Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Spreading] How to infect your community or a company
#1
Welcome



NOTE: This tutorial is for educational purpose only. Thinking about things in theory is fine, but don't use your knowledge to harm others. I am not reliable for any harm that is done with the information I cover in this tutorial.


Table of contents

I. Introduction
II. Community spreading
III. Requirements
IV. Creating an infected CD
V. How to spread your CD
VI. Conclusion
VII. Spreading without a CD
VIII. Compromising a big company
IV. Final words


I. Introduction:

Welcome to my first tutorial on HF. You may wonder what this is about. Let me tell you - it's not just another spreading guide. I came up with this idea today and I thought "why not write a guide about this?!".
This is in fact, a very experimental and new spreading method. If you want to setup a botnet with thousands of slaves, this is not for you. This tutorial is for people that want to get some new ideas and try to spread a different way.

If you are simply searching on a good mass spreading guide, have a look into:

Ultimate spreading guide
Omegle Spreading


II. Community spreading:

What do I mean when talking about community spreading?
Most of you know, that you can SE your neighbours or friends into opening a RAT. If you are on their network, you can even redirect them to your JDB. However, I'm not talking about this.
We are exploiting the trust of your community in free giveaways and services. This method requires time and some money to start, and it's definately not for everybody.

In general, we are going to burn a CD with the RAT/Keylogger/Worm/whatever on autorun. Autorun has been disabled for USB devices since Windows XP SP2, but autorun from CD is still working.
I will give you a few ideas on how to get your infected CD "on the market", but the best ideas are coming from your own brain.

When I'm saying "CD", it can be a DVD aswell - common sense


III. Requirements:

You will need the following things:

- A file you want to spread
- Crypter
- Raw CD's and a burner
- Brain


IV. Creating an infected CD:

Step 1:
Set up your malicious file. If you don't know how to setup your RAT for example, please search for a tutorial and make sure it's working.

Step 2:
Crypt your server so the AV programs won't detect it. Make sure it is FUD on scantime and runtime. Don't use a free crypter, since they will get detected way faster. If you got some extra money to spare, invest in a private stub.

Step 3:
You need to have some legit file on the CD aswell. It will be obvious which file you can use if you read about the different methods later in this guide.

Step 4:
Burn a new CD with your RAT and the legit file.
It is important to make it run automatically when put in! Check out this guide if you don't know how to do this:
Autorun CD tutorial

Now you should have a CD with your crypted server and a legit looking file. When someone puts in the CD into his hard drive, he is going to be infected instantly because your RAT is starting automatically.


V. How to spread your CD:

Now we are coming to the interessting part.
There are multiple ways on how to spread your CD, each will result in different slaves. You will be able to get very specific slaves, because the slave you get depends on the way you spread.

These are a few methods you can consider using:

Library spreading:

You could install your server on the PC of your local library. However, this is obvious and you may thought about this already.
Alot of books are coming with a CD. The CD may features a e-book of the print, programms or additional information.
You can lend any book and copy the files from the CD. Then you burn the CD with the original files and your RAT. If you are worried about the cover of the book: You can clone the original cover if you are willing to spend more time and money on making it more legit.
Put your fake CD back into the book and give it back. The next time someone lends the book and runs the CD, he will get infected.

You can also use this method with DVD's and games!
Grab new games and copy them! Games are high on demand and everyone is looking for them. If you do this method with games that require good hardware, you will get some good slaves if you are into bitcoin mining.

Rental services:

These are even better to spread with, because the most people only lend the games and DVD's for a short period of time. This means you will get more slaves when planting your material.
You better only use this method when you are able to make a good looking cover for the CD. Have in mind that if the rental service is finding out what you are doing, you will get in big trouble.

Using this, aswell as the library method gives you the chance to target very specific personalitys. A few examples:

Infect love films = Couples, women, sentimental men
Infect shooter games = Teenagers (mostly boys), good hardware, facebook accounts, possible other game accounts
Infect programming e-book = Coders, programmers [spoiler]Don't be an asshole and infect these people[/spoiler]
Infect erotic movies = Perverts in your neighbourhood
Infect tax manager software = People who keep track of their money and probably aren't that poor

I don't support financial fraud in any way. The contrary is the case. Don't steal innocent peoples hard earn money, how would you feel?

This list can be continued, I just wanted to give a small example on what is possible with this method.


Free giveaways:

You can always get on the streets and make some giveaways.
Get a nice pretext who you are and why you are giving away the CD. Tell the people what's on it and why it's so awesome. This is the fastest community spreading method. But you should consider this:
Every act of communication is a huge security risk. Even if you travel to another state - if the people find out what you are doing and are able to tell the police about how you looked, you will get in serious trouble.

If you are a professional social engineer you should have a method on how to get alot of money in mind already. You could target on rich, older people.

This method is very, again very illegal. Don't do this unless you wan't to spend some time in jail. This kind of scam and financial fraud isn't anything easy.


VI. Conclusion:

You should have an idea on how you can spread in real life now. There are so many methods on how to spread a CD, I can't cover them all. Use your brain and think in which situations you get in touch with a CD and you will find more ways.

The CD spreading method has one huge downside:
Your FUD rate. You can't simply reFUD the file once you gave it out. Because of this, it is very important to get a long FUD rate. Get a private stub or code your own crypter/stub. Don't expect the library or rental method to work that great when using a server which is FUD for 2 days only.

Since this is a community spreading guide, I will give you a few more ideas on where to spread a RAT without a CD.

The last chapter is about how to infect a big company. Note that the method is similar to the ones used before, so this is why I will cover it.


VII. Spreading without a CD:

So where to spread when you actually have access to the computer you want to infect? Let me give you a few ideas:

- School computers
- Library computers
- Internet coffee
- LAN partys
- Computer related events
- Your own idea here


VIII. Compromising a big company:

NOTE:
I said this a few times already: Deal with this information on your own risk.
The following idea is for professional social engineers and penetration testers who are recruited to infect a company.

I was talking about public librarys earlier. However, the most bigger companies got a own, internal library aswell. These libraries offer specific literature. Alot of these books feature CD's which are very related to the content of the book. The execution rate of these scientific CD's is rather high.

If you can manage to swap the original CD of the book with your infected one, you have high chances that some employee runs the CD on his PC at work.

If the library of the company isn't public, you have to see how to get into it. It's not impossible - but this is going much too far for this tutorial. Let me suggest you some books which can be very helpful for social engineers:

- Human hacking
- Introducing NLP
- Guide to social engineering and dumpster diving
- Influence
- How to engage people doing sth.
- Hacking the human
- Art of Intrusion

These are a few interessting books about social engineering and how to get into an internal library for example.


IV. Final words:

Thanks for reading my tutorial!
I'm not sure on how many people will actually use this method, but it was fun coming up with this idea. In fact, I like writing tutorials and guides but I'm lacking on ideas. If you got any suggestions for a tutorial which isn't written yet (or very LQ only), feel free to send me a PM.

If you found any bigger mistakes, let me know.

Have a nice day everyone.
Reply
#2
For VII: I would add the, "I found this flash drive, It's not mine, so here ya' go!"

Best regards,
-Siberia
PacketPunks
Knowledge talks, wisdom listens.
PM me with any questions or comments
Reply
#3
Great tutorial, I like to see these types of additions to the community Smile The topic covered is very interesting with a wide selection of sub-topics. The art of intrusion has no boundaries or limits.
Reply
#4
Awesome Tutorial! - well organized & well written.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)