by The Pull
Co-author: StoneFisk
*******************************************************************************************************
Godmessage IV Creator v0.4
Author: 6IT
Thanks: The Pull - Creator of Godmessage I, II, III, & IV - this is his brainchild.
Thanks: StoneFisk - Coauthor of Godmessage I, II, III, & IV.
Thanks: To all the people who helped make godmessage what it is today
(In no particular order):
Exxtreme, Nicula Laurentiu, Sugien, Dabbler, Blade, and everyone else I forgot to mention
Thanks: All the beta testers out there, Thanks for the feedback.
Special Thanks: George Guninski - Without his exploit, Godmessage wouldn't exist.
Keep finding those bugs George!
CHANGELOG 10-18-00 (v0.4)
GODMESSAGE IV
- call debug using %comspec%
- cleaned up javascript a little
- couple tweaks here and there
GMCreator
- Dynamically creates Godmessage from supplied html file
- prompts user for the three setTimout values
- Creates a second RC4 encrypted / Hex encoded Godmessage.
ToDo
- Add worm capabilities to GM...
CHANGE LOG 10-13-00 (v0.3)
GODMESSAGE IV
- A lot! Thanks to StoneFisk we were able to scrap the whole LCODER program and
use a smaller xxdecode.com program.
The result: GM is 29% smaller and more efficient. SF, you da man!
- Set the setTimeouts to 15, 2000, and 2500 respectively.
(I keep changing these settings trying to find the perfect timeout)
- Thru out a lot of unnecessary code
- fixed %comspec% problem (use %comspec% to call debug) - Thanks to Pull
- GM now deletes the hta file after it runs! Stealth baby, Stealth...
(Another great idea from the mind of the Pull)
GMCreator
- Scraped lcoder for XXENCODE.COM
- Increased executable file size to 34500 bytes!!!
TODO
- insert GM into user supplied html file
CHANGE LOG 10-12-00 (v0.2)
GODMESSAGE IV
- Deleted the setTimeout call of f() and replaced it with a call from the onload property of
the BODY element.
- Set the remaining setTimeouts to 15, 3000, and 4500 respectively.
- Cleaned up the VBScript code a bit, used fso.DeleteFile to clean up files
- A few other tweaks here and there
GMCreator
- encode onz.exe using XXE (onz.xfr)
- increased file size limit to 26000 bytes (thanks to XXEncoding)
TODO
- Optimize Godmessage code, remove unnessisary chars to make file smaller and
raise onz.exe size limit
- Possibly dynamically create godmessage from user supplied html file
*******************************************************************************************************
*******************************************************************************************************
Disclaimer: I take no responsibility for the use of this code.
I do not guarantee that my code is free from defects.
My software is provided �as is," and you use the software at your own risk.
I make no warranties as to performance, merchantability, fitness for a particular purpose,
or any other warranties whether expressed or implied.
Under no circumstances shall I be liable for direct, indirect, special, incidental,
or consequential damages resulting from the use, misuse, or inability to use this software.
*******************************************************************************************************
*******************************************************************************************************
Directions:
Unzip the package into it's own directory
copy your "executable" and html file to the same directory as GMCreator.vbs
Run GMCreator.vbs and enter in the filename of your executable
- Program will rename the file onz.exe (deleting original file)
- File can't be larger than 34500 bytes.
Enter the filename of your html file
- Godmessage will be inserted into this document
Enter in the values for the three setTimeout calls
- Enter the timeout for the 'Path' setProperty. (Default 15)
- Enter the timeout for the 'Doc' setProperty. (Default 2000)
- Enter the timeout for the 'invoke' method. (Default 2500)
Program will then create a fully functional Godmessage.html & GOdmessage.HexEnc.html
- Godmessage.html is the standard Godmessage, no encoding or encryption
- GOdmessage.HexEnc.html is a RC4 encrypted,
Hex encoded version that decrypts/decodes when loaded.
- Due to Hex encoding, file size is double that of standard GM
Have fun!
*******************************************************************************************************
"There he goes one of god's own prototypes.
A high-powered mutant of some kind never even considered for mass production.
Too weird to live and too rare to die." -Hunter S. Thompson
------------------------------------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------------------------------------
HINTS and TIPS:
Trojan to use/ICQ Paging :->
While the tHing is included, I suggest if you want ICQ paging to use asylum,
which you can get at http://slim.slak.org/ .
Here's a link to a FAQ MR gathered from a BBS:->
http://www.megasecurity.org/Info/Godmessage_faq.txt
A few fat heads have been saying the godmessage came out after KAK and bubbleboy,
and that we were some sort of pretenders.
Untrue, as it is said in the readme's and can be found in various places through out the net.
(What is true, however is that Guninski originally came up with the HTA bug with some demonstration code).
Here's an excellant collection of the godmessage, through its' journey through time
:->http://www.megasecurity.org/~masterrat/Evil_html_all.html
Check out the various readme's for various tips and hints.
Worthy of metion, Kid Arcade has submitted an improvement which will drastically reduce the size of the HTML, however this will have to be fully implemented in the next release.
Special thanks to all of the testers who have been crucial in working the kinks out.
(All of the other credits are at the bottom).
6IT has, of course, made the creator for this app, helped greatly in general improvements,
and included with this version is his special encrypted version.
Please see that readme for details on how to create your own godmessage.
------------------------------------------------------------------------------------------------------------------------------
DoS versions:->
aim.html and telnet.html -> aim.html must be included with aimfire.html in the same directory,
same with telnet.html and telnetfire.html.
AIM.HTML -> specify this instead of default.html. You can test by running in the same directory.
If you use AIM, it pretty effectively creates the HTA and forces you to reboot.
TELNET.HTML :-> specify this instead of default.html. You can test by running in the same directory.
It pretty effectively creates the HTA and forces you to reboot.
The AIM works far worse, even people that can get out of this consistently find they must reboot with AIM.
There are many, many ways one could do this. con/con, several have suggested,
I could have it open up mailto: URL's, access other system devices, besides con/con or null/null, etc.
Open up a billion windows, slam a activex or nasty javascript over and over, etc.
This is just the start.