Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Hacking Techniques :: s7srvfaq.txt

SubSeven Server FAQ BKI:





                                 f.a.q.

                 displaying: Server-related questions.

Q: What is the 'unpacked server' for? how can I pack it?

Q: How Can I bypass antivirus? they detect my sub7 server virtually as
soon as its released?

Q: How can I change the ICON of the sub7 server?

Q: ICQ notify does'nt work for me? or has ICQ blocked Sub7 pagers?

Q: I'm trying to remotely execute/upload the server to a victim through
a mini trojan but execution seems to fail everytime?

Q: Tell me something about "Server naming/renaming"?

Q: Why does it take long to connect to SOME Sub7 victims?

Q: What is the 'unpacked server' for? how can I pack it?
A: Since a lot of AV's pick up the sub7 server within 2-3 days of
release, so unpacked versions of the servers are released. Pack the
unpacked server with an exe packer like Aspack, UPX, Neolite etc and
have your OWN custom version.So, here's how to do it: first of all, let
me explain something. all the settings in EditServer are appended at the
end of server.exe. when ran, the server will look for it. if it can't
find it, then it _won't_ work. so you can't just pack the server with an
exe-packer, you're gonna have to add that info at the end. here's how to
do it step-by-step:

1 First, find an exe-packer on the net. there are a _lot_ of them out
there. check out:

http://protools.cjb.net for a HUGE collection of packers

2 Use the exe-packer on the server.

3.Then open up EditServer with the command: "EditServer.exe /noread".
set all the options [as uaual] in there, and at the end click "update
server with the new settings". after that, you can use the server as the
original.

NOTE: If you wanna be able to change the icon of the server, then don't
pack the _resources_. All exe-packers should have an option to compress
or not the resources. ofcourse, that'll result in a bigger server. it's
up to you. well, that's it. if you have no idea what i'm talking about
here, then don't try anything with it. use the original server. don't
e-mail US about it, we WONT help you. use an exe packer that is _less_
known. the less known it is, the less people will use it to pack the
server. which means more time for the AVs to catch it.

Q: How Can I bypass antivirus? they detect my sub7 server virtually as
soon as its released?
A: Use the "Unpacked Server", for instructions check out the previous post!

Q: How can I change the ICON of the sub7 server?
A: You can use the builtin "Icon Changer" in the Sub7 Editserver. u can
select icons from the builtin ones or load icons from exe/dll and .ico
files. If you bind the server with any other file using an external
binder than u will need a tool like "Microangelo" to change the icon of
the server.

Q: ICQ notify does'nt work for me? or has ICQ blocked Sub7 pagers?
A: There is NO problem with ICQ Paging system. ICQ DID block 2.1 and
before pagers by filtering the line "Victim is Online". But that was
fixed in latter versions by putting a configurable "subject flield" and
in Sub7 2.2 you can customize the whole pager message

Im putting a pager notify below so that u guyz can c for urself that
pagers do come....if u dont get pagers then dont blame Sub7 :P and dont
mail us! some people got thier icq pagers back by ICQ 2k....but for me
they work with ALL versions of ICQ.

Sender IP: 148.246.80.227 Subject: happs_foreign
{port=65500}-{ip=148.246.41.84}-{victim=happs_foreign}-{info=UserName:0}-{version=M.U.I.E._2.1}-{password=yes_(takh)}

Sender IP: 64.229.99.161 Subject: MassInfect
port=63533}-{ip=-169.254.131.143-64.229.99.161-}-{victim=MassInfect}-{info=UserName:alibhoy}-{version=GOLD_2.1}-{password=yes_(takh)}

NOTE: As yo u can see in these pagers that I've pasted both the pagers
contain MORE than one IP. Mostly the "IP= whatever" field has the
correct IP of the victim. the "Senders IP" could be the victim's proxy
server, If he is on a LAN then it will be the IP of the "Gateway". Ok,
now what If the IP field has 2 IPS like in second pager. i.e
169.254.131.143-64.229.99.161 as you can see the second IP here is same
to "senderz ip" so the correct IP of the victim is 169.254.131.143

NOTE: Victim DOES NOT need ICQ for the ICQ notify to work. Thats exactly
what the purpose of "ICQ Pager" is , enables users that DONT have ICQ to
contact the ones that do.

Q: I'm trying to remotely execute/upload the server to a victim through
a mini trojan but execution seems to fail everytime?
A: If the victim in already infected with sub7 , then even tough the
server would *execute* it wont be opened on the victim. If u were
uploaded the Sub7 for e.g with the filename picture1.scr and the
transfer didnt complete or it got complete but the file didnt
execute..then when u re-upload it to him CHANGE the server filename or
else the server wont execute cuz that file will be running in memory
already.

Q: Tell me something about "Server naming/renaming"?
A: Make sure u rename the server from server.exe to whatever u desire.
Obviously if ure sending it as a Picture.exe is'nt gonna help much. you
are much better off using Picture.jpg.exe [ :P its better than just .exe
anyway] . For detailes check out the text file I wrote regarding file
formats . Its included with the Sub7 package [FileFormats.txt]

Q: Why does it take long to connect to SOME Sub7 victims?
A: Victim or you having a slow connection ...whatelse? :P or the victim
has a lot of shit running like 3-4 trojan servers. 2 are more than enuf
for one box. Sub7 and some mini trojan (as backup) in case the Sub7
server gets closed.



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH