Poison Ivy Rat Setup -Spreading-Portforwading [Pictures][Easy to understand]

Poison Ivy Rat Setup -Spreading-Portforwading [Pictures][Easy to understand]

02-07-2010, 06:51 AM (This post was last modified: 02-07-2010 07:38 AM by oxide110.) Post: #1

oxide110  Tutorial Creator Posts: 260 Joined: Jan 2009 Reputation: 13

Posion Ivy Rat Setup Tutorial With Pictures Skill Level:Easy Bandwith:Friendly Time:5-10 Minutes First of we are going to visit the poision ivy rat website convieniently named http://www.poisonivy-rat.com/ Now we are going to click Downloads Once we have dont that we should come to a page with many download options. Choose the most recent release of Poison Ivy (Click on the Mirror 1# Link) Also choose the Optix Screencapture download (Click on the Mirror 1# Link) Once we have downloaded this copy both of these files into a new directory on your hard drive i named mine ivy and copied them both into their and extracted them and you should be somewhere that looks like this. Now that we have done that and all that is ready (I advise turning av off during Poison Ivy rat creation to avoid detections when you dont want them) *Dont forget to re-enable after* (Put your virus in a rar or zip after you have re-enabled to prevent detection) Now open Poison Ivy exe Then immediately go back to your directory where you placed your optix screencapture and poison ivy and poison ivy should have created a plugins directory copy and paste the Optix_ScreenCapC.dll Optix_ScreenCapS.dll Into the plugins folder then close and re-open poison ivy. Now to check if you have done it right go to File>Manage Plugins and if you have correctly followed my instructions you should get this if not go bcak and re-check the instrcutions Now we have our poison ivy client all ready to go we need to make the server file (the one which our victim will download) So go to File>New Server and Click create profile and name this whatever you want. We should be on the Connections stage now so we need to create out own DNS and port Visit the website http://www.no-ip.com and register an account on their. Once activated on that site go to add host and enter in a site name that is unique in the free section of no-ip.com once you have typed that in just click add host at the bottom of the page. Also you will need to download the no-ip.com dynamic update client Download from here http://www.no-ip.com/client/ducsetup.exe and run that for it to update your ip on your "host that you made" So now back to our Poison Ivy rat and enter in the DNS/Port filed what you put in at no-ip.com Hopefully you should be here if you are and everything looks fine then just hit next at the bottom. Sweet okay now lets go to the next page Click the checkbox Start on system startup and then make sure hklm and ActiveX keyname are both ticked I put in HKLM name as Windows Live Messenger For Active X Key Name click random a few times. We should be just looking something like this almost done i promise ;) Now we on the next page we need to tick Inject server into the default browser and persistence and inject into a running process and keylogger click ok on the popupbox We have done all of this now and it should look this. If it does great we are nearly finished. Click next then and then click generate on the bottom and we have our virus. Great! One problem though it is detected by every antivirus on the planet... But we can fix this simply go to hackforums.net and click the search feature and search for free FUD Crypter and download one of these and selecte the virus that we saved and then we have our virus 100% undected (Normally). Sweet so now we are ready to infect our victims. So im guessing you want to know how we are going to actually get these to connect to us so we can control them? Simple go to poison ivy and select File>New Client and enter in at the box at the top 8000 Now we need to port forward so that we can accept connections trying to connect to us So follow this port forwarding tutorial (only needed if you have a modem) http://www.hackforums.net/showthread.php?tid=242980 should be like this then click okay at the bottom and we are now listening for connections on that port on your computer. So you want to test it? you can run it on yourself as it is perfectly safe to do so as you are in control. and if you have done it right you should now see yourself come up on this list. Then you can select the options and feautures on your victims that have been infected by you. So im guessing you are thinking. What feautures do i get on this? Well you get The Controls for Poison Ivy Information This shows OS info and server info Managers Files browse files and download/upload and excute Regedit don’t mess with this unless you know what you’re doing . Processes same as with Crtl-Alt-Delete process tab Services Dont play here unless you know what you are doing Devices You can disable and enable hardware (such as usb keyboards and usb mouses) Installed Applications Add/Remove Programs Windows Can close and open windows and send keystrokes etc.. Tools Relay,Active Ports, Remote Shell don’t play with any of these unless you know what they do Cached You can see their saved passwords and save them to your computer Surveillance Key Logger You can see the keys they have pressed Audio You can listen to what your victims sound is playing Screen This takes a screenshot you have probbaly guess that. Webcam so you can view your victims through their webcam I haven’t found one working butt you can try :) All you have to do now is upload your file that you saved to the internet and name it as something people will download and just see the downloads come pouring in and then you will get more and more users under your command Thanks for reading this took me a long time to make this and is 1000 + words Poison Ivy RAT(Link) VB.NET Fake Program (Link)