2020. 2. 23. 01:21ㆍ카테고리 없음
Introduction The Beast 2.07 has been released on August 03, 2004. Beast is a powerful Remote Administrati on Tool (AKA trojan) built with Delphi. One of the distinct features of the Beast is that is an all-in-one trojan (client, server, server editor, plugins are stored in the same application). Besides, a binder is implemented in the Beast main application. Beast 2.07 is a complete trojan, being available 2 types of connection: reverse and d irect.
The default settings are with direct connection. The older Beasts (2.02 etc.) were using direct connection, i.e. The server opens a port and waits for connections from the client. The reverse connection (feature available since 2.05 version) means that the client is waiting for connections, using S.I.N. (Static IP Notification), from the on-line servers.
That method has many advantages, the main being that Beast can be used with servers behind routers or in LANs.The server can be extracted from the Beast and its size is only 30 KB (compressed) if aren't used the injecting technologies. If you choose a server which will be injected in Explorer.exe, Internet Explorer or another application, its size will be 49 KB (compressed), even so being small enough. Considering the multitude of tasks which can be performed by the server, the size is excellent.
Beast 2.07 has a built-in plugin system, being available 4 plugins for the most size consuming tasks like the Screen Manager and Passwords (Protected Storage, ICQ/Trillian, DialUp). As you might know from the previous versions, an important feature of the server is that is u sing the injecting technology. At the first run the server is injecting in the memory of Explorer.exe (on 9x systems in systray.exe). Afterwards, from Explorer.exe are performing injections in the other hosts (in the case the server isn't built for Explorer.exe injection), according with the options you chose when building the server. The main benefits of this type of running is that from Explorer.exe are monitoring the other injected applications and, by example, if the Internet Explorer is closed, from Explorer.exe will be started again and injected with the dll. If the server is injected in Explorer.exe it won't be visible on any Task Manager, so that could be a good option.
When the server is injected in Internet Explorer, the server will be visible in Task Manager, but in this way the firewalls could be more easily by-passed. And is not a b ig deal if it is visible in TaskMgr because in the case when the IE process is closed will be automatically run again;) The server stability is almost 100%, the server can't be crashed by closing the client during a file transfer or other operations). Usually the se rver (dll) is residing in the windows/system directory. With Beast 2.07 for the server aren't needed the administrator privileges on NT (2k, XP), the server can run on a restricted user (guest etc.) account, in this case being located under directory. Beast is pretty hard to remove especially when using injection. In this case, a certain way to get rid of Beast is booting in Safe Mode. I implemented in Beast an extra persistence feature, so whenever the injected (host) process is closed, from the Explorer.exe (Systray.ex e on Windows 98) the server will be injected again.
All the servers (loaders) are locked from Explorer.exe, so cannot be deleted. The registry settings are also overwritten at every few seconds. Frequently Asked Questions What's that? Well, is a remote administration tool and some people say it's a trojan;) With Beast you can control remote computers and also spy them. Sure it is, if is used on your p rivate network and you don't make any harm to other people! How to start? First you have to build a server (see Chapter 3 Server Settings), then you have to manage to run the server on a remote machine and afterwards you'll be able to control that machine.
How can I find the IP and password for connection? When you build the server you have to configure at least one notification method (ICQ, E-Mail, CGI for direct connection, SIN for reverse connection), so whenever the remote machine (where the beast server runs) is online you receive the required info for connection. In the case you use the reverse connection you have to configure the SIN, so the servers will connect to you. Why I cannot connect? Well, could be few reasons: the connection could be blocked by a firewall, the remote computer is in a LAN or behind a p roxy and you configured the server with direct connection, the remote computer is offline etc. Oh, I infected myself, what can I do?
The easiest way to uninstall the server is to connect to yourself (at address 127.0.0.1) and click the Kill Server button, but I show you also how to remove the server manually. You have to follow these steps for Windoze XP (NT): 1. Boot in Safe Mode 2. Go to msagent directory (usually C: windows msagent) and delete a file ms.com (. are random characters), which has 30 KB or 49 KB (according to the settings used). Go to (usually C: wi ndows system32) and delete a file ms.com, with a different name from previous, which has the same size as the previous file. Go to or (where you chose the dll to reside) and delete the dxdgns.dll file (or how you renamed it).
For Windoze 9x you have to change the with director y. Can you send me the source code? I'm a student and I don't have money, all I want is to learn how to code. Server Settings First of all you have to build the server from the Beast executable.
When you run the Beast, on the main window you'll notice a Build Server button. Just click that button and the server configuration window will appear. Let's discuss the settings one by one. Basic Settings On the Basic Settings group you can set the server name, port and password, the connection type, the directory where will reside a nd the injected application (IE, explorer.exe or custom application), in case you want to choose an injected server. The default settings mean that the server will be a normal application (isn't using injection) with reverse connection, will run in the windows directory under the name svchost.exe and will use the port 9999 for connections. In that case (i.e. Reverse connection) the server won't listen on any port and isn't needed a password for connection.
For the reverse connection is needed the SIN configuration, that being explained on the next paragraph. The default settings could be changed with your own. When you set the server name it is strongly recommended to not choose a n ame which is in use (i.e. Svchost.exe, services.exe, lsass.exe etc.) or could be a critical system process (logonui.exe etc.) and set the location for the trojan. By example, if the server name is svchost.exe, then its location must be in, because in is running a service named svchost.exe. If you chose the injection method you have few options: inject in explorer.exe (in this way being completely invisible on all Task Managers), Internet Explorer (in the case are wanted more chances on by-passing firewalls) or another application of your choice. In the second case, whether IE is running or not at first infection with Beast, the server will start a hidden IE process for injecting into.
Notifications On this group you can set the mode in which you prefer to be announced by the server when it's on-line. If you previously set the reverse connection, then must be used the SIN (Static IP Notification).
The default SIN tim eout is 15 seconds and it could be changed (if you have tens/hundreds of servers could be good to increase the timeout to 60 seconds, so won't occur too many connections in the same time). In the case you have the same IP assigned everytime you are on-line the things are simpler: all you have to do is to set that IP in the server settings and whenever the remote machine will be on-line the server will try to connect to the listening Beast client. In the case you have a dynamic IP, then you have to go to h ttp://www.no-ip.com or ine.nu and create (for free) a never-changing address like YourName@no-i p.com. After creating your no-ip address, you have to run on your machine the client provided by them. The no-ip client connects to the no-ip database every 10 minutes with your real ip address, so whenever someone connects to your domain will be redirected to your IP address. Well, isn't really hard to create a no-ip account and n ow you have to write the domain name on the IP (DNS) Address field.
Finally, please note: if you're behind a router you have to forward 9 ports, from 9999 (SIN port) to 10008 (SIN port + 9). That's all about reverse connection and I strongly suggest you to use that method for a ll types of computers (in LAN or not, behind proxy or not, with dialup etc.). In the case of direct connection, you have 3 notification options: ICQ, Emai l, CGI. When you receive the victim IP you'll also receive the server listening port and the password for connection (optional). The ICQ Notification is down from time to time so don't forget to test the notification before configuring it, to see if it's working. The E-Mail notification is working good, but doesn't function for Hotmail accounts. The E-Mail could be tested when building the server and the message could be customized.
When configuring the email notification, in the SMTP Addresses field must be written the appropriate information for your email address and for that you can use the Get SMTP button. For the CGI notification I used the Net-Devil scripts. First you need to open a website with CGI support (a free one could be hosted by www.netfirm s.com). In the CGI URL field must be written a path like irms.com/cgi-bin /log.cgi, the CGI Script Data field can be left as is and the CGI Password will be a password for accessing the log with Internet browsers (the address for log access is ms.com/cgi-bin/li st.cgi and you will be prompted to enter the password). Now click the Create CGI Files button and the files with your settings will be created in a folder in your current directory. Now those files must be uploaded (use FlashFXP, WSFTP etc.) to your cgi-bin directory.
After upload the files attributes (permissions) must be changed (CHMOD): for log.cgi and list.cgi must be 755, for log.txt must be 600. Well, a little work to do for setting up the CGI notification, but is in your benefit;) Ah, and don't forget to check the Enable option for the notification method you want. StartUp On the StartUp Settings group you can set the server startup mode. 3 options are available and it is recommended to check all of them. AV-FW Killing Kill AV-FW On Start option is unchecked by default. In the built-in visible list of the Beast are over 300 FW - AV executables and you can add specific applications (the kill list can have at most 500 entries).
The killing (closing) can occur at every startup and also on a timer interval (between 5 - 9999 seconds).The server terminates (stops) also the NT services, not only the normal applications. The built-in XP firewal l could also be stopped and disabled by checking the appropriate checkbox. Miscellaneous Melt Server On Install option is checked by default. When building the server (after the Save button is clicked), its name will be server.exe.
This name could be changed in whatever you want and if you doubleclick the server you'll notice that it'll disappear (will be melted). What's happened is that the server has copied itself in the / directory with the name you gave him and is running silently.
After building, the server could also be bound with another executable and for this you can use the included binder. If you uncheck the melting option the server is only.
Beast Backdoor 2.07 Download
As an file sharing search engine DownloadJoy finds beast 2.06 files matching your search criteria among the files that has been seen recently in uploading sites by our search spider. With our unique approach to crawling we index shared files withing hours after Upload.When you search for files (video, music, software, documents etc), you will always find high-quality beast 2.06 files recently uploaded on DownloadJoy or other most popular shared hosts.If search results are not what you looking for please give us feedback on where we can/or should improve. Our goal is to provide top notch user experience for our visitors.