PDA

View Full Version : purely ProRat



average_joe
08-18-2006, 07:44 AM
ok it seems that ther are many people in this forum hu, like me, are new 2 trojans ect but are pretty interseted and want to learn more, hopefully we can all add replies n ideas of ways of gettin better at this game.

firstly, after researching trojan programs i found that majority of people think prorat is the better trojan to use, so i got *.* pe and started creating servers.

after creating the server i uploaded it and spread the word about the link in chatrooms ect, i got a few bites and had a bit of fun on a few ppls pcs but recently the amount of bites seemed to die down, although the file was still being downloaded quite a bit.

I thought the server must either be getting stopped by antiviruses or was failing to get past routers so i looked for ways to get round this.

firstly i researched how to get past norton & other av's... found a way to create a file for which to bind my server with to make it undetectable to most avs. this chap said basically if you turn off ur av (otherwise it will pick it up) and paste this 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' (without apostrophe) into notepad and save the file as eicar.exe, then bind that exe with your server - it will make it undetectable... after trying this it failed, my av managed 2 pick up my server.

next i looked for a way to change the icon & extension to make it less obvious it was a trojan, i heard that by dropping the server into a wordpad document, you could change package properties, changing the icon and the filename, making the server look like say a .jpg file, this failed because after changin the file extension, it simply took away the exe properties and it was no longer a server.

last i heard i could download a patchfor prorat *.* pe to make it *.* se (special edition), i got the patch and cracked prorat to make it special edition, this allowed me to make reverse connection servers which could get past routers. as a noob, i str***led to follow loads of jargon about using no-ip.com to make a reverse connection server, in the end i made one and have posted it about the web, still not even sure if reverse connective is working, dunno wether the trojans gettin past routers or not?

if anyone has any comments on the above or any other means to better prorat trojans, feel free to post, also if anyone wants more details, such as links, files ect, on the things i tried so they can attempt it themselves, post away. Any pros got and pointers as to this kinda game... i'd love to learn so hit me, help a noob out!

Also if you wanna email or talk on msn im at ellis_*0@hotmail.com, jus lemme no ur from this forum.

cheers all...

Ezekiel
08-19-2006, 04:01 AM
You can use Resource Hacker to change the file icon (and other details) to whatever you want - download it here:

http://www.angusj.com/resourcehacker/

average_joe
08-21-2006, 01:13 PM
thanks for reply mike,i took a look at that programme u s***ested, didnt really follow much of the help content. Can i use that to change extension without affecting the... executableness of it, hahaha in other words could i change it from .exe to .jpg but still open it as an .exe??? is that even possible?

p.s. forgive the lack of computer terminology - im purely a noob

Ezekiel
08-21-2006, 05:28 PM
thanks for reply mike,i took a look at that programme u s***ested, didnt really follow much of the help content. Can i use that to change extension without affecting the... executableness of it, hahaha in other words could i change it from .exe to .jpg but still open it as an .exe??? is that even possible?

p.s. forgive the lack of computer terminology - im purely a noob

No, windows computers only execute files with executable extensions; which include .exe, .pif, .scr, .com, and more.

If it doesn't have such an extension, the computer will not run it. For example, if you name the file .jpg, the computer will try to open it as if it's an image, not execute it, and give the user an error. Nothing can make windows computers run code apart from giving files the correct extensions, unless you use some form of exploit.

As for Resource Hacker - I believe it can help you with changing the file icon, and many other details. The problems of file extensions and antivirus detection are up to you to solve.

Halla
08-22-2006, 03:47 PM
the wordpad trick works fine with the exception of the windows "open file security warning"

in wordpad:
insert object, right click on embedded object, package object, edit package and then change the label to .jpg or whatever. It will then show as a .jpg but still actually be an executable and will execute on a double click (I just tested it).

Now to change the icon, again, right click on the object, package object, edit package, insert icon, then choose the icon you desire.

done.
the issues are:
A. getting someone to click on that icon.
(this can be done simply by making it look like a screenshot or something and adding "click to enlarge" or something similar under it and hoping.

B. getting that same person to ok the security warning.

so, yeah. good luck with that.

average_joe
08-29-2006, 06:38 AM
hi there,

i tried the wordpad trick which you described, i'm sure i did the same as you with my server but when i changed the extension to .jpg, it opoened the file as a .jpg with no image to show (just a small cross in the center of the page) and the .exe file didn't appear to run.

The .exe was actually my prorat server, i tried to infect myself then when i went to remove local server it said i wasn't infected so the server which i changed to .jpg appeared not to have run as a .exe.

Another query i have is that you mentioned the security warning which i didn't get.

Are you positive it works and have you got any ideas as to why the .exe won't run for me?

Cheers