1. To visit protected / private sections of the forum you must be connected with your user account. If you are not yet a member of our forum, you can create it now for free!.

User Tag List

Thread: [FASM] get IP (exe 2,50 kb)

Results 1 to 10 of 13

  1. #1
    Cyb3r5h4d0w
    Guest

    [FASM] get IP (exe 2,50 kb)

    Code:
    format PE GUI
    include '/win32a.inc'
    entry start
    
    start:
            invoke WSAStartup, 101h, wsaData 
            test    eax, eax
            jnz    .error
            invoke gethostbyname,host
            mov eax,[eax+12]
            mov eax,[eax]
            mov eax,[eax]
    
            mov  [saddr.sin_addr],eax
            mov ax,80d ; port 80
            shl ax,8
    
            mov   [saddr.sin_port],ax
            mov   [saddr.sin_family],AF_INET
    
            invoke socket, 2, 1, 6  ;SOCK_STREAM = 1;  AF_INET =  2 ;IPPROTO_TCP = 6
            cmp    eax, -1
            je    .error
            mov    [hSocket], eax
            invoke    connect, [hSocket], saddr, sockAddrSize
            cmp dword [hSocket],0
            je .error
             invoke lstrlen,anf
             invoke send, [hSocket], anf,eax , 0
             cmp dword [hSocket],0
             je .error
    
             invoke recv,[hSocket],buff,buff_len,0
             cmp dword [hSocket],0
             je .error
             invoke closesocket,[hSocket]
             invoke WSACleanup
             mov  esi, buff
             call get_header
             invoke MessageBox,0,tx,ti,0
             invoke ExitProcess,0
    
       .error:
         invoke MessageBox,0, host,0,MB_OK
        ret
    
      get_header:
       cmp dword [esi+9d],'200 '
       je next
       ret
       next:
       cmp dword [esi],0a0d0a0dh
       je _exi
       inc esi
       jmp next
       _exi:
       add esi, 4
       invoke inet_addr ,esi
       invoke lstrcat,tx,esi
       ret
    
    section 'data' import readable writeable
    
      library kernel, 'KERNEL32.DLL',\
              user,   'USER32.DLL',\
              winsock, 'wsock32.DLL'
    
      import  kernel,\
              ExitProcess,    'ExitProcess',\
              lstrcat,       'lstrcat',\
              lstrlen,       'lstrlen'
    
      import  user,\
             MessageBox,     'MessageBoxA'
    
      import  winsock,\
              WSAStartup, 'WSAStartup',\
              WSACleanup, 'WSACleanup',\
              socket,'socket',\
              connect,'connect',\
              closesocket,'closesocket',\
              send,'send',\
              recv,'recv',\
              gethostbyname,'gethostbyname',\
              inet_addr,'inet_addr'
    
    
      ti db 'Get my IP v.0.1 alpha',0
      host db 'www.whatismyip.com',0
      anf db 'GET /automation/n09230945.asp HTTP/1.0',13,10,'host: www.whatismyip.com',13,10,13,10,0
      tx db 'Your IP: ',0
    
    
      wsaData WSADATA
      saddr sockaddr_in  ; socket handle
      sockAddrSize =   $-saddr
      hSocket      dd  ?                            ; Socket handle variable
      sockAddr     dw  AF_INET                         ; sockAddr
    
      buff db 512 dup(0)
      buff_len = $-buff
  2. #2
    mjrod5's Avatar
    Senior Member
    Join Date Aug 2008
    Posts 3,052
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    0 Post(s)
    Hmm..
    Interesting..
  3. #3
    I know a lot more than you think
    Join Date Jun 2008
    Location 0x40000
    Posts 1,535
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    0 Post(s)
    Very usefull for creating a http based botnet.
  4. #4
    KriPpLer's Avatar
    Retired Admin
    Join Date Apr 2006
    Location \xeb\x06\x90\x90
    Posts 2,008
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    0 Post(s)
    Or just use the REMOTE_ADDR function in php...

    __________________________________________________ _________________
    I like pie.
  5. #5
    Shrooms's Avatar
    Senior Member
    Join Date Jan 2010
    Posts 360
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    0 Post(s)
    Or just use the REMOTE_ADDR function in php...
    Might be better to do this and host your own, as compared to relying on whatismyip.com.
    There's no telling if sites decide to change that ASP file or something, and better to be independent of that.
  6. #6
    KriPpLer's Avatar
    Retired Admin
    Join Date Apr 2006
    Location \xeb\x06\x90\x90
    Posts 2,008
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    0 Post(s)
    Yeah, especially for a web based bot net in which you manage where hosting occurs. No need for 3rd party connections if it's already on a server that can do it for you.

    __________________________________________________ _________________
    I like pie.
  7. #7
    Cyb3r5h4d0w
    Guest
    ok, here is a update !

    Code:
    format PE GUI
    include '/win32a.inc'
    entry start
    
    start:
    
            invoke WSAStartup, 101h, wsaData 
            test    eax, eax
            jnz    .error
            invoke gethostbyname,host
            mov eax,[eax+12]
            mov eax,[eax]
            mov eax,[eax]
    
            mov  [saddr.sin_addr],eax
            mov ax,80d ; port 80
            shl ax,8
    
            mov   [saddr.sin_port],ax
            mov   [saddr.sin_family],AF_INET
    
            invoke socket, 2, 1, 6  ;SOCK_STREAM = 1;  AF_INET =  2 ;IPPROTO_TCP = 6
            cmp    eax, -1
            je    .error
            mov    [hSocket], eax
            invoke    connect, [hSocket], saddr, sockAddrSize
            cmp dword [hSocket],0
            je .error
             invoke lstrlen,anf
             invoke send, [hSocket], anf,eax , 0
             cmp dword [hSocket],0
             je .error
    
             invoke recv,[hSocket],buff,buff_len,0
             cmp dword [hSocket],0
             je .error
             invoke closesocket,[hSocket]
             invoke WSACleanup
             mov  esi, buff
             call del_header
             invoke MessageBox,0,esi,ti,0
             invoke ExitProcess,0
    
       .error:
         invoke MessageBox,0, host,0,MB_OK
        ret
    
      del_header:
       cmp dword [esi+9d],'200 '
       je next
       ret
       next:
       cmp dword [esi],0a0d0a0dh
       je _exi
       inc esi
       jmp next
       _exi:
       add esi, 4
       ret
    
    section 'data' import readable writeable
    
      library kernel, 'KERNEL32.DLL',\
              user,   'USER32.DLL',\
              winsock, 'wsock32.DLL'
    
      import  kernel,\
              ExitProcess,    'ExitProcess',\
              lstrcat,       'lstrcat',\
              lstrlen,       'lstrlen'
    
      import  user,\
             MessageBox,     'MessageBoxA'
    
      import  winsock,\
              WSAStartup, 'WSAStartup',\
              WSACleanup, 'WSACleanup',\
              socket,'socket',\
              connect,'connect',\
              closesocket,'closesocket',\
              send,'send',\
              recv,'recv',\
              gethostbyname,'gethostbyname',\
              inet_addr,'inet_addr'
    
    
      ti db 'Bot-Comm v.0.1 alpha',0
      host db 'www.your-host.com',0
      anf db 'GET /update.php HTTP/1.0',13,10,\
             'host: www.your-host.com',13,10,\
             'user-agent: btu#0123456789',13,10,13,10,0
    
    
      wsaData WSADATA
      saddr sockaddr_in  ; socket handle
      sockAddrSize =   $-saddr
      hSocket      dd  ?                            ; Socket handle variable
      sockAddr     dw  AF_INET                         ; sockAddr
    
      buff db 512 dup(0)
      buff_len = $-buff
    and the update.php

    [PHP]
    <?php
    $crlf = chr(13).chr(10);

    $ua = $_SERVER['HTTP_USER_AGENT'];
    $ip = $_SERVER['REMOTE_ADDR'];
    $hn = gethostbyaddr($ip);
    $isp = substr($hn,strpos($hn,'.')+1,strlen($hn));

    if (substr($ua,0,4) == "btu#")
    {
    echo "IP: $ip".$crlf;
    echo "Long-IP: ".ip2long($ip).$crlf;
    echo "Hostname: $hn".$crlf;
    echo "ISP: $isp ".$crlf;
    echo "User-Agent: $ua".$crlf;

    echo $crlf."Bot-Node-List:".$crlf;

    for($i=0;$i<6;$i++)
    {
    echo long2ip(rand(0000000000,9999999999)).':'.rand(77,6 5000).'|';
    }

    }
    else
    {
    echo "-err no bot, no update !";
    }
    ?>
    [/PHP]
  8. #8
    Pernat1y's Avatar
    Senior Member
    Join Date Dec 2007
    Location Internets
    Posts 2,004
    Like (Stats)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    11 Post(s)
    2kb compiled
    get external IP from http://www.whatismyip.org/
    but also you can use own script, like this:
    [PHP]<?php
    echo($_SERVER['REMOTE_ADDR']);
    ?>[/PHP]

    Code:
    format PE GUI 4.0 
    entry start 
    
    include '../include/win32a.inc'
    
    b equ byte 
    section '.code' code readable executable 
    
    start: 
      invoke  InternetOpen,szAgent,0,0,0,0 
            test    eax,eax 
         jz      error1 
          mov     [InternetHandle],eax 
             
        invoke  InternetOpenUrl,eax,szURL,0,0,0,0 
       test    eax,eax 
         jz      error2 
          mov     [FileHandle],eax 
        invoke  InternetReadFile,eax,FileBuffer,16,BytesRead 
          test    eax,eax 
         jz      error3 
          mov     eax,[BytesRead] 
         mov     b[FileBuffer+eax],0 
     invoke  MessageBox,0,FileBuffer,'',0
    error3: 
        invoke  InternetCloseHandle,[FileHandle] 
    error2: 
         invoke  InternetCloseHandle,[InternetHandle] 
    error1: 
     invoke  ExitProcess,0 
    
    
    section '.data' data readable writeable 
    
    szAgent               db 'useragent',0 
    szURL           db 'http://www.whatismyip.org/',0
    szHeader db 'Host: q',0
    
    InternetHandle dd ? 
    FileHandle      dd ? 
    BytesRead       dd ? 
    FileBuffer      rb 1024 
    
    section '.idata' import data readable writeable 
    
    library kernel32,'KERNEL32.DLL',\ 
            wininet,'WININET.DLL',\ 
      user32,'USER32.DLL' 
    
    import     kernel32,\ 
     ExitProcess,'ExitProcess' 
    
    import       user32,\ 
       MessageBox,'MessageBoxA' 
    
    import        wininet,\ 
      InternetOpen,'InternetOpenA',\ 
       InternetReadFile,'InternetReadFile',\ 
        InternetOpenUrl,'InternetOpenUrlA',\ 
         InternetCloseHandle,'InternetCloseHandle'
    PMs about malware = instant trip to ignore list.
  9. #9
    Cyb3r5h4d0w
    Guest
    1,5 kb compiled !

    Code:
    format PE GUI
    entry start 
    b equ byte
    include '../include/win32a.inc'
    
    start: 
      invoke  InternetOpen,szAgent,0,0,0,0 
      test    eax,eax
      jz      exi
      mov     [InternetHandle],eax
             
      invoke  InternetOpenUrl,eax,szURL,0,0,0,0
      test    eax,eax
      jz      exi
      mov     [FileHandle],eax
      invoke  InternetReadFile,eax,FileBuffer,fbs,BytesRead
      test    eax,eax
      jz      exi
      mov     eax,[BytesRead]
    
      invoke  MessageBox,0,FileBuffer,ti,0
    
    exi:
      invoke  InternetCloseHandle,[FileHandle]
      invoke  InternetCloseHandle,[InternetHandle]
      invoke  ExitProcess,0
    
    
    
    section '' import data readable writeable
    
    library kernel32,'KERNEL32.DLL',\ 
            wininet,'WININET.DLL',\ 
            user32,'USER32.DLL'
    
    import     kernel32,\ 
     ExitProcess,'ExitProcess' 
    
    import     user32,\
      MessageBox,'MessageBoxA'
    
    import     wininet,\
      InternetOpen,'InternetOpenA',\ 
      InternetReadFile,'InternetReadFile',\
      InternetOpenUrl,'InternetOpenUrlA',\
      InternetCloseHandle,'InternetCloseHandle'
    
    szAgent db 'btu#123456',0
    ;szURL   db 'http://www.whatismyip.org/',0
    szURL    db 'http://www.your-host.com/update.php',0
    ti          db 'Cyb3r5h4d0w',0  
    
    InternetHandle dd ?
    FileHandle      dd ? 
    BytesRead       dd ? 
    FileBuffer      rb 2048
    fbs = $-FileBuffer
  10. #10
    Pernat1y's Avatar
    Senior Member
    Join Date Dec 2007
    Location Internets
    Posts 2,004
    Like (Stats)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    11 Post(s)
    1.0 kb compiled

    Code:
    format PE GUI
    entry start 
    include 'include/win32a.inc'
    
    section '.code' code import writeable readable executable
    
    library wininet,'WININET.DLL',\
            user32,'USER32.DLL',\
            kernel32,'KERNEL32.DLL'
    
    import kernel32,\
           ExitProcess,'ExitProcess'
    
    import     user32,\
      MessageBox,'MessageBoxA'
    
    import     wininet,\
      InternetOpen,'InternetOpenA',\ 
      InternetReadFile,'InternetReadFile',\
      InternetOpenUrl,'InternetOpenUrlA',\
      InternetCloseHandle,'InternetCloseHandle'
    
    start: 
      invoke  InternetOpen,0,0,0,0,0
      mov     [InternetHandle],eax
      invoke  InternetOpenUrl,eax,szURL,0,0,0,0
      mov     [FileHandle],eax
      invoke  InternetReadFile,eax,FileBuffer,15,BytesRead
      mov     eax,[BytesRead]
      invoke  MessageBox,0,FileBuffer,0,0
    
    exi:
      invoke  InternetCloseHandle,[FileHandle]
      invoke  InternetCloseHandle,[InternetHandle]
      invoke ExitProcess,0 
    
    szURL   db 'http://www.whatismyip.org/',0
    
    InternetHandle dd ?
    FileHandle      dd ? 
    BytesRead       dd ? 
    FileBuffer      dd 15
    PMs about malware = instant trip to ignore list.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [FASM] Spambot
    By Pernat1y in forum ASM
    Replies: 29
    Last Post: 22-12-2010, 08:08
  2. [FASM] fasm.dll v1.67.38
    By XDa in forum ASM
    Replies: 7
    Last Post: 16-12-2010, 15:11
  3. [FASM]Get Name of Self
    By mjrod5 in forum ASM
    Replies: 6
    Last Post: 06-04-2010, 21:30
  4. [FASM] get WinVer by PEB
    By Cyb3r5h4d0w in forum ASM
    Replies: 1
    Last Post: 06-04-2010, 02:35
  5. fasm question
    By jannyboy in forum General Programming Help
    Replies: 2
    Last Post: 11-03-2010, 15:20

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts