SubSeven 1.3
(Backdoor.Win32.SubSeven.13)

by Mobman

Written in Delphi

Released in March 1999

Made in Rumania

more versions


[ S u b S e v e n  (c) 1 9 9 9   v e r s i o n   1 . 3   b y   m o b m a n ]
...still for B.U.G. Mafia!

[ d i s c l a i m e r ]
just a simple reminder. if you screw up something using Sub7 and you get in
trouble, don't blame me. i take no responsability for whatever Sub7 or the
server causes. so be warned!

[ d e s c r i p t i o n ]
SubSeven can be used as a remote administrating tool or as a hacking tool.
it consists of two files: server.exe and SubSeven.exe. to use it, run
server.exe on the victim's computer, find his/her ip number then run SubSeven
from your computer. that's about it, after that you can _really_ have some
fun with the victim.

[ h o w   i t   w o r k s ]
well, it's pretty easy. the first time you run server.exe on a computer,
the program installs itself into the memory, and starts every time windows
is restarted. SubSeven.exe is the main program you use to connect to the
server.

[ c o m m a n d   l i n e   p a r a m e t e r s ]
+ you can run the server with the following command line parameters:
   /PASS:password   where password is the password required to connect
   /PORT:xxxx       where xxxx is the port number
+ example "server.exe /pass:fuckoff /port:1777" will install the server on
  port 1777 using the password "fuckoff"

[ f e a t u r e s ]
 + auto notify on the specified UIN when the server is first ran. So it goes
   like this: you setup the server before sending it. you specify your icq 
   number, and a name [if you're sending the server to more than one victim,
   you'll know which one this is]. then, you send the server and wait. when the
   user clicks on it for the first time, you'll be notified the victim's ip#,
   port and the name you specified on icq. this'll make _a lot_ of people happy. 
 + show image feature. it allows you to pop up an image on the victim's screen
   from the victim's hard drive. the image can be: JPG,BMP,GIF,ICO,WFM,EFM
 + continuous screen capture is finally here! oh yes! you can now see
   what the victim is doing on his/her desktop whithin seconds. it's just
   like a live video of his screen, and it does NOT interfear with any
   other feature. so you can actually listen for his keys, download his
   files, and view his desktop at the same time. :) 
 + flip screen. that's right. you can flip the victim's screen horizontally,
   vertically or both. when the victim double-clicks the left button
   anywhere on the screen, the desktop is restored. 
 + hide/show the victim's desktop icons. i don't know why the hell ppl want 
   this, but they got it. 
 + the program [subseven.exe] notifies you when new versions are released 
   [starting from 1.3 and up]. it checks for new versions, and if a new version
   has been released, it shows you a [pretty neat] window, with the link to the
   new file, the size of the new file, the date released and even a list with 
   all the changes. that's, all without even running the browser.
 + you can set your server.exe file to act in a certain way when it's ran.
   for example, you can set it to display a fake error message, or just
   to install without any notification.
 + FTP server. change the victim's hard drive into a FTP server. you can
   access every single file, using a FTP program [like CuteFTP]. it's
   basically a Serv-U clone, that gives you full access to everything.
   While setting the FTP server, you can specify the PORT number, the
   PASSWORD needed to connect and the maximum number of clients that can be
   connected at one time.
 + message manager. you can send custom messages to the victim. you can
   specify the type of window [question/information/warning] the caption
   of the window, the text, and even the buttons. you'll receive the button
   clicked by the victim
 + set the online notification on/off. NO more email server crap. just
   enter your uin and press enable. that's it. it works!
 + enable or disable Ctrl-Alt-Del. when ctrlaltdel is disabled, the victim
   won't be able to press CtrlAltDel anymore. works for Alt-Tab too.
 + send keys. you can type your own keys, send one of the victim's windows,
   and send those keys to that window. useful for mirc if you wanna make the
   victim type "i'm gay" or something.
 + send messages or questions to the victim's computer with the specified
   message or question. you'll be noticed of the victim's answer
 + open the default browser at the specified address
 + hide or show the Start button
 + take a screen shot of the victim's desktop. the image will be shown and
   saved as desktop.jpg
 + disable keyboard
 + chat with the victim. a small ICQ-like chat window will appear on both
   computers. the difference is that on the victim's computer, the chat
   window will _always_ stay on top. while chatting, you can do a few things
   like: hide the victim's typing space [meaning, the small window where the
   victim types will dissappear] start/stop his/her PC Speaker.
   the victim will _not_ be able to close the chat, so if you don't close it
   it'll be stuck there the whole time :)
 + start/stop the victim's PC Speaker. [i thought it'll be nice to tell the
   victims about the good-old PC Speaker]
 + restart windows. don't abuse it though.
 + open/close the CD-ROM
 + set the length of the victim's mouse trails. [you know, that annoying
   trail you can set windows to add to your mouse pointer]
 + set a password for the server. [that's if you don't want other people
   with SubSeven using that server]
 + get all the active windows on the victim's computer. after that you can:
    - close a specified window
    - enable/disable a specified window [the victim will or will not be
      able to interact with it]
    - disable the close button on a specified window
    - hide or show a specified window
 + get a list of all the available drives on the victim's computer
 + turn monitor on/off. this only works on the monitors that _can_ be turned
   off programatically
 + show/hide the taskbar.
 + get more information about the victim's computer. like: windows version,
   user name, company name, screen resolution, etc.
 + change the server name. the server will save itself with the specified name
 + listen for all the pressed keys. you'll see all the keys pressed by the
   victim. useful to get passwords.
 + record. yep, exactly what it says. you specify the number of secounds to
   record for, and the server will send you the recorded file when it's
   finished. the file will be saved as soundfile.wav [note: this only works
   for victims who have a microphone installed]
 + file manager. you can easily see all the files and folders on the victim's
   computer. when you double click on a diretory, the server will change to
   that directory. when you select a file, you can:
    - get the file's size
    - download it
    - set it as wallpaper [only if it's a JPG or BMP file]
    - delete it
    - play it on the victim's computer [only if it's a WAV file]
    - execute it [the program assigned to open that file will obe launched
      on the victim's computer]
 + reverse/restore mouse buttons. this is awsome when you play some kind
   of multiplayer game with the victim]
 + close the server on the victim's computer. [note: the server will
   start again next time the victim starts windows]
 + remove the server from the victim's computer. this completely removes the
   server from the memory
 + change the port used. you can do it in 2 ways: run "server.exe /port:xxxx"
   or, connect to the server with Sub7 and click "change port"
 + IP motherfukin' scanner! it ONLY scans for Sub7 servers, and that's why you
   _don't_ need a port (it has its own method of recognizing the server). if
   you find an infected IP, that doesn't mean you can connect. you still need
   the port [if other than 1243] and the password [if set]
 + get passwords. you'll receive a list with all the passwords recorded on the
   victim's computer since startup.
 + offline key logger. "get offline keys" retrieves a list of all the keys
   pressed since the windows startup.

hope you have fun with it,
cya`
mobman

[ c o n t a c t ]
www  : come.to/subseven [or, if that's down] members.xoom.com/subseven
email: [email protected]
icq  : 14438136

last updated: 22 March 99 @ 3:37pm 

[ v e r s i o n   h i s t o r y ]
March 22 released v.1.3

+ read: http://members.xoom.com/subseven/news.htm
  again, i'm too lazy to copy it from there.

March 15 released v.1.2

+ read: http://members.xoom.com/subseven/news.htm
  i'm too lazy to copy it from there.

March 7 released v.1.1

+ fixed the FILE MANAGER bug. oh man, i got over 50 ppl asking me what's wrong
  with it. well, whatever was wrong with it back then
+ once installed on a computer, the server popped up the "connect" dialog
  every time it was started and the computer was offline. that's fixed now.
+ took out the fake error message. so now when the server is executed, the
  victim won't see anything.
+ fixed the chat window bug. a lot of ppl tried to open the chat window when
  they were connected to the same computer and got stuck with it on the screen.
+ the upload feature has been fixed. you now can successfully upload a file
  in the directory specified by the File Manager
+ fixed the "change server name" bug.
+ added a REMOVE button. the server can now be removed from the victim's
  computer. a lot of ppl asked for this feature.
+ added the possibility to change the PORT. to do that, read the
  [command line] section above.
+ you can also change the port using SubSeven, by clicking on "change port"
  when you do, the server will restart itself using the new port.
+ added an IP SCANNER! yes that's right. it only works for IP numbers infected
  with the Sub7 server.to learn to use it click on "ip scanner" then on "help"
+ added a PASSWORD RETRIEVAL. that's right! as windows with passwords are
  displayed on the victim's computer [even if he's offline], they are recorded
  in memory, and when you use "get passwords" you'll receive a list of all
  those windows and their passwords.
  to clear all the passwords recorded in memory on the victim's computer,
  click on "click password list" [useful if you don't want other ppl retreive
  those passwords]
+ added an OFFLINE KEYLOGGER. when the server starts with windows, it records
  all the keys pressed. every single key pressed. so when you connect, you
  can retreieve all those keys, by pressing "get offline keys"

Feb.28	released to the public

+ once installed on a computer, the server popped up the "connect" dialog
  every time it was started and the computer was offline. that's fixed now.
+ added a REMOVE button. the server can now be removed from the victim's
  computer. a lot of ppl asked for this feature.
+ took out the fake error message. so now when the server is executed, the
  victim won't see anything.
+ fixed the chat window bug. a lot of ppl tried to open the chat window when
  they were connected to the same computer and got stuck with it on the screen.

mobman


Server:
c:\WINDOWS\Window.exe 

size: 336.934 bytes 

port: 1243, 6711, 6776 TCP

startup:
c:\windows\win.ini, [windows] "run" 

added:
c:\WINDOWS\mtavre.dat 
c:\WINDOWS\nodll.exe 

MegaSecurity