Saturday, February 26, 2011

ProRat Tutorial v1.9 (Create Trojan)


*Necr0tox1n's Prorat V1.9Fix2 Tutorial


First thing's first, you'll need a clean copy of Prorat V1.9 here is a link where you can get it from.

http://www.megaupload.com/?d=QNR1BZ3G

This file includes:

ProRat V1.9
The english help file
Skin packs 1-5
The skin builder

pass: netcrew

password for prorat v1.9: pro


Now you have the necessary files, let's start with the tutorial. Extract ProRat V1.9 and run the ProRat application. We'll start with a ProRat server. Click create near the bottom and a small context menu will come up, for now let's just make a ProRat server, we'll cover the other types later.

The ProRat server is the server the rat communicates with, all the fun trojany things :P

The setup is pretty simple we'll start with the notifications area.

Pro connective notification-
this is basically the SIN notification. Where it asks for you ip address just click on the little red half-circle on the side and it will locate your external ip address for you.

Mail notification-
self explanitory, the server will send you an email to tell you the victim has been infected.

ICQ pager-
If you use ICQ you can be notified of infections via that, put in your UIN and when a victim is infected you will be informed via ICQ

CGI-
This connects to a web cgi page and uploads the information when a victim is infected

Choose whichever you like, I usually use email and SIN (Pro connective.)

Ok let's move on to the general settings now.

Server Port-
the port you run your server off of (default 5110) For the most part you don't want to use the default port

Server password-
Pick a password insure only you have access

Victim name-
nothing very important, just so you can send separate people separate servers and be able to identify each, use whatever you want here

Give a fake error message-
when the server is run it displays an error message. You can edit what it says by clicking configure after checking the box.

Melt server-
After the server is installed the server installer is deleted if checked

Kill AV/Firewall-
when the server is run it kills the Anti-virus and Firewall processes to hinder detection if checked

Disable win Xp SP 2..... -
This kills the windows firewall upon execution if checked

Clear windows xp restore points-
This will delete all system restore points to avoid repairing the infected computer if checked

Don't send LAN notifications-
this disables notifications if someone within your network is infected, notifications still work from outside connections just not on LAN if checked

Invisibility-
All three of these settings help to hide the server from the user. I'm not going to explain them, I'll just tell you to leave them all checked

Bind with file-
Allow you to choose a file to bind the server to (this helps prevent detection)

Server extensions-
Pick the extension type that you want

Server icon-
Pick an icon


So you've set all of your settings, now click on create server in the bottom right corner and wait a few moments while the program builds the server. Go find some suckas that will run it and give them the file.

Now back at the main window of ProRat we're going to click on the little check-box next to the R on the bar up top. This step is unnecessary if you didn't use the pro connective notification. This listens for the SIN notifications

Put in the IP address of your victim and the port the server runs on and click connect, you'll be prompted for your password.

Now instead of walking you through this, this is the fun part, playing with your toys, I'll tell you what not to try if you are doing the testing on your own PC

CHAT-
Do not attempt this unless you are prepared for a reboot or you are testing with a server on one computer and the client on another.

FUNNY STUFF-
Avoid close monitor because you won't be able to see what you are doing.

Same with open screensaver

ok these ar the informations about the other server types

Downloader server-
(copy pasted from prorat, sorry I'm really tired)


Downloader server's aim is to infect the victim in an easy way. ProRat server is 350 kb but Downloader server is just only 2kb. It is easier to send to your victim.
Downloader server's job is to download and run the real server on the target PC. It downloads the real server in a fast way and executes the file without asking any questions to your victim. When Downloader server is binded with a file, the files size won't be too much big so your victim will not get suspicious with the size of the file.
If you want to use Downloader server you must have a web hosting and you can also use a free hosting. After this you must create a normal server and put it into your web hosting area.
Lets say :
You have a signed a free area from http://www.tripod.lycos.co.uk/signup/signup.phtml and you got a web hosting like this "http://members.lycos.co.uk/yourarea/" and upload your server that you created with ProRat client to this area.
After you uploaded you server your server address will look like "http://members.lycos.co.uk/yourarea/server.exe" Now the only thing you must do is create a Downloader server.
CREATING DOWNLOADER SERVER :
To create a Downloader server you must click on "'Create" button first. A popup screen menu will appear. Click on "Create Downloader Server" Button and get into the Create Downloader server menu..
When you type the URL on the Downloader server menu it will save it automatically so when you want to cerate another Downloader server it will help you for saving time.
You have to follow this way:
1-URL :
In the Downloader server menu you have to type the URL for the download process that will be done on the target PC. For example: "http://members.lycos.co.uk/yourarea/server.exe"

2-Bind With a File :
You can bind your server\downloader server with a file that you want. You must click on the "Bind the server with a file" button and then the file button will be activated. You can choose a file to be binded with the server now. The extension is not so important you can see the size of binded server in the ''Server Size'' part.

3-Server Extension :
You can choose the extension of Server\Downloader server that you will create. ProRat server supports 5 extensions. You can use these extensions for server: *.exe - *.scr - *.pif - *.com -*.bat
But 2 of them support icons. Other ones don't supports windows icon service. *.exe and *.scr has got icon support so you can choose icon for this extensions.

4-Server Icon :
If you choose a extension that has got an icon support. You can select the one you want to use with the server from the small pictures on the menu, but don't forget icons will make the server size a little bigger then the normal size.
If you want to use these icons click on the ''server icon'' section and select the ''Server icon'' box. Choose one of them and your server will use this icon after created.

If you have done all the settings, you can create Downloader server. Now You only have to Click on "Create Server" button.
After you have created your Downloader server you can change its name. It will automatically download the real server and run it on the target PC with invisibility.
Downloader server will restart it self until it downloads the real server on target PC.
Warning: If the target PC gets disconnected while the Downloader server is downloading the real server from the web host, the downloading process will not resume from the last percentage it will just only restart to download the real server again and If you want a function like resuming the download from a 2kb program you wont behaving fairly against PRO GROUP.


Create CGI victim List
(copy pasted once again)


What is a Victim List? :
Victim list is a system that will let you view the information sent from the server just like the email and icq notifications. The information sent to your CGI list contains your victims IP address, Port number, password etc... that gives you victims all details for connection.
Creating Victim List :
This is one of the biggest differences between other Trojans CGI notifications. ProRat has got the best CGI victim list creator on its own client. You can adjust everything you want when you are creating your victim list. You don't have to loose time in configuring the victim list codes like the other CGI victim lists, and you can choose which language you want to use in CGI victim list.
If you want to create your victim list you must click on the create button and a popup menu will appear, click on create CGI victim list button and you will see 4 boxes and a create cgi files button. The features of the boxes are listed below: :
Victim List Password :
If you want your list protected with a password you must write which password you want to use in the blank box.
CGI Script Name :
You can choose the script name that doesn't contain Turkish characters. If you want to change the name of the cgi list after you created your CGI Victim list will not work. You must change the name when you are creating the file. Default name of your cgi file will be prorat.cgi and it will be the best solution for this problem.
CGI script Data :
You can choose the script name that doesn't contain Turkish characters. If you want to change the name of the dat extension file after you have created it will not work. You must change the name when you are creating your file. Default name for your script data file is log.dat and it's the best solution for this problem. This scripts will save the logs coming from server.
Max Number for List :
This menu will let you view the number of victims in your list. Default number is 100. You can choose every number for this blank but if you choose a number like 10000 explorer will work slow.
After you setup these details. Click on the "Create CGI files" button.

How To Use:
To use this CGI victim list tool. You must have a host with CGI support. You can take a free host from these sites
http://www.netfirms.com
http://www.tripod.lycos.com
After you register an account from a host, you must upload "prorat.cgi and "log.dat" to your hosts cgi-bin folder in ASCII mod. Change the CHMOD for "prorat.cgi" to 755, and change the CHMOD for "log.dat" to 600. If you don't know what is CHMOD please read the following steps.

INSTALL + IMPORTANT THINGS + FREQUENTLY ASKED QUESTIONS:
1-Learn that your hosting supports CGI. If it doesn't have a CGI support use another host with CGI support.
2-Upload your files to the cgi-bin folder on your host and don't forget to check them you should see 2 files in your CGI directory after you upload them.
3-You must upload your files to your host in ASCII mod. If you upload in binary mod your CGI victim list won't work. If you want to solve this problem we recommend to you upload with Cute-Ftp program. Professional FTP programs like Cute-Ftp can automatically choose the mod for extensions of files. If you want more details search upload + ASCII + cgi in http://www.google.com
4-Did you setup the files to CHMOD in you host ?
The value of the Victim lists main file that is "prorat.cgi" must be 755 in CHMOD, and the 'log.dat' value must be 600 in CHMOD.
You can adjust CHMOD after you upload files with Cute-Ftp. Right click on the file and click on CHMOD and follow the steps :

prorat.cgi :
Owner permissions :
[X]READ [X]WR?TE [X]EXECUTE
Group permissions :
[X]READ [ ]WR?TE [X]EXECUTE
Public permisions :
[X]READ [ ]WR?TE [X]EXECUTE

log.dat :
Owner permissions :
[X]READ [X]WR?TE [ ]EXECUTE
Group permissions :
[ ]READ [ ]WR?TE [ ]EXECUTE
Public permisions :
[ ]READ [ ]WR?TE [ ]EXECUTE

5-If you say I did all the settings right but my list didn't work :
Did any edit your prorat.cgi file after you created it? If you edited your prorat.cgi file your list may not work and create a new CGI file.
6-If you say, I'm typing my password into my CGI victim list but my victim list doesn't open we think that you have changed the names of your CGI files after you created them, and this may cause this problem.
Don't forget if you want to change names of files you must name them when you are creating the files from the client, But if you are an advanced user you can open "prorat.cgi" with a text editor and edit the settings as you want to do in "prorat.cgi".
7-If you are typing the correct URL for your victims list but it says "****** named file cannot be found".
If you have a problem like this maybe you forgot to upload "log.dat" file to cgi-bin folder in host or you changed name of the log.dat file after you created it.
8-IF you forgot the password that you put to your victim list. Create a new one and change the new prorat.cgi with the older one and don't forget to note it somewhere.
9-If you have many victims but they don't get listed on your victim list. Open prorat.cgi with a text editor and come to settings part and $show_list = "xxx"; write a value instead of xxx like default number for that is "100" , after you set it, upload and replace t with the old file. If you say I can't do that create a new prorat.cgi from Client and type a bigger value for the max number of list for example 200.
10-if you say I did all the things but I don't know how to connect to my victim list. Type http://yoursite/cgi-bin/prorat.cgi on your browser and you will see your login page. The important point of you CGI URL is the end of your URL be the name of you cgi file of prorat.cgi and type it to the end of your URL.
For example you have a account like http://prorat.netfirms.com and you didn't give the default name for prorat.cgi and instead you used the name counter.cgi. your URL should be like this http://prorat.netfims.com/cgi-bin/counter.cgi
11-if you say I took a host from tripod but it doesn't give me permission to edit manually CHMOD. That is true some hosts don't gives permission for this but we can solve this problem with following steps.
Login on tripod's page with your username and password and go to F?LE MANAGER. Your files will be shown in a special script page and go to cgi-bin folder, check the box next to the ProRat cgi file and click on the button at the left top (EDIT). Now delete all the things in prorat.cgi and copy the prorat.cgi that is in your PC to your host and save it.
12-If you say I did all the things but I can't upload log.dat. Type something on log.dat and try to send it again. After you install your victim list you can delete logs with the button named 'Empty Page' button.
13-If you say that you took a free host with cgi support but the hosting company closed my account.
If you have many victims, this traffic can be alerted to the admin of company or you only use cgi-bin of your account it can alert them too. Now you can open a new account and put a site with 2-3 pages, and put a index and connect to your ex users change the older cgi list link with online editor.
14-If you don't create prorat.cgi with ProRat client and downloaded it from somewhere or if you want to upload it after a long time, you can change it to binary mod while you are editing it or downloading it. Download ProRat Client and create your own Victim list.
15-If you say I tried everything and I did all the things right but my service didn't work:
If your age is under 16;
We recommend you to not use ProRat for a couple of years and instead using ProRat go and play games or use your computer for education.
If your age older than 16 and if you're IQ is normal keep away from the Hack world and close your computer...
***************
Sorry about any spelling errors, new keyboard.

"Let's start a riot!"

3 comments:

  1. I have a the prorat but the problem is after creating the server file i can't find it in it's folder even i did disabled antivirus/firewall
    but it's still don't work :(

    ReplyDelete
  2. same here !!! :-C need some help !!!

    ReplyDelete