SubSeven Client :
SubSeven 2.1.4 AKA DEFCON8.
The current most stable version. Basically, click on the
section you need help with; I hope everything will be understandable and clear. You need to a have a little bit experience
with s7's client because I am not going to explain every single thing. If you want to get a brief explanation about something
just MouseOver it.
SubSeven Client supports all versions of Windows. You could use it under 9x, NT, 2k or XP. If you are having problems with
XP, you have to do the following to fix some error problems.
1- Select your client executable or subseven.exe
click on it, then properties.
3- Click on Compatibility tab and check "Disable visual themes".
4- Select Run This program
compatable for Windows 98/ME.
If you want to know more about the credits, click on the subseven icon in upper left, and if you want to get the latest
news about subseven, click on read latest news. Finally, our status bar will be useful for us when we want know if the victim
is connected or not. ( idle - ready for action ) that's what it says now.
Main Menu here :
I put this section here because its very simple and short and you are supposed to know how to deal with it.
1- You have
to enter the IP address or ICQ uin to connect to a victim. If you dont know what an IP is, click here.
2- If you configured the server using editserver, you are supposed to know which port you used there.
3- Got static
IP victims ? Click on the address book to save them.
4- Finally, the part that I am going to give you more explaination
about. It will be the ip tools at the upper right near the " X ".
If you got your victim's host name or ICQ uin, you could use this tool to get the real IP. Just enter the hostname or the
uin and resolve.
Subseven 2.1.4 Defcon Edit Server
This is the utility used to customise your
servers to your own preferences. Click on the image in the area you need help with to view help. As before, in the client
section, I hope everything will be easy for you to understand.
1-Start Up Methods
Notification methods include:
- ICQ Notification
- IRC Notification
- E-Mail Notification
- Port settings
- Server password
- Protect server port and password
- IRC Bot
- Server name
- Melt server
- Enable fake error message
- Bind server
- Save new settings
- Save new copy of server with new settings
- Quit without saving
This section will show you some basic info about making your server.exe undetected and infecting
other people using server.exe
Words you need to know :
- Packer or Compressor - program used to "pack" or "compress" a file, which would decrease it
- Binary - Any file that is not a text file, this word is most commonly used to describe executables,
but jpeg files can also be described as binary.
- (Detected) String or Signature - a piece of information in a file that the AV searches for to
see if the file is a virus or not
- AV - Anti Virus software like McAfee, Norton, Kaspersky, or any other program claims to be able
to detect and clean viruses
- Vic - person you have infected, or are trying to infect, given this name cause its short for
- Uploader - Mini-Trojan that has a very small server size and can be used to download a much
bigger Trojan without the victim knowing.
How to Make a server Undetected :
1)Getting a hold of an UNCOMPRESSED copy of a server, and then yourself, compressing it its
always good to compress it yourself as to heighten the chances of it being undetected. Especially if you use a lesser known
packer, other than UPX seeing as how the UPX binary signature it leaves is very common among most servers, so the detected
string has a better chance of being better encrypted in a lesser known way with an un-popular packer. The UPX encrypted server
is no doubted in any AV's database.
2) Binding the server to another file, preferably another EXE which would make
the detected string more difficult to find with AV. Its possible to bind to a .JPG, but the result file would still need to
have .EXE extension, or any other type of executable binary file extension for example: *.com or *.scr, and there's many more
to be found by you...RESEARCH!
3) Binding the server to multiple files, which would also lessen the probability of
the detected string being found by AV by incorporating the signatures of many other files, and this can hopefully "trick"
the victim's AV.
4) Its recommended that you use an UPLOADER Trojan, because usually their server size is very very
small, and they're much easier to use when binding with other files and not have the result file be too big as to tip off
the victim of it being a virus. Its also much easier to compress these uploader servers and make them not only so much smaller,
but also undetected. good things :)
5) The next way is a very complicated method, and i wont go into it in detail here
but just to whet your thirst for the idea, I'll explain a little. You can hex edit a server, and search for the detected string
in the server and remove it. To take this idea to the next level you will need a hex editor, a SPLICER (program used to split
files into smaller multiple parts), an uncompressed server and a reference telling you what string to look for, or you can
look for it yourself. you should be able to splice the server into a bout 10-100 or more 2KB files, with these files, you
should virus scan each one of them, and find out which one sets off the AV alarm, in this file is the virus signature, and
you should match what you find inside this file with the same contents in the unspliced server. If you browse the web enough,you
should be able to find out more information for this method. Good Luck.
Methods by !happykl0wn (edited by FuX0reD) :
1) edit the server and rename
it something like: "pic.jpg_____________________.exe" (use spaces instead of _) and then send it through AIM file transfer
(not direct connect)... this method works especially well on ICQ file transfers...
Now if your server is undetected...you
should be great to go.
2) I've found that blatantly lying to people works great too... I told someone I would send
them a animation with monkeys playing guitar, but that I was really playing guitar and I made it look like the monkeys were.
When u do this you should edit the server with the icon that looks like a video camera (whatever works, you know?)...and a
error message with something like "File msdll video codec was not found"
3) Pretending to have warez on IRC can also
get your way into someone's PC. This method works good because of all the warez fuss going on about IRC these days.
these methods are included above in the Undetected section, but these can also be useful, the main one is number 2 :), and
remember, any of these can also be used against you in an effort to infect j00r ass.