werkamsus / lilith Goto Github PK

do you help it is causing bi virus

https://kleenscan.com/scan_result/ca5e610f76506a97b52d58d60c4ddd66

how do you clean eset virus

:(

hi

i was looking at the files generated when we build Liltith , and i came across a file named "winlive.exe" , i am curious what is this file used for , what class is generating it , etc etc, i tried to google "winlive.exe" but it smells like a malicious file.

thanks.

this project fails when i build it, gives 108 errors

some of the errors are :

on my Windows 10 Pro X64 , Lilith Client is marked as "Trojan:Win32/Fuery.B!cl"

Hi there,

i am interested to test it on a network other than loop back (127.0.0.1) , is there a way to configure, any wiki or guideline are appreciated

thanks

Hello! Can I delete the client full?

Hello.

In the area where the CreateThread function is used, there appears to be no appropriate exception if the Return value occurs Null.

What do you think?

client.cpp:165
general.cpp:303
Server/server.cpp:37
Server/server.cpp:42
Server/server.cpp:334

Thanks.

You can use std::map<> to create mapping between command string (such as 'connect', 'remoteControl') and its handler:

void handleConnect(std::vector<std::string> params);
void handleBroadcast(std::vector<std::string> params);
void handleListClients(std::vector<std::string> params);
// ...
using LPFN_CommandHandler = void(Server::*)(std::vector<std::string> params);
std::map<std::string, LPFN_CommandHandler> handlers;

Considering that some handler may have more than one param, so use std::vector<std::string>, not std::string.

Init map:

void Server::initHandler()
{
    handlers.insert({ "connect", &Server::handleConnect });
    handlers.insert({ "broadcast", &Server::handleBroadcast });
    handlers.insert({ "listClients", &Server::handleListClients });
    // ...
}

Parse input and get command and its params.

eg:

"connect 0" => cmd: "connect", params: { '0' }

std::string parseCmd(std::string input, std::vector<std::string> &params)
{
    std::string temp;
    std::stringstream ss(input);
    while (ss >> temp)
    {
        params.push_back(temp);
    }

    std::string cmd = params.front();
    params.erase(params.begin());
    return cmd;
}

So you can reduce complexity when handle user's input

std::getline(std::cin, userinput);
std::vector<std::string> params;
std::string cmd = General::parseCmd(userinput, params);
// Find handler function
std::map<std::string, LPFN_CommandHandler>::iterator it = handlers.find(cmd);
if (it != handlers.end())
{
    (this->*it->second)(params);
}
// else ...

i am available for the web interface development(PHP) and a good god view mode.

In the function Server::recvall line 5, the code is

int RetnCheck = recv(connections[ID]->socket, data, totalbytes - bytesreceived, NULL); //Try to recv remaining bytes

,There is pass the buffer as the argv to the recv function directly, If only call the recv funciont one time, it's no problem, but when called the recv funcion twice or more, the buffer pass to the recv function will be overwrite and lost data, there should pass the buffer add the bytesreceived to the recv function, like this:

int RetnCheck = recv(connections[ID]->socket, data + bytesreceived, totalbytes - bytesreceived, NULL); //Try to recv remaining bytes

im trying to compile it but it gives me alot of errors, i used "g++ * -o server" in the server folder but server.exe disapears when its done??

hi i have been trying to get it working for Remote Access i configure my ddns hostname in setting.cpp , i forward the port in the router still it's not working, (btw i have watched your video but no luck so far) .

thanks and waiting for your kind reply

you could make a Screen monitoring fuction. it is better.

If you want to drastically lower the CPU usage of the keylogger module then I suggest using a Low Level keyboard hook. This acts like an event handler and uses exceptionally low CPU and memory consumption.

#include "stdafx.h"
#include <Windows.h>

LRESULT CALLBACK LowLevelKeyboardProc(int nCode, WPARAM wParam, LPARAM lParam)
{
    if (nCode == HC_ACTION)
    {
        switch (wParam)
        {
        case WM_SYSKEYUP:
            PKBDLLHOOKSTRUCT p = (PKBDLLHOOKSTRUCT)lParam;
            int key = (int)p->vkCode;               // Here you would need to map the virtual key to a char, this is easy to do and I have  a sample somewhere.

            // Take that char and do with it as you will. Also this allows you to modify keystrokes on the fly if you were to be interested in that. 
            // I also have sample code for that.
            break;
        }
    }
    return CallNextHookEx(NULL, nCode, wParam, lParam);
}

int main()
{
    // Install the low-level keyboard & mouse hooks
    HHOOK hhkLowLevelKybd = SetWindowsHookEx(WH_KEYBOARD_LL, LowLevelKeyboardProc, 0, 0);

    // Keep this app running until we're told to stop
    MSG msg;
    while (!GetMessage(&msg, NULL, NULL, NULL)) {    //this while loop keeps the hook
        TranslateMessage(&msg);
        DispatchMessage(&msg);
    }

    UnhookWindowsHookEx(hhkLowLevelKybd);

    return(0);
}

When executing a command. E.G. whoami i get this error.

cmdRedirect.cpp - CMD::writeCMD()

Cant seem to connect to external ip address. Is there anyway i can do this?

Hello! Please, help me! I don't now can I using Lilith execute(download file to client PC and run programm)? And how i can do it?

how do you add another ip? (for learning purpose and to mess with friends)
You can add me on discord or answer here

Discord name: BaeMeth#1651

/BaeMeth

This project has been dead for awhile, and im wondering do you now have time on ur hands to work on it again? would really look forward for it

Hello,

connection with "127.0.0.1" and my PUBLIC IP works good. But with NO-IP / DynamicDNS "example.ddns.net" it doesnt work. No connection to the server. Please look at that issue so i can use DynamicDNS because my IP changes every 24h and DynamicDNS is very important. :-)

Also the server and client are not stable at all. I cant work or do other tasks while i am running the server or client. You already mentioned that .. and i am wondering how could i solve the problem for myself

Thanks in advance

Kinds regards

I mean, if it works on Windows Server 2003, it can work on ReactOS. But I'm not sure if there are dependencies that would break the process.

I am trying to build the RAT on the debugger option but this stays as bugged, it does not get to build the code simply stays in ready

any could help me? it's my first open source too

here the pic
https://i.imgur.com/AVcxSqi.jpg

hi, i am actually very much impressed by and in Lilith that's why i have been working on it from many days

i am getting unwanted behavior and warning , i am now not even able to build it,

NOTE:

i haven't added any code to it yet i was just inspecting and trying it. i just want to make sure to work on some RAT or similar application that isn't going to end up in some antivirus detection list.

can you suggest something that can help in minimizing the suspeciuos behavior

thanks alot