1) Download Cerberus 1.03.4 Beta.
Also, for those who aren't aware of this, if you right-click on a slave's thumbnail in the online server list and click 'Capture Desktop', you can click in that screen and register mouse clicks on their computer. I'm ashamed to admit this, but I only just realized that. :O
2) Browse to the Cerberus folder, and run Cerberus.exe as shown.
3) The client window will be displayed. This is the main window which would be displaying a list of connections and their info, had you actually any victims online. Of course at the moment, it is empty. But when you do have victims, you would right-click on their name/icon to bring up a pop-up menu which would provide you with the option to do all sorts of fun stuff.
4) Click on the Options button at the lower left corner of the window. This brings up Program Options. You can choose to leave the password as it is, or make a new one.
You have the option to enter 3 ports to listen to. If you don't know how to port forward ports, go search for a tutorial on port forwarding. Once you have your desired ports properly forwarded, enter them (a maximum of 3) into these fields. As you can see, I left the first field default (5150) and then set the second to my preferred port (8245). No, this number doesn't have a whole lot of meaning. Just make sure it is forwarded. Now click Save, and click on Options again. If you just advance to the next radio button, your changes might not be saved.
5) Skip down to the last radio button. (NOTE: If you have the No-IP DUC running, you can skip this step.)
In the username box, enter the email address you used to sign up at http://www.no-ip.com. If you don't have an IP registered there, go search for a tutorial on making a no-ip address then come back here once you have your account.
In the password box, enter the password you used at http://www.no-ip.com.
Click Update, Save, then Exit.
6) Click the New button at the lower left, near the Options button.
This is where you start the creation of your server that you want your victims to click on.
Click the Basic Options button.
Where I have entered kaidz account.no-ip.biz, you would replace with your own no-ip address that you registered that http://www.no-ip.com.
Click the + button to add it to the Address Book. This is the address your server will try to connect to (destination: YOU). The password must be the same used in Step (E). Connection port must be a properly forwarded port, and one of the possible 3 ports that your Cerberus client will be listening to.
7) Click the Server Installation radio button.
Set your options as I have. They don't need to be exact, except for the fact that Install Server must be checked.
The directory installation isn't very important, nor are the exact names you choose, but I would suggest you choose any directory besides Temporary Directory.
8) Select the Boot Methods radio button. This is where you will configure how your server is started whenever their PC is restarted.
Set your options as mine (you can change 'WindowsUpdate' to what ever you want) and click the + button after Active Setup a few times.
9) This is where you bind a file of your choice to be run whenever your server is clicked on. If you aren't interested in binding a file to your server, skip this step.
Click the...button after file to select a file to be bound inside your server.
In most circumstances, if the file is something the user actually wants, you would set Execution to Shell Execute (Normal). However, if you don't want any signs of this second added file being visible to the slave, set it to Shell Execute (Hidden). Setting the Destination to anything other than Temporary Directory is preferable. Make sure that a check-box is checked besides each file you want included in the server.
10) Here are some miscellaneous options. I would recommend checking Keylogger Active, so it is easier for you to steal passwords as your slave logs-in to websites.
Check Inject into Default Browser or select Process if you want your server to attempt to hide itself inside a running instance of the user-defined process ( I typed explorer, but if I wanted to inject into the Windows Explorer process I'm pretty sure that I should have typed Explorer.exe instead), and if it fails, it then injects itself into the slave's default browser. Among other things, this aids in preventing your server from being removed by an Anti-Virus program. Nothing is certain though, of course.
The Mutex is any value which uniquely identifies this certain build of your server. If another server with the same Mutex attempts to start, it will cancel because the same server will already be running. You can set the Mutex to whatever you like, or leave it alone.
11) Under the Create Server page ( you can ignore Display Message, Blacklist, and Overview as they aren't really relevant to this tutorial ), pick a name for your server (which of course you can rename whenever), and select its icon. If the icon you want isn't in the Cerberus\Icons directory, then it won't be available for selection from the Icons List. To select a different icon, click on the icon image itself to load another. Of course, Use icon must be checked.
Compact Server with UPX indicates that you want your server to be compressed (in other words, reduced in file size) by the UPX freeware executable compressor. Optional.
Under the File Extension drop down menu, you must select either Application (*.exe) or Screen Saver (*.scr) if you want your selected icon to be displayed.
When you are done, click Create Server.
The following window will pop-up:
A description of what this means is beyond the scope of this tutorial (actually, I'm just too lazy to explain it) so you can go ahead and click No.
Another dialog will inform you that your server was created, and where it is located (usually in the Cerberus folder). You now have your server!
Now, it is time to test it. One way of doing this is to run it on a spare computer that has access to the internet; in my case, I was was away from home so I didn't have this luxury. I just run the server myself, and if all goes as expected, my Cerberus will play this beast growling sound, and show a little balloon over it's taskbar icon, indicating that you have obtained a connection to a new slave!
12) You are done. Well, not quite. You need to spread your server in a way that will get potential victims into running it, but that is an entire class of its own in art of computer hacking. There are whole tutorials on that subject.
Once you are done making your server, make sure that you minimize the main Cerberus window so that it is reduced to an icon on the taskbar. This way you can always be listening for connections when a slave runs your server, and you will be notified every so often of the number of currently connected servers in the following manner:
That is it ! Hope you enjoyed and understood tutorial.
0 comments:
Post a Comment