Requirements:
1. Remote Administration Tool(RAT) Zeus BotNet (Download)
2. Web Server + Database Server (in this example we use XAMPP)
Remote Administration Tool(RAT) Zeus BotNet:
1. Firstly, we need to install the web server and database server. Since we're using XAMPP for this tutorial, you can refer to previous step by step How to Install XAMPP in 7 Simple Steps to install XAMPP on Windows machine and make sure your XAMPP apache and MySQL service was started and running.
3. The next step we need to download the remote administration tool file and extract it, you will find 3 main folder builder, other, and server[php]. Create a new folder inside C:\xampp\htdocs. I give the folder name as bot, then copy the server[php] contents into C:\xampp\htdocs\bot.
4. Now back again into our web browser and type http://localhost/bot/install into the address bar. Input all required field with the correct information.
Information:
– The host address for MySQL filled with your database server IP address. If you run XAMPP it should be your IP address.
– Database is filled with information about our database name that already created in step 2.
– Encryption key you can filed with any characters with length from 1 – 255
click Install to start installing.
Notes: If you get this error
ERROR:Failed connect to MySQL server: Host 'myusername' is not allowed to connect to this MySQL server
You need to do the following step by step
a. Open your PHPMyAdmin http://localhost/phpmyadmin and click the Privileges tab. Click edit button to edit the root user privileges.
b. In the edit user page, scroll down and find the login information section. Change the Host from localhost to Any host and press Go button.
5. This is the information preview if zeus remote administration tool web server was successfully installed.
6. The next step is configuring and create the zeus bot client. Open the builder folder and open config.txt configuration file. Change the url_config, url_loader and url_server configuration according to your setting, you can see my setting in the picture below.
Note: don't forget to edit the path of webinjects.txt.
7. Now for the next step, open the zsb.exe file. In the picture below I've already create the step by step to build the bot executable. Just follow the step.
8. After all the build bot config and bot executable on step 7, now we have the new file config.bin and bot.exe. Copy those two file into the htdocs folder. Mine was inside C:\xampp\htdocs\bot.
9. Now let's says we will send the generated bot.exe to the victim. After victim execute the file we can check our attacker server. Open the browser and type http://localhost/bot/cp.php and insert your username and password.
10. We can see the new infected victim in the web interface and even view the desktop screenshot of the victim.
Here is the video tutorial in case you don't get the explanation above. Sorry if the video was cutted in the end, I accidentally stopped the recording, but anyway it's still working 
Conclusion:
1. When victim already infected, attacker can gather many information from the victim including all internet activities and even gather all the website username and password since this tool can act as a keylogger and capturing the log in information.
2. To prevent the attack of this trojan, always update your operating system and anti virus and do not click any link that looks suspicious in your mail or chat messenger.
No comments:
Post a Comment