Page 1 of 4 123 ... LastLast
Results 1 to 10 of 37

Thread: Sub-7.....

  1. #1
    haraam77
    Guest

    Question Sub-7.....

    I've done many hours of research on subseven. Has anyone here had any personal experience with subseven? Were you infected w/it?....how did you get rid of it? Or....have you used it on someone? I'm interested in hearing details.......flamers need not reply.

  2. #2
    I'm the Sub7 master here at AO. What I usually do to have some fun is DCC on irc and infect them with a file. THen I get there e-mail get the ip from that and whala I've got another computer victim.

    The essentials you need are a Sub7 full program, then get a Sub7 scanner that will scan for other infected computers and then you should be set.

    Sending it in the e-mail is the best way to infect someone. I usually will get a mailbomber break into a spamming computer that has tons of addresses and sent it that way so I get like 50,000 infected computers.

    If Shmoo is ever around he will help you out alot as well. I trained him on the arts of Sub7 hacking. He's like my student.

  3. #3
    AntiOnline Senior Medicine Man
    Join Date
    Nov 2001
    Posts
    724
    Exactly how many hours? I hope not too much..its very easy to use and remove.
    I had been infected a few times. I infected my self with various editions of the server.

    The most common of all of these is the Win.ini file.

    [windows]
    load=
    run=server.exe

    Another is the System.ini file

    oemfonts.fon=vgaoem.fon
    system.drv=system.drv
    drivers=mmsystem.dll power.drv
    shell=Explorer.exe\SERVER.EXE

    user.exe=user.exe
    gdi.exe=gdi.exe

    also more experienced script kiddy will use registry entrys and you will have to search for them yourself as i do not have access to this info right now.
    Anyways the removal is also easy.
    1) Start>Run>msconfig.exe
    2)check start up search for strange and unknown programs.
    3)once server is located take the check out of the box that tells it to run upon winstart.
    4)Restart Computer
    5) Start>Find/Search>File's Folders>name of the server......"server.exe"
    BTW The server automatally changes the name of the server to a random string of letters. example: dhbfjshb.exe unless changed from default setting by the script kiddy.

    Also i have had used many times. But we wont talk about this now....
    It is better to be HATED for who you are, than LOVED for who you are NOT.

    THC/IP Version 4.2

  4. #4
    haraam77
    Guest

    Talking Thanks for the insight....

    freeOn : >> Can you tell me more about how to use it without leaving yourself vulnerable to others?.....PM me if u want to teach me more about the sub7 or tell me more about personal use.....thank you very much. haraam77......

  5. #5
    I used to be big into sub7 a while back and I'd always plant backups in the victim like Dr Toker said

    My fav way of doing it was to either make a reg entry pointing to another server on their comp or download a prog they had set to run on start-up, bind my server to it and upload it again....very few peps check that their prog files are the same file size as when they first installed them

    But those days are behind me now tho I do fiddle every now and then when I get bored but we'll not talk about that here......

    v_Ln

  6. #6
    AntiOnline Senior Medicine Man
    Join Date
    Nov 2001
    Posts
    724
    haraam,
    There is no real way to remain invulnerable while using sub7. Mobman imbedded in the client a virus of his own. Which is why your McAffe and Norton say it is infected. There was released a clean version of this program..however I have not seen it in ANY search. It was pretty underground.
    It is better to be HATED for who you are, than LOVED for who you are NOT.

    THC/IP Version 4.2

  7. #7
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    I'v used Sub7 Loads of times, and been infected my self.....
    One thing to be aware of is that the Client is also infected with a Trojan, but of a different nature, can't remember exactly which one, but it's kinda Ironic to ahve a Trojan server with a Trojan-client....

    One good way of getting rid of Sub 7 Is just pressing Ctrl+Alt+Del loads of times at start up, and simply shut down any unknown files..... Well, thats me any way...
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

  8. #8
    AntiOnline Senior Medicine Man
    Join Date
    Nov 2001
    Posts
    724
    The server when running, does not show up in the task manger. Also simply ending the task would not help much at all, seeing as how as soon as you restart your computer it will be ran again. But like i was saying, but cut myself off.
    Find the server on your drive, after taking it out of your start up. Then delete it. Or you if you can somehow end the task, you COULD delete it then, with out restarting and messing with msconfig.
    It is better to be HATED for who you are, than LOVED for who you are NOT.

    THC/IP Version 4.2

  9. #9
    Junior Member
    Join Date
    Feb 2002
    Posts
    21
    yeah yeah, i have used sub7 a lot as well, but as mentioned by others...the client is also infected with the trojan. good luck on finding an uninfected copy of sub7, haha. though i have found numerous versions of netbus in which the client was not infected. netbus is very similar to sub7, so if you have no luck with sub. try looking into other remote admin crap like netbus.

    Laidher

  10. #10
    Senior Member
    Join Date
    Oct 2001
    Posts
    872
    About mobman infecting the client.

    All mobman had to do was built a similar, yet not completely the same server.exe and embed it in the client. He would make some #channel in some unknown, or his own, server - and all ips of his #2 victims would be his. Then anybody that logged onto the internet even only opening the client...would be his.

    Another good idea would be that the client would be a twopart virus. Sending the IP of the user as well as whoever the user infected. I, myself, did extensive reasearch on Sub7, infecting my own computer and learning about it...doing all the commands. Obviously I cleaned everything out, using Dr.Toker's advice, plus an AV, and editing all my startup files.

    The trojan is fun, I'll admit that...but BO2k can kick it's ass any day. Just because it's lamer-proof. :-P
    ...This Space For Rent.

    -[WebCarnage]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •