Explained By: xXVirusAnonXx
I have written this guide to subseven for all you newbies at subseven or anyone who needs some help with it. If you have any further questions please Email me at ComputerDoc714@aol.com. I have sectioned off this guide in different sections so it is easier to find info.
I recommend that you read all of this, it is most accurate and some things have something to do with others, so pay attention.
SubSeven Outline Do I need Anything Before Downloading Subseven ? What Should I Download ? Where Can I download SubSeven ? What is Server.exe ? Can The Server Be Picked up by Virus Scanners ? What if my virus scanner picks up SubSeven ? What is a Backdoor or Trojan Horse ? What is EditServer.exe and what does it contain ? The SubSeven.exe
-DO I NEED ANYTHING BEFORE I DOWNLOAD SUB7?
I recommend that you download the program ICQ, if you dont know what ICQ is, it is like AIM, or MSN messanger, its just another Instant Message program with features that are usefull with subseven.
you can download the program at www.download.com . any version of ICQ should work. If you download ICQ you should be in great shape, ICQ is needed for Subseven.
-WHAT SHOULD I DOWNLOAD?
There are 2 things which you should download to get your Subseven Program. Look for these 2 things on the subseven web site.
SubSeven 2.1 defcon
SubSeven 2.1 defcon (patched, supports WinXP and Win2000)
Now I am going to explain what these 2 downloads are.
Subseven 2.1 defcon is the main subseven program, this contains the Editserver.exe , server.exe , some readme text files, and subseven.exe . The server.exe is the trojen made for windows 98-95
Subseven 2.1 defcon (patched) is just another server.exe which is an updated trojen. This trojen is for windows 2k ME and XP
You must download these 2 things, i recommend that you create a folder to unzip the files to, unzip each subseven to a different folder, create your original subseven folder which should contain the regular program and the original files, then create a folder inside of the folder, which should contain your other (Patched) server.
-WHERE CAN I DOWNLOAD SUB7?
The best place to download Subseven is at Official Sub7 page under the 'Downloads' section once you are at the site.
-WHAT IS SERVER.EXE?
The Server.exe is a Trojen horse virus. This subseven trojen is not harmful to the computers system, it just opens a port allowing any subseven hacker to gain access while the user has an open connection.
You may rename the Server.exe to make it look like something else to trick the victim. You dont open the Server.exe or you will be infected by the trojen unless you want to hack yourself. The Trojen can be removed from inside the subseven program, it is one of its features. Even if you or a victim were to delete the trojen, it wouldnt be enough, the trojen infects into they system regestry or into the win.ini file.
-CAN THE SERVER.EXE BE PICKED UP BY VIRUS SCANNERS?
Yes the server.exe can be picked up by the virus scanners, however, even if someone were to remove the trojen itself, it still is infected into the system regestry or the win.ini file still allowing you to gain access. The virus will only be picked up if the victim acutally tells the scanner to scan the computer.
-WHAT IF MY VIRUS SCANNER PICKS UP SUB7
Chances are, your virus scanner will pick up the subseven. Some virus scanners automatically clean infected files, if this is your feature on your virus scan, like Norton, you might want to change nortons settings so that it wont clean the virus. Just because your Scanner picks up the virus does not mean that you are infected, you just have it.
-WHAT IS A BACKDOOR OR TROJEN HORSE?
The subsevens Trojen horse or Backdoor is the server.exe . The typical trojen horse will open ports to the infected computer allowing access to unidentified or unauthorized users. The Subsevens does not Damage the infected computer, just opens a "door" to let you in.
-WHAT IS THE EDITSERVER.EXE
Editserver.exe is something that all subseven owners will need to use. Editserver.exe allows you to modify what the Server.exe (the backdoor) does, how it infects, and how you will be notified.
Lets take a closer look at Editserver, if you open up the editserver.exe you will see many options and methods that you can select to modify the trojen, or server.exe
SERVER: (Located in the top left)
This option tells you which server.exe or trojen is selected and what you are about to modify. to change it to select another, click the browse button and locate it there.
This option has several options to choose from such as:
regestry-run - which will infect the regestry
regestry-Runservices -which will also infect the regestry executing the virus everytime the infected computer starts.
Win.ini - Infects the win.ini file which will also execute the trojen on startup.
there are 2 more which are the pointless, and i have never used so...i dont know about those.
I would recommend checking the win.ini box, which should already be selected.
Leave the Key Name option alone.
This option will let you select how you will be notified once the victim is infected, online, or offline. It sends you The IP address of the infected computer along with the PORT # which is open.
Lets take a look:
This is what you want to remember your victim by so you wont forget who it is.
Enable ICQ notify to UIN:
This is perhaps one of the most crutial parts. I have already told you to download ICQ, which is where this comes in handy. Here you will check the box for that option, then input your ICQ # into the section.
When the victims computer is infected, it will send information to you ICQ "System Notiy" option and will blink letting you know that you have a "page" which will tell you the info about the victim.
Enable IRC notify:
I have never used this option, it is only for IRC BOTs, not really important, not really needed.
Enable E-mail notify:
This option will ask you for you email address so that it can notify you through email. I have never got this option to work, simply because most Internet Service Providers dont allow this.
You ICQ should do just fine.
(Now going over to the right side of the screen)
Read current Settings:
This button is to view your previous settings already set on the server.exe .
Change Server Icon:
Thats right! you can change the icon of the server.exe file. This option has many many many icons to choose from. This is a very good tool to trick your victim into downloading or thinking it is something else.
These are more options which you can choose such as
AUTOMATICALLY START SERVER ON PORT:
The Default number should be 27374, that port is totally fine to start on, the other option is to check the "Use Random Port" , either one of these would work. This is just the port that you will be connecting to.
This is something that a hacker would usually want to do, setting a password makes it so only you would know the password to gain access.
PROTECT SERVER PORT AND PASSWORD:
This option allows that your port cannot be inturrupted by something else, and that no one else can use your password.
ENABLE IRC BOT:
This is obviously a bot for people who have IRC, i have never used it and dont plan to. Its un-needed
This is what you want the servers infected file to be called, when the victim executes the virus, where ever it is infected, it will create a string there called....whatever you want, or it can make up something.
MELT SERVER AFTER INSTALLATION:
This option hides the server after the victim downloads and executes it, it is turned into a "Hidden File"
ENABLE FAKE ERROR MESSAGE:
This is a great feature, it means exactly what it says, you can create your own error messages so that the user gets some kind of response out of it.
BIND SERVER WITH EXE:
This is one of the last options, you can "Bind" your server to another exe file so that the victim does not know he/she is downloading the actual server. He/She would just see some other EXE file like a game or something.
this is the very last option in the editserver.exe , this option allows no one to edit the server or the password.
After all of this, you would just click the "Save new settings" and you should return to windows.
This is the main program, the program where you will do all of your work or (Hacking)
Lets take a look at some of the features:
This is where you will input the victims IP number.
This is where you will input the Open Port number.
NOTE* Your ICQ will notify you of these things
This has many features, we will take a closer look at these as well.
This lets you scan a range of IP numbers using the victims IP number.
GET PC INFO:
this allows you to see information about the victims computer.
GET HOME INFO:
This rarely works, but if successful, you will retrieve Information about where the victim lives etc.
This option allows you to edit the server again, such as the password, and port.
This option allows you to notify other people of the victims IP and Port number, the same as you are notified.
This option has some fun stuff to mess with people.
This feature has a key logger, which allows you to see what the victim is typing.
This option allows you to send Messages to the victims chat partner.
Im sure you can figure this one out!
This allows you to chat with the victim in a Instant message type of way, you can also talk to other hackers on the victims PC if any.
This option turns the victims computer black, then you can talk to the victim, spooky actually, they also can talk back to you, this often freaks people out. The only way that they can get out of it is if they shut the computer off.
This option is just like the "Enable fake error message" in edit server, this time you can send messages to the victim then and there, whatever you want it to say!
This option allows you to spy on them, to see the conversations of ICQ AIM MSN and YAHOO.
This is now getting into a more advanced mode.
This allows you to make the user go to a web page, which ever one you type in.
This option is just like a normal file search.
This allows you to see any passwords that the victim may have. Windows passwords, AOL passwords, whatever.
This brings up the victims Regestry.
Im going to stop here. If you have any questions please email me at ComputerDoc714@aol.com And make sure to lable it with "Sub7 Help"