This is Google's cache of https://nifgk5szbodg7qbo.onion.lu/viewtopic.php?f=85&t=2914. It is a snapshot of the page as it appeared on Jan 3, 2014 08:04:28 GMT. The current page could have changed in the meantime. Learn more
Tip: To quickly find your search term on this page, press Ctrl+F or ⌘-F (Mac) and use the find bar.

Text-only version
 
TCF • View topic - Spreading Your Rats/Trojans/bots

Spreading Your Rats/Trojans/bots

Botnets & RATs Tutorials

Moderator: Moderators

Spreading Your Rats/Trojans/bots

Postby Bigmeesh » Mon Sep 30, 2013 12:25 am

How to spread your Rat/Bot/Trojan

Hello TCF, I just wanted to share with you guys a couple of ways that I have found out how to spread my Trojan and this method can also work for Bots/Rats.

#1- Social Network Spreading Part 1

You can spread your bot/rat/Trojan by using social networking. I use Facebook and Tagged.

Steps

1. You need a very good crypt with low dependency and 100%FUD. I would recommend Dark eye crypter or Agis Crypter. Dark eye crypter can be purchased from dark eye on HF and Aegis crypter with unique private stub can be purchased from heyHoLetsGo on BMR. Crypt your Rat/Trojan/bot.
Agis Crypter(crypting 1).png

Agis Crypter(crypting 2).png



2. After you have crypted your Trojan/bot/Rat, then you need to bind it with a sexy picture ( you can buy a E-whoring pack, with tons of female pics of the same person from Fake on BMR)
Agis Crypter(Binding 1).png

Agis Crypter(Binding 2).png


3. After you have binded the two files it becomes one, now you need to change the icon of the binded file (so it looks a lot more convincing) You need to download what is called a icon changer. There are tons of them that are free and will work.
fileicon.jpg

file icon 2.jpg

File Icon Changer 3 .png




4. After you have changed the Icon you can Spoof the extension so that they wont recognize it is an .exe file.
Agis Crypter(Spoofing 1).png

Agis Crypter(Spoofing 2).png



Now you are ready to spread your Trojan/rat/bot, via Facebook or tagged. Open up both sites and create a new account. Use the pictures from the E-whoring pack you purchased and save them to your profile, add one as your profile picture and use a girl name and a young age (18+) when creating your profile. Do the same with tagged. Now just add friends (you probably don't have to add any if your pics are hot).
Start talking to them and ask them for there e-mail so you can send them sexy pictures, when they give you you upload your crypted Trojan and send it to them. This works but is time consuming.


#2-Social Network Spreading Part 2

Steps

1. Create a drop box account(it's free) at dropbox[dot]com. Then upload your crypted Trojan to drop box and rename the file as webcam.exe.
Dropbox.png


2. Now click the link icon and get the link. The link is what is highlighted in the picture.
Dropbox2.png



Now this is a secret am going to share with you about dropbox. The link that you have is only going to show your potential slaves the .exe, but it wont download it. So you need to force the link to automatically download the file when potential slaves visit the link. To do this we need add a few modifications to the link. The link is like this now: https://www.dropbox.com/s/qeluvuxcn4iq546/WebCam.exe, we have to change it to this: https://dl.dropboxusercontent.com/s/qeluvuxcn4iq546/WebCam.exe?dl=1.
So e have our direct download link, so now we post it. Go to Facebook.com and tagged.com and sign in. Now post something catchy and add your direct download link(make sure its catchy like: Please support me modeling by watching me on webcam)
Optimized-Facebook spreading 1.jpg

Facebook spreading 2.png

Tagged spreading.png



#3 - P2P spreading

Steps

1. First we need to download Utorrent. Then we open Utorrent and go to file create torrent.
P2P spreading first.png


2. Upload your crypted Trojan where it says select source. Then click create.
P2P spreading first middle.png


3. After we click create it's going to ask us what/where do we want to save it. Save it as a popular video game or as a popular movie that is at the theater. Save it to your desktop.
P2P spreading Middle.png


4. When finished it should look like this:
P2P spreading last.png



Now go to Google and type in best torrent sites. Sign up on those sites and upload your torrent. Sit back and view your C&C and view the slaves piling in.


#3 - YouTube spreading

Steps

1. Download a legit video from YouTube( something like free bitcoin generator) using http://www.keepvid.com.

2. Sign up for an account on YouTube and upload a video, put the same description as in the original video but change the download link to your direct download link.
People will be foolish and download it and they get infected.




#4 -Omeagle Spreading

Steps


1. Download Omeagle Spreader from: http://www.hackforums.net/showthread.php?tid=2435973&highlight=omegle+spreader. Please leave a thank you to the creator who is hosting the download.
Omeagle spreader.png


2. Fire up the Omeagle spreader and in the settings, click add text. Add any text but make sure to add your direct download link as well.
Omeagle spreader 2.png



3. Start the Omeagle spreader by clicking start in the settings tab and when the pop up says hide browser while working, click yes. This program is very good because it shows how many people talked to and how many times your direct download link was spread.
Omeagle spreader 3.png

Omeagle spreader 4.png

Omeagle spreader 5.png






#4 -Buying Loads

Steps

1. You can buy loads from a vendor on HF named redbull, I purchased from him as well. He sold me 500 loads for $50. If you dont know what loads are then read here:https://nifgk5szbodg7qbo.onion.lu/viewtopic.php?f=80&t=2743&p=10700&hilit=loads#p10700


#5 -Exploit paks

Steps

1. You can rent a exploit pak from HF, the prices are $20 for one day with a traffic limit of 10,000. You can rent 1 week for $100 with a traffic limit of 50,000. You can also rent an exploit pak for $300 for one month. You can buy an exploit pak from the original creators for $3000 but there website closed registration for English speakers. I was told that it inst worth it to buy an exploit pack because the exploits are all java script and you can get the same exploits on metasploit framework , which is true-- thanks for that Orochi. If you dont know what exploit paks are then you need to read this:http://blog.zeltser.com/post/1410922437/what-are-exploit-kits


#5 -Java Silent Drive By

Steps

1. Java silent drive by is where a website (usually your own) is infested with malware, and the victim visits your webpage and your execution(Trojan/rat/bot) is immediately downloaded, with out the victim knowing. There is also java drive by, which is similar but you see a java notification pop-up say "java needs a plugin in order to run this website" and there is an option that say get plugging, once clicked then your execution will be downloaded immediately.

2. You can have a custom built java drive by from Foxxy Java on HF( I purchased from them) its $20 for a regular java drive by and $70 for a silent java drive by, they also provide free hosting and domains.


Just a comment about the "Silent Java Drive by" - This actually means exploitation of bugs in various Java versions. You should find out what is being exploited. Java 6 all revisions had a few good ones recently, and they won't be patched because Oracle are no longer supporting it. Under normal operation, Java will always pop the box.-- by: edc




Thank you all for your time and for reading this. It took me 3hours. Please share your comments about this picture tutorial.
You do not have the required permissions to view the files attached to this post.
Last edited by Bigmeesh on Tue Oct 01, 2013 4:18 pm, edited 1 time in total.
True wealth comes from knowledge, and true knowledge comes from research, the wages of fraud is equivalent to money by the power of 10
Contact info + PGP Public Key
Bigmeesh

User avatar
V.I.P
V.I.P
 
Posts: 596
Joined: Sun Aug 18, 2013 1:03 am

Re: Spreading Your Rats/Trojans/bots

Postby edc » Tue Oct 01, 2013 11:15 am

Just a comment about the "Silent Java Drive by" - This actually means exploitation of bugs in various Java versions. You should find out what is being exploited. Java 6 all revisions had a few good ones recently, and they won't be patched because Oracle are no longer supporting it.

Under normal operation, Java will always pop the box.
edc

Vouched Member
Vouched Member
 
Posts: 352
Joined: Mon Sep 09, 2013 10:22 am

Re: Spreading Your Rats/Trojans/bots

Postby Bigmeesh » Tue Oct 01, 2013 1:55 pm

Thanks edc, can i add that to my original post?
True wealth comes from knowledge, and true knowledge comes from research, the wages of fraud is equivalent to money by the power of 10
Contact info + PGP Public Key
Bigmeesh

User avatar
V.I.P
V.I.P
 
Posts: 596
Joined: Sun Aug 18, 2013 1:03 am

Re: Spreading Your Rats/Trojans/bots

Postby edc » Tue Oct 01, 2013 3:19 pm

Yes of course.
edc

Vouched Member
Vouched Member
 
Posts: 352
Joined: Mon Sep 09, 2013 10:22 am

Re: Spreading Your Rats/Trojans/bots

Postby Janus » Mon Oct 07, 2013 3:10 am

Thanks for this tutorial, spreading can be a pain in the ass sometimes.
Janus

Unvouched
 
Posts: 1
Joined: Mon Oct 07, 2013 2:12 am

Re: Spreading Your Rats/Trojans/bots

Postby j4ck0f4lltrad3s » Sat Oct 19, 2013 1:38 am

Great tutorial for people looking into getting into spreading. Thanks! :D
I deal with hacking and malware. PM me if you need/want help in one or both of these areas.
Personal Goal(s): Get dat VIP status
Wanting to learn about carding online. PM me if you can provide ANY tips.
j4ck0f4lltrad3s

User avatar
Vouched Member
Vouched Member
 
Posts: 55
Joined: Thu Feb 14, 2013 4:03 pm
Location: In your bandwidth pipes...

Re: Spreading Your Rats/Trojans/bots

Postby kaledoor » Sat Oct 19, 2013 6:00 pm

very thanks man
kaledoor

Unvouched
 
Posts: 1
Joined: Fri Oct 18, 2013 8:12 pm

Re: Spreading Your Rats/Trojans/bots

Postby edc » Mon Oct 21, 2013 10:32 pm

Here you can see a live agent acting all innocent about the most newbie things possible - within 2 weeks, he is trying to act like an authority about bank transfers, when he has never done a single one in his life. Bigmeesh is either a child, mentally challenged, or the police. Either way - not very good is it.
edc

Vouched Member
Vouched Member
 
Posts: 352
Joined: Mon Sep 09, 2013 10:22 am

Re: Spreading Your Rats/Trojans/bots

Postby Bigmeesh » Mon Oct 21, 2013 11:44 pm

edc wrote:Here you can see a live agent acting all innocent about the most newbie things possible - within 2 weeks, he is trying to act like an authority about bank transfers, when he has never done a single one in his life.



Where is your contribution to the community? Unlike you am not retarded so I learn fast, I research things I do not know i do not LIE! like you do.


edc wrote:Bigmeesh is either a child, mentally challenged, or the police. Either way - not very good is it.


Child? nope, you will never know though.
Mentally challenged? nope, with a IQ of 131 (did the real test not the online one)
Police? nope, Although am getting to think you are.


P.S- Make a positive contribution to TCF and you can talk to me, all info given is accurate not made up.
True wealth comes from knowledge, and true knowledge comes from research, the wages of fraud is equivalent to money by the power of 10
Contact info + PGP Public Key
Bigmeesh

User avatar
V.I.P
V.I.P
 
Posts: 596
Joined: Sun Aug 18, 2013 1:03 am

Re: Spreading Your Rats/Trojans/bots

Postby tituspullo » Thu Oct 24, 2013 12:23 am

thanks for your tut
Dreamer
tituspullo

User avatar
Vouched Member
Vouched Member
 
Posts: 113
Joined: Fri May 31, 2013 1:11 pm
Location: TCF
Torchat: lwhdn4ajyp7g65ov

Next

Return to Tutorials

Who is online

Users browsing this forum: Google [Bot] and 0 guests