KBD (KADIR BASOL DEVASTATOR) 2002

KBD
(Backdoor.Java.KBD)

by KADIR & KERIM BASO

Released in January 2003

Made in Turkey

KBD Program was invented at the end of the 1999.It has used to control many Web
Servers & IT computers.
At the end of the 2001 the program has served on personal computers.
Now , it has passed many Trojan programs like Sub7 , Netbus & so on...
Because the program is capturing any computer without sending any file.
It uses ActiveX technology for Windows systems.For the Linux systems , it
is using normal jar files & when the program infects on Linux systems , it
cannot be stopped by the system administrator & It is the first Trojan for cell
phone systems.We put some limits this program to prevent some potential dangers.

The abilities of this program is shown below :

- You can access the file system of the infected computer.
- You can zip or extract any file on host's computer.
- You can access any computer behind proxy or behind any network.
- You don't need to know what ip address is the infected computer using.
- Applet uzerinden taninmama.
- You can capture any packets that is on local network or local computer.
- You can send fake mails & can mail bomb at any user on any Pop3 or Web server.
- Protocol resolvers.
- Encyrpted chat.
- You can
- You can send fake UDP packets on behalf of any ip address.
- You can capture computers which are not only Windows machines.
(Linux,Machintosh,Solaris,Cell phones etc... Java Supported Platforms)
- Firewalls cannot detect the connections on Applets.
- For now , it cannot be detected from any Anti Virus program.

Restrictions of the program :
- Skipping Virtual Machine security
- Jumping any firewalls security
- Infecting on local network like a virus.(NETBIOS Only)
- Detecting the users telephone number who is using modem connection.

System requirements for good performance :
- 700 Mhz CPU
- 128 MB Ram
The Client musn't be behind a proxy or behind network.
If client is behind a network or behind a proxy , the user must use
Bridge program.We will explain the usage of the program later.

The usage of the program :
When you extract the files in the KBD.zip file.At least there will be 8 files in it.
All files name's are shown below :
1-) KBDClient.jar ( Programin Client bolumu )
2-) Winpcap.exe ( Client icin yuklenmesi gereken plug-in )
3-) Macromedia.class ( Server bolumu )
4-) tt2.html ( Server bolumu )
5-) tt.html ( Server bolumu )
6-) index.html ( Server bolumu )
7-) RegistryAPI.class
8-) Monk.class

If you don't have Sun Java 2 Virtual Machine 1.4 or higher you must first install the Virtual Machine
in order to use the KBD Client & protect your system from Vandals.
It is more secure then Microsoft Java Virtual Machine.

I am giving you Java 2 Virtual Machine link which you must have it :
http://www.czilla.org/DOWNLOAD/j2re-1_4_0-win-i.exe

After you have installed the Virtual Machine , extract the KBD.zip file then first execute
winpcap.exe file & install it to your computer.The file named as KBDClient.jar is the Client file
JAR files work as a exe files for Java.They are interpreted by Java Virtual Machine.
Extract the KBDClient.jar file and double click on it.The program must be opened between
5-15 seconds.If it don't open you must restart computer & try it again.
Although you restarted your computer and the jar file is not working so you must do some DOS works :o)

---IF THE PROGRAM DID NOT WORK ON DOUBLE CLICKING IT---

C:\WINDOWS>_
For example the KBDClient.jar file is in C:\KBD Directory

so we are trying to apply these commands :
--COMMANDS--
C:\WINDOWS>cd..
C:\>cd KBD
C:\KBD>java -jar KBDClient.jar
--END OF COMMANDS--

WARNING : "java -jar KBDClient.jar" this command is case sensitive do not write KBDClient.jar
as kbdclient.jar or KBDCLIENT.JAR!

After you have successfully made these commands.
This message will appear on DOS Screen :

JVM Invoked.
Please wait...

If the error message will appear like this :
Exception in thread "main" java.lang.NoClassDefFoundError: KBDClient
Execute program by using this command "java -classpath . -jar KBDClient.jar"

Then the program will start to work between 5-15 seconds.
----END----

We have learned how to start the Client file.

Now , I am explaining you how to configure Server File :
Open the KBD Client then at the top menu click on Edit then click on

Edit HTML ,
You will see new dialog.This dialog encyrpts your ip address & ports in HTML file so the victim
cannot see your ip address & other important configurations in HTML code.

Your ip adresss : You must enter your current ip address to this place.

Select port : You must give a number between 1-65535.I recommend you to use between 1024-65535 except
number 80.Port 80 and 8080 recommended to use & remember the number you have given.You will use this number later

Redirect to : After the user go into web site where will the user will goto website:
Example : http://www.google.com
When the user goto your website , he/she will be redirected to www.google.com

Auto Control URL : This is the best ability of KBD Vandal.If you have a static ip address ,
AutoController can be disabled if you are using dial-up modem or dynamic ip address , you can enable
AutoController.If you enable it the TextField also will be enabled.You will write an URL(Website)
to this TextField.This URL can be controlled by your self.
For example :
Your website is : http://www.geocities.com/tr_melis
You can write to TextField : http://www.geocities.com/tr_melis/Control.txt
or http://www.geocities.com/tr_melis/AAA.txt
or http://www.geocities.com/tr_melis/PPP.dat
it is your opinion what file you will want to use.

What is that? Why we use this URL ?
You will enter your computer current ip address to these files.When the victim any time connect to
internet they get your current ip address from this website & they try to connect your computer.
They look this URL every 2 minutes until you have connected to them.

WARNING : You must write your ip address when you want to connect
the user & AutoController is selected as true

By using this technique , although you have dynamic ip address , you can catch the victim any time
he/she connected to the internet.

After you have done all the configurations.
Click on convert button then the encyrpted code will appear in text area
Select all codes then press ctrl+c key to copy the code then paste these codes into
tt2.html file by opening tt2.html in notepad.

Then send these files to your website :
tt.html
tt2.html
index.html
Macromedia.class
Monk.class
RegistryAPI.class
For example your website is : http://www.geocities.com/tr_melis
Send these files to this web sites main site then open the KBD Client.
At the top of the menu click on Edit then select Connect option.
Select your mode as "Super Devastator" write your port which you have given
in server configuration & click on ok.
Then send your victim to this web site.
When the victim enters to your website at the right list
there will be appeared the user name of the victim & ip address of the user.
Any one who enter to your website will be added to right of the list.
When you want to enter the victim's computer right click on the user which you
want to connect then click on connect this host.
After you connnected to user's computer the left side of the program will show
victim's computer , right side shows yours one.
Now you are ready to control the user's computer.
If you want to transfer file(download,upload) , you can do it by
using drag & drop utility.If you want to make faster time downloads , you
can do it by compressing files on host's system before downloading them directly.
You can do zip,unzip files by right clicking on the file at the left side.

If you are under proxy or behind any network , you must use Bridge in order to use KBD Vandal.
You can also use BridgeW in order to use someone's(victim's) computer as a Proxy.
From now on , try to solve other things by your self.I have no time to explain more & more functions of
the program.

If you have any problems on connecting people's computer try to use
AutoController disabled.

Have fun ;o)

KADIR & KERIM BASO

MegaSecurity