- SubSeven 2.1.3 -
Client : subseven_client.zip
Server + ServerEditor : subseven_server.zip
Howto Remove the server:
* Goto : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run or RunServices
* Delete Key : WinLoader = '[can be anything]'.
* Remeber WinLoader Value!
* reboot the system.
* Delete file : Delete the exe in Winloader Value
This trojan can also be installed otherwise, but this is the default way.
Well first of all,
-What is Port redirect?
To put it in very simple words, it allows you to use common internet services(irc,http,ftp..)
through someone's pc/ip. Just like a proxy(http,socks,ftp....).
The concept is quite simple, a port is listening on the VICTIM (e.g 6667), when a connection is
made to that port it automatically redirects to the OUTPUT PORT/IP(e.g. irc.dal.net:7000).You define the "Input port", "Output port" and "Output IP" when you enable "Port Redirect" through "Add port" in the Subseven Client.
Lets says your VICTIM is "A" and DALNET is "B". What happens is that
Port Redirect opens a port on "A", when a connection is made on that particular port it redirects
the CONNECTION to "B". Therefore "B" (Dalnet) thinks its "A" thats connecting ....though its
you that is connected.
Port Redirect has many benefits. You could use it to EVADE KLINES/GLINES on IRC, just to be anonymous, just for the heck of it or you're paranoid?? :P
If u want to use Port redirect for IRC (e.g. Dalnet)
You can put any port as the INPUT PORT.
This port will be listening on the VICTIM, e.g u can use 6667.
Using 6667 has an advantage which I will discuss a little later in this text.
This has to be the address(host or IP) of the IRC server.
For Dalnet u would use irc.dal.net(220.127.116.11) or even the direct address of any Dalnet server like stlouis.dal.net, liberty.dal.net ....and so on. You can either put the hostname
or the IP.
The output port depends on the service or in the case of IRC ..the server type(dalnet,undernet,efnet etc).
For Dalnet you should use 7000 as the output port. You can check this in your IRC client.
For undernet you should use 6667.Port 6667 is the Default for most IRC servers.
After you have done all this, CLICK on "Refresh list" from the "Port Redirect" page in Subseven client to make sure you have ENABLED port redirect correctly. You should see the port(s) you just added in the "Redirected Ports" list.
In your IRC CLIENT(e.g mirc) type this
/server 18.104.22.168 (where 22.214.171.124 is the IP of your VICTIM)
If u set the "INPUT PORT" other than 6667 then type this
/server 126.96.36.199:6669 (where 6669 is the "INPUT PORT" u chose)
After you have done this ..you will see that it connects you to Dalnet...that was simple right??
DONT ASK...the DALNET ircops how UNCA HELL made good use of Port Redirect!! `;)
IN A NUTSHELL:
Input port: 6667
Output host/IP: irc.dal.net
Output port: 7000
Usage in Irc Client: /server 188.8.131.52 (replace 184.108.40.206 with the VIctim's IP)
If you want to use "Port Redirect" for HTTP (browsing)
Any port u like. You can use 80(default HTTP port).
BUT using port 80 has an advantage and a disadvantage. Advantage is that u can simply put the IP
of the VICTIM in you browser and it REDIRECTS you to www.antionline.com
The disadvantage is that since a lot of lamers scan for well knows services(on port 21,80 etc..)
so this might cause a lot of problems to the victim and as a result he might notice something is wrong :).For those of you that are very new to all this I recommend 80.Otherwise use 81(or whatever)
80 should be used for most webservers.
Open your browser, put the IP of your victim like this:
http://220.127.116.11:81 (where 81 is the "INPUT PORT" u chose).
IN A NUTSHELL:
Input port: 81
Output host/IP: www.antionline.com (Replace with the URL of the site to reditect)
Output port: 80
Usage in browser: http://0.0.0.0:81 (Replace 0.0.0.0 with the Victim's IP)
You can use PORT REDIRECT for Telnet, Ftp, Http, Nntp, IRC etc ....
But it is recommended to use VICTIMS with fast connections(ISDN,cable etc..) for this and
for all those of you that read this and say ..."I knew this already"...WELL THIS ISNT MEANT FOR U SO ....... 2+2
Firstly one your IRC bot joins your IRC channel you have to
identify to it so that it accepts commands from you.
When you set up the bot you would have set a prefix most
probably. At default it is just @ but lets say we selected hell@
then all our commands would be prefixed with hell@. OK now we identify
to the bot and to do this we send hell@login password if the password
set for bot login was firez then we would send this hell@login firez
Take note of spaces or the commands will not work properly.
It is strongly suggested that you send all commands to the bot in
/query botnick (prvmsg mode) rather than in open chan where someone
will see your bot login password and prefix.
login password - the bot will verify acceptance of password
help - displays the help menu
newpass password - sets a new login password
join #channelname key - bot joins designated channel
cycle #chan - It will cycle the chan you told it to cycle. If you do not specify
a chan it will cycle the current chan.
op #chan nickname - gives operator status to the specified nick in the specified chan.
deop #chan nickname - removes operator status
quit quitmsg - quits and displays leaving msg
nick newnickname - changes bot nickname
raw rawcommand - allows you to enter a raw irc server command
prefix newprefix - allows you to set a new command prefix
ban #chan nickname - bans specified user
unban #chan nickname - unbans specified user
say #chan/nickname texttosay - says text in channel
info - will report the current server settings
kick #chan nick - will kick the specified user
reroute #chan/nickname #chan/nickname - this will reroute everything said from first entry
to the second entry.
reroute<> #chan/nickname #chan/nickname - will reroute both ways
rroff - cancels reroute NB if you send reroute command again it overrides first reroute command.
Commands for operating the bot on a remote server.
spy_login #server port - ie spy_login irc.dal.net 7000 would log bot also onto dalnet.
spy_nick newnickname - nickname on remote server
spy_join #chan key - remote chan to join
spy_quit - quits remote server but do not specify a reason
spy_start #chan/nickname #chan/nickname - the first parameter is on the remote server and
the second parameter ir on the local server.
spy_start<> #chan/nickname #chan/nickname - the first parameter is on the remote server and
the second parameter ir on the local server. This links the chans and sends text both ways.
Note not only can you see what is said on a distand server but they can see what you say on the
local server. Do not use this if you wish to exercise stealth.
spy_stop - stops spy mode