1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236
| program crunas;
{$APPTYPE CONSOLE}
{ ajouter le md5 du programme !!!}
uses
SysUtils, windows, Variants,
DCPcrypt2, DCPblockciphers, DCPdes, DCPrc4, DCPsha1,
classes;
var
sUser, sDomain, Spassword, sExecutable, sOutput : string;
Cipher : TDCP_rc4;
KeyStr, CmdStr : string;
F : textfile;
ConsoleHandle : THandle;
ConsoleScreenBufferInfo : _CONSOLE_SCREEN_BUFFER_INFO;
const
LOGON_WITH_PROFILE = 1;
LOGON_NETCREDENTIALS_ONLY = 2;
{*****************************************************************}
procedure cls(hConsole : THandle);
const
coordScreen : TCoord = (X : 0;Y : 0);
var
cCharsWritten : DWord;
csbi : TConsoleScreenBufferInfo;
dwConSize : DWord;
begin
if not GetConsoleScreenBufferInfo(hConsole, csbi)
then exit;
dwConSize := csbi.dwSize.X * csbi.dwSize.Y;
if not FillConsoleOutputCharacter(hConsole, #32, dwConSize, coordScreen, cCharsWritten)
then exit;
if not GetConsoleScreenBufferInfo(hConsole, csbi)
then Exit;
if not FillConsoleOutputAttribute(hConsole, csbi.wAttributes, dwConSize, coordScreen, cCharsWritten)
then exit;
SetConsoleCursorPosition(hConsole, coordScreen);
end;
procedure aide();
begin
cls(ConsoleHandle);
SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_RED or FOREGROUND_INTENSITY);
Writeln(#13 + #10 + 'Crunas.exe by *** www.chavers.org ***');
SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_GREEN or FOREGROUND_INTENSITY);
Writeln(#13 + #10 + '********************************************************************************');
SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_RED or FOREGROUND_INTENSITY);
writeln(#13 + #10 + 'Fabrique un fichier de commande crypte, pour lancer une application');
Writeln('avec un compte different.');
Writeln(#13 + #10 + 'pour fabriquer le fichier:');
SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_BLUE or FOREGROUND_INTENSITY);
Writeln(' crunas.exe -u "login" -p "mot de passe" -d "domain" -e "programme.exe"');
SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_RED or FOREGROUND_INTENSITY);
Writeln(#13 + #10 + 'pour executer le fichier:');
SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_BLUE or FOREGROUND_INTENSITY);
Writeln(' crunas.exe "%systemdrive%\le programme.exe.cha"');
SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_GREEN or FOREGROUND_INTENSITY);
Writeln(#13 + #10 + '********************************************************************************');
SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_RED or FOREGROUND_INTENSITY);
writeln(#13 + #10 + 'Make a crypted command file, to start a application');
Writeln('with a different user account.');
Writeln(#13 + #10 + 'To make the command file:');
SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_BLUE or FOREGROUND_INTENSITY);
Writeln(' crunas.exe -u "login" -p "password" -d "domain" -e "application.exe"');
SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_RED or FOREGROUND_INTENSITY);
Writeln(#13 + #10 + 'To run the command file:');
SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_BLUE or FOREGROUND_INTENSITY);
Writeln(' crunas.exe "%systemdrive%\application.exe.cha"');
SetConsoleTextAttribute(ConsoleHandle, ConsoleScreenBufferInfo.wAttributes);
Halt;
end;
procedure AddLog(log : string);
begin
SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_RED or FOREGROUND_BLUE or FOREGROUND_INTENSITY);
Writeln(log);
SetConsoleTextAttribute(ConsoleHandle, ConsoleScreenBufferInfo.wAttributes);
end;
function CreateProcessWithLogon(
lpUsername : PWChar;
lpDomain : PWChar;
lpPassword : PWChar;
dwLogonFlags : DWORD;
lpApplicationName : PWChar;
lpCommandLine : PWChar;
dwCreationFlags : DWORD;
lpEnvironment : Pointer;
lpCurrentDirectory : PWChar;
const lpStartupInfo : TStartupInfo;
var lpProcessInfo : TProcessInformation) : BOOL; stdcall;
external advapi32 name 'CreateProcessWithLogonW';
procedure start();
var
i : integer;
begin
ConsoleHandle := GetStdHandle(STD_OUTPUT_HANDLE);
GetConsoleScreenBufferInfo(ConsoleHandle, ConsoleScreenBufferInfo);
if ParamCount <> 8 then
if ParamCount <> 1 then
aide;
if ParamCount = 8 then
begin
for i := 1 to ParamCount do
if AnsiLowerCase(ParamStr(i)) = '-u' then
sUser := ParamStr(i + 1)
else
if AnsiLowerCase(ParamStr(i)) = '-p' then
spassword := ParamStr(i + 1)
else
if AnsiLowerCase(ParamStr(i)) = '-d' then
sDomain := ParamStr(i + 1)
else
if AnsiLowerCase(ParamStr(i)) = '-e' then
sExecutable := ParamStr(i + 1);
sOutput := ExtractFilePath(ParamStr(0)) + ExtractFileName(sExecutable) + '.cha';
end;
if ParamCount = 1 then
sOutput := ParamStr(1);
end;
procedure Explode(var a : array of string;Border, S : string);
var
S2 : string;
i : Integer;
begin
i := 0;
S2 := S + Border;
repeat
a[i] := Copy(S2, 0, Pos(Border, S2) - 1);
Delete(S2, 1, Length(a[i] + Border));
Inc(i);
until S2 = '';
end;
procedure makecha();
begin
KeyStr := 'le petit ChAt eSt VeRt!';
CmdStr := sExecutable + ';' + sDomain + ';' + sUser + ';' + Spassword;
AddLog('creation du fichier pour ' + sExecutable + ' sous le compte ' + sDomain + '\' + sUser);
AddLog('avec le mot de passe: "' + Spassword + '" dans ' + sOutput);
Cipher := TDCP_rc4.Create(nil);
Cipher.InitStr(KeyStr, TDCP_sha1);
CmdStr := Cipher.EncryptString(CmdStr);
Cipher.Burn;
Cipher.Free;
assignfile(F, sOutput);
Rewrite(F);
Writeln(F, CmdStr);
CloseFile(F);
AddLog('Creation du fichier: ' + sOutput + ' fini.');
AddLog('Pour lancer ce programme: [crunas.exe "' + sOutput + '"]');
end;
procedure readcha();
var
A : array of string;
begin
KeyStr := 'le petit ChAt eSt VeRt!';
if FileExists(sOutput) then
begin
assignfile(F, sOutput);
Reset(F);
end
else
aide;
readln(F, CmdStr);
CloseFile(F);
Cipher := TDCP_rc4.Create(nil);
Cipher.InitStr(KeyStr, TDCP_sha1);
CmdStr := Cipher.DecryptString(CmdStr);
Cipher.Burn;
Cipher.Free;
SetLength(A, 4);
Explode(A, ';', CmdStr);
sExecutable := A[0];
sDomain := A[1];
sUser := A[2];
Spassword := A[3];
end;
procedure runas();
var
wUsername, wDomain, wPassword, wApplicationName : WideString;
pwUsername, pwDomain, pwPassword, pwApplicationName : PWideChar;
StartupInfo : TStartupInfo;
ProcessInfo : TProcessInformation;
begin
wUsername := sUser;
wDomain := sDomain;
wPassword := Spassword;
wApplicationName := sExecutable;
pwUsername := Addr(wUsername[1]);
pwDomain := Addr(wDomain[1]);
pwPassword := Addr(wPassword[1]);
pwApplicationName := Addr(wApplicationName[1]);
FillChar(StartupInfo, SizeOf(StartupInfo), 0);
StartupInfo.cb := SizeOf(StartupInfo);
try
if not CreateProcessWithLogon(pwUsername, pwDomain, pwPassword, LOGON_WITH_PROFILE,
nil, pwApplicationName, CREATE_DEFAULT_ERROR_MODE,
nil, nil, StartupInfo, ProcessInfo) then
RaiseLastOSError;
except
on E : Exception do Writeln(E.Message);
end;
end;
begin
start;
if ParamCount = 8 then
begin
if sUser = '' then aide;
if spassword = '' then aide;
if sDomain = '' then aide;
if sExecutable = '' then aide;
if sOutput = '' then aide;
makecha;
end;
if ParamCount = 1 then
begin
if sOutput = '' then aide;
readcha;
if sUser = '' then aide;
if spassword = '' then aide;
if sDomain = '' then aide;
if sExecutable = '' then aide;
runas;
end;
exit;
end. |
Partager