024 Then Exit Do Loop Case FD_CLOSE 'the connection with microsoft.com is closed End Select End Sub 'the following functions are standard WinSock functions 'from the wsksock.bas-file Public Function StartWinsock(sDescription As String) As Boolean Dim StartupData As WSADataType If Not WSAStartedUp Then If Not WSAStartup(&H101, StartupData) Then WSAStartedUp = True sDescription = StartupData.szDescription Else WSAStartedUp = False End If End If StartWinsock = WSAStartedUp End Function Sub EndWinsock() Dim Ret& If WSAIsBlocking() Then Ret = WSACancelBlockingCall() End If Ret = WSACleanup() WSAStartedUp = False End Sub Public Function SendData(ByVal s&, vMessage As Variant) As Long Dim TheMsg() As Byte, sTemp$ TheMsg = "" Select Case VarType(vMessage) Case 8209 'byte array sTemp = vMessage TheMsg = sTemp Case 8 'string, if we recieve a string, its assumed we are linemode sTemp = StrConv(vMessage, vbFromUnicode) Case Else sTemp = CStr(vMessage) sTemp = StrConv(vMessage, vbFromUnicode) End Select TheMsg = sTemp If UBound(TheMsg) > -1 Then SendData = Send(s, TheMsg(0), (UBound(TheMsg) - LBound(TheMsg) + 1), 0) End If End Function Function ConnectSock(ByVal Host$, ByVal Port&, retIpPort$, ByVal HWndToMsg&, ByVal Async%) As Long Dim s&, SelectOps&, Dummy& Dim sockin As sockaddr SockReadBuffer$ = "" sockin = saZero sockin.sin_family = AF_INET sockin.sin_port = htons(Port) If sockin.sin_port = INVALID_SOCKET Then ConnectSock = INVALID_SOCKET Exit Function End If
sockin.sin_addr = GetHostByNameAlias(Host$)
If sockin.sin_addr = INADDR_NONE Then ConnectSock = INVALID_SOCKET Exit Function End If retIpPort$ = getascip$(sockin.sin_addr) & ":" & ntohs(sockin.sin_port)
s = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) If s < 0 Then ConnectSock = INVALID_SOCKET Exit Function End If If SetSockLinger(s, 1, 0) = SOCKET_ERROR Then If s > 0 Then Dummy = closesocket(s) End If ConnectSock = INVALID_SOCKET Exit Function End If If Not Async Then If Connect(s, sockin, sockaddr_size) <> 0 Then If s > 0 Then Dummy = closesocket(s) End If ConnectSock = INVALID_SOCKET Exit Function End If SelectOps = FD_READ Or FD_WRITE Or FD_CONNECT Or FD_CLOSE If WSAAsyncSelect(s, HWndToMsg, ByVal 1025, ByVal SelectOps) Then If s > 0 Then Dummy = closesocket(s) End If ConnectSock = INVALID_SOCKET Exit Function End If Else SelectOps = FD_READ Or FD_WRITE Or FD_CONNECT Or FD_CLOSE If WSAAsyncSelect(s, HWndToMsg, ByVal 1025, ByVal SelectOps) Then If s > 0 Then Dummy = closesocket(s) End If ConnectSock = INVALID_SOCKET Exit Function End If If Connect(s, sockin, sockaddr_size) <> -1 Then If s > 0 Then Dummy = closesocket(s) End If ConnectSock = INVALID_SOCKET Exit Function End If End If ConnectSock = s End Function Function GetHostByNameAlias(ByVal hostname$) As Long On Error Resume Next Dim phe& Dim heDestHost As HostEnt Dim addrList& Dim retIP& retIP = inet_addr(hostname) If retIP = INADDR_NONE Then phe = gethostbyname(hostname) If phe <> 0 Then MemCopy heDestHost, ByVal phe, hostent_size MemCopy addrList, ByVal heDestHost.h_addr_list, 4 MemCopy retIP, ByVal addrList, heDestHost.h_length Else retIP = INADDR_NONE End If End If GetHostByNameAlias = retIP If Err Then GetHostByNameAlias = INADDR_NONE End Function Function getascip(ByVal inn As Long) As String On Error Resume Next Dim lpStr& Dim nStr& Dim retString$ retString = String(32, 0) lpStr = inet_ntoa(inn) If lpStr = 0 Then getascip = "255.255.255.255" Exit Function End If nStr = lstrlen(lpStr) If nStr > 32 Then nStr = 32 MemCopy ByVal retString, ByVal lpStr, nStr retString = Left(retString, nStr) getascip = retString If Err Then getascip = "255.255.255.255" End Function Public Function SetSockLinger(ByVal SockNum&, ByVal OnOff%, ByVal LingerTime%) As Long Dim Linger As LingerType Linger.l_onoff = OnOff Linger.l_linger = LingerTime If setsockopt(SockNum, SOL_SOCKET, SO_LINGER, Linger, 4) Then Debug.Print "Error setting linger info: " & WSAGetLastError() SetSockLinger = SOCKET_ERROR Else If getsockopt(SockNum, SOL_SOCKET, SO_LINGER, Linger, 4) Then Debug.Print "Error getting linger info: " & WSAGetLastError() SetSockLinger = SOCKET_ERROR End If End If End Function
|
|
« Última modificación: 15 Noviembre 2007, 19:21 pm por 70N1 »
|
En línea
|
70N1
|
|
|
~~
|
Me.AutoRedraw = True Eso es para poder escribir en el form El resto del code es muuuuuuuuuuy largo para explicarlo linea a linea....usa google en las lines q no entiendas o mejor aun descargate los modulos socket master para usar el ws sin necesidad de ocx....
|
|
|
En línea
|
|
|
|
|
|