sub7.2.1.4.zip

[stink]

a mate of mine sent this file to me, wich turns out is a trojan, anyway on one of the little readme's that came with it i found this, im not sure if its of any relevance but its about somehow hiding the crackers IP from the victom, with i think makes netstat -an usless.
It also mentions this site, and this sites ip and port, so yeah just read on...

Port Redirect HOWTO by happyhackr
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(USE NOTEPAD TO VIEW THIS)

Briefing:
---------

Well first of all,

-What is Port redirect?

To put it in very simple words, it allows you to use common internet services(irc,http,ftp..)
through someone's pc/ip. Just like a proxy(http,socks,ftp....).

The concept is quite simple, a port is listening on the VICTIM (e.g 6667), when a connection is
made to that port it automatically redirects to the OUTPUT PORT/IP(e.g. irc.dal.net:7000).You define the "Input port", "Output port" and "Output IP" when you enable "Port Redirect" through "Add port" in the Subseven Client.

Lets says your VICTIM is "A" and DALNET is "B". What happens is that
Port Redirect opens a port on "A", when a connection is made on that particular port it redirects
the CONNECTION to "B". Therefore "B" (Dalnet) thinks its "A" thats connecting ....though its
you that is connected.

WHY??
----
Port Redirect has many benefits. You could use it to EVADE KLINES/GLINES on IRC, just to be anonymous, just for the heck of it or you're paranoid?? :P

----------
-Example 1:
-----------
If u want to use Port redirect for IRC (e.g. Dalnet)

INPUT PORT:
----------
You can put any port as the INPUT PORT.
This port will be listening on the VICTIM, e.g u can use 6667.
Using 6667 has an advantage which I will discuss a little later in this text.

OUTPUT HOST/IP:
--------------
This has to be the address(host or IP) of the IRC server.
For Dalnet u would use irc.dal.net(216.65.117.128) or even the direct address of any Dalnet server like stlouis.dal.net, liberty.dal.net ....and so on. You can either put the hostname
or the IP.

OUTPUT PORT:
------------
The output port depends on the service or in the case of IRC ..the server type(dalnet,undernet,efnet etc).
For Dalnet you should use 7000 as the output port. You can check this in your IRC client.
For undernet you should use 6667.Port 6667 is the Default for most IRC servers.

NOTE:
-----
After you have done all this, CLICK on "Refresh list" from the "Port Redirect" page in Subseven client to make sure you have ENABLED port redirect correctly. You should see the port(s) you just added in the "Redirected Ports" list.


USAGE:
-----
In your IRC CLIENT(e.g mirc) type this
/server 121.232.12.27 (where 121.232.12.27 is the IP of your VICTIM)

If u set the "INPUT PORT" other than 6667 then type this
/server 24.24.24.24:6669 (where 6669 is the "INPUT PORT" u chose)

After you have done this ..you will see that it connects you to Dalnet...that was simple right??

DONT ASK...the DALNET ircops how UNCA HELL made good use of Port Redirect!! `

IN A NUTSHELL:
--------------
Input port: 6667
Output host/IP: irc.dal.net
Output port: 7000
Usage in Irc Client: /server 121.232.12.27 (replace 121.232.12.27 with the VIctim's IP)


----------
Example 2:
----------
If you want to use "Port Redirect" for HTTP (browsing)

INPUT PORT:
----------
Any port u like. You can use 80(default HTTP port).
BUT using port 80 has an advantage and a disadvantage. Advantage is that u can simply put the IP
of the VICTIM in you browser and it REDIRECTS you to www.antionline.com
The disadvantage is that since a lot of lamers scan for well knows services(on port 21,80 etc..)
so this might cause a lot of problems to the victim and as a result he might notice something is wrong .For those of you that are very new to all this I recommend 80.Otherwise use 81(or whatever)

OUTPUT HOST/IP:
--------------
209.166.177.37(www.antionline.com)

OUTPUT PORT:
------------
80 should be used for most webservers.

USAGE:
-----
Open your browser, put the IP of your victim like this:
http://24.24.24.24 or

http://24.24.24.24:81 (where 81 is the "INPUT PORT" u chose).

IN A NUTSHELL:
--------------
Input port: 81
Output host/IP: www.antionline.com (Replace with the URL of the site to reditect)
Output port: 80
Usage in browser: http://0.0.0.0:81 (Replace 0.0.0.0 with the Victim's IP)

SUMMARY:
~~~~~~~~

You can use PORT REDIRECT for Telnet, Ftp, Http, Nntp, IRC etc ....
But it is recommended to use VICTIMS with fast connections(ISDN,cable etc..) for this and
for all those of you that read this and say ..."I knew this already"...WELL THIS ISNT MEANT FOR U SO ....... 2+2
umm 5??


____________________________ . \ | / .
/ / \ \ \ / /
| SUBSEVEN | ========== - -
\____________________________\_/ / / \ \
______________________________ \ | / | \
/ / \ \ \ / /.
| ROCKS!! | ========== - -
\____________________________\_/ / / \ \

[gore]

Originally posted here by stink
a mate of mine sent this file to me, wich turns out is a trojan

Sub7 is a trojan????????????????????????

Dear God!!!!!!

[hypronix]

Oh the 'infamouse" Happy Hacker.. the absolute number one poser... well some of her guides aren't bad though.

btw if u got the zip it means u got the instalation. as long as you haven't decided to run server.exe it's all good... play with it, use it [wisely ] and.. yeah.

ob btw the new version is out [SubSeven Legends] which has full support for WinXP etc... so if u wanna use a trojan.. use the latest version :P

[stink]

yeah, i think i'd probly learn more from making one, but hey!
anyway this is probly not right to be talking about actually using it!

[noODle]

Why are you CnPing information on how to use subseven.
Btw sub-seven is LAME

[hypronix]

Originally posted here by noODle
Why are you CnPing information on how to use subseven.
Btw sub-seven is LAME

the use of trojans is generally lame. the prgram itself is not. however, i was not giving out information on how to actually use it. if u think i did... well, that's a diff problem.

anyway have a nice day

[noODle]

Originally posted here by hypronix


the use of trojans is generally lame. the prgram itself is not. however, i was not giving out information on how to actually use it. if u think i did... well, that's a diff problem.

anyway have a nice day

Could it be that I was replying to the thread starter ?
And I think the program Subseven is LAME as it will be detected by every anti-virus/trojan there is and is only used by lamers.

[hypronix]

Originally posted here by noODle


Could it be that I was replying to the thread starter ?
And I think the program Subseven is LAME as it will be detected by every anti-virus/trojan there is and is only used by lamers.

k k i admit to my error. while the program is detectable, one must admit the one coding it wasn't quite a newbie. yes, lamers and hacker-wannabe script-kiddies use it... I wasn't advocating pro-use if that may have come through in any way.

cheers!

[prodikal]

Dead cow are actually some cool guys. They made Sub7 not for lamers exactly but more to show how shitty Windows security was. It just got blown up into things because people used it for REALLY bad things. Also yea the way it was written was well done. Like I said, it was made to show how Windows has alot of vulns.

wtf you talking about 'Dead cow" you mean the Cult of the dead cow they coded and released 'back orrifice' and it was mobman who coded sub7

[hypronix]

heh yeah.. mobman is one guy [not a whole crew] n his from eastern europe [the country i was born in, Romania, to be more precise]

win security is vulnerable once u get in... but by the time u installed the server, u've already passed the USER [the number one factor that makes a lot of hacks easier :P]