Beast 2.0.7 Trojan - Tutorial - Aranan Belge!

ICQ:
ICQ UIN: Enter your ICQ number here
Get/Clear UIN: Automatically enters a UIN in the "ICQ UIN" box that has been used on your computer. Clear removes the UIN that was automatically entered.
ICQ string: Changes the ICQ message that will be sent to you. Change it only if you know how.
Test: Tests the Notification with the UIN currently in the "ICQ UIN" box
Enable ICQ: Enables ICQ notify blah blah blah.

CGI: To learn how to setup and use CGI notification, read my tutorial <here>
CGI URL: Enter the URL of the location of "log.cgi" on your site. e.g. http://mysite.netfirms.com/cgi-bin/log.cgi
CGI Script Data: Edit the CGI notification you will be sent. Again, change only if you know how.
CGI Password: This is a password for accessing the list.cgi on your website. Show Chars will show the characters that you type in the box.
Create CGI files: This will create the CGI files needed for CGI notification (log.cgi, list.cgi, and log.txt), in "<Beast directory>\CGI Files" with the password you specified

Test: Tests the CGI notification with the data entered in CGI URL and Script Data
Enable CGI: *yawn*

StartUp: Suggested to select all, to make sure that the server runs at boot. With each of these, you are able to edit the name of the subkey
ActiveX: Adds a registry entry under the key:

    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components"
HKey Local Machine: Adds a registry entry under the key:

    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run"
HKey Current User: Adds registry entries under these keys:

    "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run"

    "HKEY_USERS\S-1-5-21-1606980848-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run"

AV-FW Kill: Closes Anti-Virus Programs and Firewalls at selected periods of time
Kill AV – FW On Start: Closes AV and FW at boot. "Configure" button will give you a list of all the current processes set to be closed. You may add or delete processes within this list.
Kill AV – FW On Every … Seconds: The number in this box indicates the number of seconds between the closing of the selected processes. e.g. if this was set to 25 seconds, and the server was run at 12:00:00, it would kill AV-FW at 12:00:00, 12:00:25, 12:00:50, 12:01:15, etc.
Disable XP FireWall: Disables the Firewall included in Windows XP

Note: AV-FW Kill does not work with many Anti-Virus Scanners and Firewalls, they usually have preventative measures installed so that the server cannot kill the process.

Misc: The Miscellaneous server settings
Melt server on install: Selected by default, this means that when server.exe is run, it will install the needed server files, and then server.exe will automatically delete itself
Clear Restore Points (XP): This will clear the restore points on XP when it is run. This means that the user can't delete Beast by returning XP to a previous, clean state
Open Port On-Line Only: This is for direct connection, and it means that it will only open the Listen Port when the remote computer is online. This is good, as it looks suspicious when a port is opened mysteriously when the computer isn't even online.
No LAN Notifications: This is also for direct connection only. With Beast, you may infect and successfully connect to remote computers on LANs, but only with reverse connection. If you use direct connection and infect a person on a LAN, you will get no notifications from these computers if this option is checked.
Enable Keylogger: Enables the online/offline keylogger. Hit the "Configure" button, and you can change the logfile size limit, aswell as the name. The Keylogger function has also changed since version 2.06. The server's keylogger is now able to email the logfile to you once it reaches a certain size.

You can also enable "Smart Keylogging", which means, you enter strings from the window caption that you want, and the keylogger will only log the keystrokes that are typed into an active window with those particular strings in the caption, and not anything else. You don't need the entire window caption, just a portion of it. e.g. using "ess" will capture keystrokes in windows with the captions "ess", "Messenger" and "MSN Messenger Service", and all windows with the caption containing the string "ess".
www.tahribat.com - Renegadealien - Tüm Hakları Saklıdır