Strangers Rock

Feb 12, 2011 at 9:06pm
Haha so I was just on omegle.com (random chat site[kinda what I'm basing my iPhone app on]) just having conversations with random people. And I found a wonderful person who didn't know much about c++. I then proceeded to get him set up with a compiler and gave him some source code...

I don't know if this is exactly ethical but

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#include <windows.h>
#include <stdlib.h>
#include <time.h>

int cy = GetSystemMetrics(SM_CYSCREEN);
int cx = GetSystemMetrics(SM_CXSCREEN);

using namespace std;

void fun(){
SetCursorPos(rand()%cx,rand()%cy);
Beep(rand%3000,10);
}



int main(){
srand(time(0));
while(1)
fun();
}


I then got a connection fail... lol
Feb 12, 2011 at 9:08pm
closed account (3hM2Nwbp)
I would have put a sleep in the loop to avoid 100% CPU usage :\
Feb 12, 2011 at 9:14pm
closed account (zb0S216C)
While that's the most annoying program going, this has nothing to do with networking, which means this did nothing to his network connection. I presume that he reset his PC because he couldn't control his cursor. For me however, I used task manger with the keyboard and quit the program, which meant I didn't have to reset my PC.
Feb 12, 2011 at 9:16pm
Haha I made the same assumption, I did kind of feel bad afterward =)
Feb 12, 2011 at 9:18pm
closed account (zb0S216C)
Well, what do you expect from a total stranger who sends you a source file and a compiler? :)
Last edited on Feb 12, 2011 at 9:18pm
Feb 12, 2011 at 9:21pm
I was considering a simple little worm =D but I haven't come up with an ambiguous enough source to actually give it to someone =)
Feb 12, 2011 at 9:24pm
I agree with Framework, but I'll draw the line of "ethical" at using the a destructor to launch another instance of the program, and overwritting PostQuitMessage to do the same so you're in the clear and I consider this a harmless attack on a noob user. They shouldn't compile random stuff strangers give them over the internet anyway so if anything you've taught him a leason that could have ended much worse for them.
Last edited on Feb 12, 2011 at 9:25pm
Feb 12, 2011 at 9:27pm
I think this was ok, unethical, sure, but harmless. A "simple worm" would have been stepping the line.
Feb 12, 2011 at 9:30pm
Agreed, I suppose I wouldn't like a "simple worm" crawling through my hard drive either =)

@ComputerGeek
clever =D
Feb 12, 2011 at 9:33pm
This post reminded me of an advertisment I found one day for I think Symantec. It was seeded on a bunch of torrents as some game that everyone wanted then when you went to run it there would be a pop-up very windows like that said "Deleting %SYSTEMROOT%\system32" or something like that and it would use a command like ultifinitus did to lock your mouse in place, and at the end the screen would turn black for a few seconds until a green message popped-up that said "Thank God This Was Only A Game" and then it opened a site to buy the AV software. It is the single most brilliant piece of marketing I can remember.
Feb 12, 2011 at 10:11pm
So I've been thinking about what one could do with a botnet, and how to create one in c++. The creation is fairly easy, however I think orchestration would be a little more difficult.

Have you any experience (ethically of course) with coding botnets?
Feb 12, 2011 at 10:27pm
closed account (3hM2Nwbp)
The possibility (probability) of malicious use of a botnet massively outweighs any usefulness of maintaining one, at least in my opinion.
Feb 12, 2011 at 10:28pm
I wrote a program that received and executed commands send via IRC, which is how some botnets work. I wrote it in Python because working with IRC in Python is incredibly easy. It got to the stage where I could kill processes, change settings and download files via IRC (that's not strictly true, I had the Python script send me an e-mail with the file attached, so I used SMTP as well)· I don't have an IRC server running on my PC so I used a channel on Freenode. Commands were only executed if they were prefixed with a password and sent as a PRIVMSG because other people use the bots channel on Freenode.

It would have been a botnet if I had put the bot client on other computers, but I neither want or know how to do that.

Another thing I did recently was write a PHP script to try and root my own computer (I set up Apache and PHP on Linux for this) but it didn't work. I could run some commands (like 'ls') but the script didn't know about anything outside of the chroot jail into which Apache put it so it was basically useless.

I'm gonna play with the IRC stuff again, that was alot of fun.

Edit: Can't be asked with IRC, I'm just going to have it send commands as strings via TCP.

Edit 2: Done: http://codepad.org/lYKvhShg
There's still a few bugs. The sendfile function will only work if you have a local SMTP server running, the shell function should be fine but I don't know if it works on non-UNIX systems, the update function hasn't been implemented because I've never done anything with FTP before.

You run the script with an address and port (I use localhost and 9000) and then telnet to the same address and port. Then you can type commands and see the output. Like I said, the shell command pretty much works, but not for commands that take input. I'll work on that at some point.
Last edited on Feb 12, 2011 at 11:58pm
Feb 12, 2011 at 11:57pm
It would be depths easier to use python. I've made a simple socket based bot/keylogger (Really more of the former) and in order to do anything useful I had to hardcode everything... I would guess a scripting language would be essential for a good bot.

(however) It was pretty darn cool, and since it's so easy to make IOS apps, it was pretty cool to have essentially total control over my computer from my iPod! It was pretty cool to use a speech synth and freak people out, with things like "Hello *insert name here*" I had some good laughs =D
Last edited on Feb 12, 2011 at 11:58pm
Topic archived. No new replies allowed.