Universal stealer tutorial
By: z3r0aCc3Ss
Introduction
Alright, this is a very basic tutorial on setting up and using a stealer successfully. I hope it will help many people who face difficulties while using a stealer. Many people define stealer as a password recovery software . It really IS, lmao.
Well, the main thing is what type of stealer you need. There are literally 50+ stealers (and maybe more) available for download. I will recommend iStealer 3.0 (for FTP), iStealer 5.0.1 (for PHP). I have used many stealers, but I like these two stealers personally. If you want, you can buy a private stealer. I will explain this later in the tutorial.
***Note***
When you download any stealer, your anti-virus may detect it as a virus and will probably kill it. So, disable it or uninstall it. I never use any anti-virus.
If you want a tutorial on using a specific stealer, you can search the forum.
I will explain in-general tutorial for using a stealer.
FAQ’s
1) What is a stealer:-
Stealer is a software/application designed to work (steal/recovery) on specific machines and on specific applications, like Internet browsers, messengers, etc… which provide the facility of storing the passwords in them.
2) How stealer works:-
You can ask this question to elite group of people, who actually build the stealer software. I am not a coder, so I don’t have much idea about the decryption techniques.
Working of a stealer actually depends upon the stealer configuration and OS configuration, like type of OS, 32-bit and 64-bit, installed applications, firewall configuration, and stealers own configuration.
3) Stealer steals what and how:-
Well, this is the one of the most important you will have to consider while using a stealer. There are many stealers which steal passwords from most popular browsers like Mozilla Firefox, IE7, IE8, etc…
When you open any site which requires the username and password to be entered to use its services, and when you enter correct login credentials, almost all the browsers like Firefox, Opera, etc… offer an option to remember the login information. Many people have the tendency to use this service, and they are lazy too . When you use remember passwords option, your login information gets stored in your browser in an encrypted format. When your victim runs your infected file, it decrypts all the stored information and uploads it to the path specified.
4) Flexibility of the stealer:-
Flexibility means the compatibility of the stealer and how flexible it is in stealing the passwords.
5) How to choose the stealer:-
This is the most important question everyone will think before using the stealer. You should consider following things before buying/using a stealer:-
Compatible browsers
Compatible operating system
Anti-methods/options
Self destructing/removal option (Melt)
Bind with another file option
Stealing options
Icon changing option
Stealth
Hardware ID lock (I do not recommend this option, I don’t like it )
FTP or PHP or SMTP uploading (I prefer PHP)
Encryption logs option
Messenger(s) recovery
CD Keys stealing option
Should be FUD (Not needed actually)
6) What are logs:-
Logs are nothing but the login information of your victim when (s)he runs your EXE.
7) What is FTP and PHP upload:-
This means when a stealer.exe runs on your victim’s PC, all the logs get uploaded to some file hosting site, depending upon your stealer. Some use FTP, whereas some use PHP uploading.
Setting up FTP account is quite easy (but sometimes risky) whereas setting up PHP account is a bit difficult if you are not aware of it, but I prefer this upload.
Use of crypter:-
This is optional. You will need to buy a private crypter in order to use the stealer successfully if your stealer is not FUD. Crypter will basically hide/crypt your EXE and will hide it from many AV’s and firewalls (?).
9) Advantage of stealer over RAT:-
You don’t require a port to be opened to use stealer. Also, using a RAT is more risky and easily traceable.
Some other FAQ’s:-
Some stealers use TCP connection, whereas some use UDP connection. Select such a stealer which uses TCP connection instead of UDP. You can use Google to find out differences between TCP and UDP connection.
This is a basic or n00b level tutorial I have written. As you know, I am a bit lazy, .
If anyone wants more help, feel free to post here.
Even more success of your stealer will depend upon your creativity and knowledge.
Basic universal stealer tutorial
- z3r0aCc3Ss
- Fame ! Where are the chicks?!
- Posts: 700
- Joined: 23 Jun 2009, 16:00
- 14
- Contact:
- bozotheclown138
- Fame ! Where are the chicks?!
- Posts: 172
- Joined: 07 Feb 2009, 17:00
- 15
- Contact:
- z3r0aCc3Ss
- Fame ! Where are the chicks?!
- Posts: 700
- Joined: 23 Jun 2009, 16:00
- 14
- Contact:
- bozotheclown138
- Fame ! Where are the chicks?!
- Posts: 172
- Joined: 07 Feb 2009, 17:00
- 15
- Contact:
Hey welcome, thanks for writing a tutorial basic or not.
I guess I am old school, so I call stuff like this "password recovery".
Someone asked how it works. You have simple cracking and complex cracking.
To reveal a saved password in AIM or the windows screen saver - thats based on simple cracking. Its simple because at a push of a button the software can decrypt the key with informatin known - like the propriety algoritum used for that software.
Complex cracking relies on dictionary, brute, or hash comparison and guess - these take more time and resource than simple cracking. An example is Cain and the LMhash.
Backdoored tools are to be expected when hosted on warez sites and suspicious forums - you are dealing with a frontier with little or no laws. And the trick of a 'universal cracker' is easy bait for suckers.
Some of these tools are legitimate network discovery and recovery tools - but repackaged with a cool, badass sounding name like Stealer 6.6.6. I would stay away from those cool names packages.
DNR
I guess I am old school, so I call stuff like this "password recovery".
Someone asked how it works. You have simple cracking and complex cracking.
To reveal a saved password in AIM or the windows screen saver - thats based on simple cracking. Its simple because at a push of a button the software can decrypt the key with informatin known - like the propriety algoritum used for that software.
Complex cracking relies on dictionary, brute, or hash comparison and guess - these take more time and resource than simple cracking. An example is Cain and the LMhash.
Backdoored tools are to be expected when hosted on warez sites and suspicious forums - you are dealing with a frontier with little or no laws. And the trick of a 'universal cracker' is easy bait for suckers.
Some of these tools are legitimate network discovery and recovery tools - but repackaged with a cool, badass sounding name like Stealer 6.6.6. I would stay away from those cool names packages.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
- bozotheclown138
- Fame ! Where are the chicks?!
- Posts: 172
- Joined: 07 Feb 2009, 17:00
- 15
- Contact:
I know you are joking, always the clown bozo
For the sake of the newbies let me explain.
The tools used by sysadmins, professional pen testers, network techs are the same tools used by hackers. The only difference is one tool has 'implications' of ill intent. To rewrite a packsniffer and lable it for "craxing and 0wnage" with a neato black GUI is not doing much for the image of the hacker.
Having Customs or any professional org to examine my laptop and find tools like IStealer 6.6.6 is not going to look as innocent as having wireshark, or SAMInside. I am even dropping netstumbler because the cops know about it now.
http://www.insidepro.com/eng/saminside.shtml
If you want to use the tools the pros use, try to use or make professional tools. Don't buy in to the slick advert campaign for shitty or copied software.
DNR
For the sake of the newbies let me explain.
The tools used by sysadmins, professional pen testers, network techs are the same tools used by hackers. The only difference is one tool has 'implications' of ill intent. To rewrite a packsniffer and lable it for "craxing and 0wnage" with a neato black GUI is not doing much for the image of the hacker.
Having Customs or any professional org to examine my laptop and find tools like IStealer 6.6.6 is not going to look as innocent as having wireshark, or SAMInside. I am even dropping netstumbler because the cops know about it now.
http://www.insidepro.com/eng/saminside.shtml
If you want to use the tools the pros use, try to use or make professional tools. Don't buy in to the slick advert campaign for shitty or copied software.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.