mE$$iAh 1.0 v2
Released 22 years, 3 months ago. August 2002
Copyright © MegaSecurity
By -=|R|S|C|=-
Informations
From | Hungary |
Author | -=|R|S|C|=- |
Family | Messiah |
Category | Remote Access |
Version | mE$$iAh 1.0 v2 |
Released Date | Aug 2002, 22 years, 3 months ago. |
Language | Delphi, source included |
Additional Information
Server:
port: 2000 TCP
Author Information / Description
The program has a lot of features, and very useful extras:
- you can control the remote machine via your mobile phone!!
How?!
It is very simply: you just send an email via sms from your handy to
a given POP3 emailaddress, and the server will interpeter it.
- you can control more than one machine with your handy...
- you can mailbomb anybody...
Sounds good, ehh? :)
History:
----------
It was accessable a friendonly beta version of this prg, but I got very
few feedback :( If you have any idea, write me them.
[+] Winzip icon for the server :)
[*] Crypted settings in the server
[*] New keylogging engine, so the server probably works on NT yet
[*] New communication protokoll between clients and server
so you can control the server with a pure telnet client too.
So it isn't neccesary for me to write a linux client, too :)
What's new in mE$$iAh v1.0? 2000.08.18.
[*] New readme file, I corrected some englisherrors...
[*] You could start the server twice... I fixed this bug.
[+] Many new commands are added: MD, RD, DIR, STARTKL, STOPKL
STARTFTP, STOPFTP, STARTBOMB, STOPBOMB, MSGSHOW, WALLP,
CACHEPWZ, SLEEP, SOUND, LISTPROCESS, KILLPROCESS,
DONTDELETE, INFECT
[-] The command PWZ isn't any more, its new name is: RASPWZ
[+] You can make own server file with the makeserver program,
called tHe_g0D.
[*] The client has new design (:-) and its new name is mADaNgEl.
Thanks for the logo to Nestan!
[*] I have changed the name of the MSG command to MSGDRAW.
[*] More optimalization on the code.
[+] The server uses three random filenames when it copies itself
to the WINDOWS\SYSTEM directory
[+] Formater has helped me a lot. He wrote the linux clients,
too... Big big thanx!
Files:
--------
madangel.exe - this is the clients... - size: 307.200
messiah.exe - this is the server... - size: 196.608
readme.txt - you are reading it now :) - size: XXXXXX
thegod.exe - this is the makeserver... - size: 142.336
The server features:
----------------------
[the examples are beetwen these signs]
Installing:
- stealth mode
- it starts itself automatic when Windows starts...
Note: for these two functions you must only start the server executable,
then you can delete the file, it's not needed more time!)
Configuring:
- you can protect the server with password, the default is SPY
[+PASWnewpassword]
- the default port for the server is 2000, and you can modify it, of course.
[+PORTnewportnumber]
- you can close the server
[+CLOSE]
- you can close the server, and remove from the machine
[+REMOVE]
- you must set the host of the POP3 server, through you control the machine
[+POPHSTexamplehost]
- you mut set the username to the POP3 server
[+POPUSRexampleusername]
- you must set the password for the username
[+POPPWDexamplepassword]
- you can set the host of the SMTP server
[+SMTPHSTexamplehost]
- you can set the username to the SMTP server
[+SMTPUSRexampleuser]
- you can set the emailaddress to send the answer emails to
[+SMTPS2exampleemailaddress]
- you can set the timer to checking the online status. Default is 60000
(=1 minute)
[+TIMERexamplemillisecondsnumber]
Note: you must set up the three POP settings, then you can control the server,
and upload file via email. If you set up the SMTP suxxz, then you will get
email notification for the victims online status. The server checks the online
status periodically, see the TIMER value for more.
You can not control the server via your mobile, while you don't set up
the POP3 correctly.
File management:
- you can execute any file on the machine of the server
[+EXECfiletoexecute parameter]
- you can delete any file from the server
[+DELfiletodelete]
- you can copy file on the server
[+COPYfiletocopy directory]
- you can move file on the server
[+MOVEfiletomove newname]
- you can download file from the server via email
[+GFILEexamplefiletodownload]
- you can make a directory on the server
[+MDdirectoryname]
- you can remove a directory on the server (like deltree!!)
[+RDdirectoryname]
- you can list the filenames in a directory (the default is *.*)
[+DIRc:\*.*]
- you can send the server to an email address with the
name clinton.jpg.exe :)
[
[email protected]
]
Note: you can transfer files per email, too. To upload file, you must set
the POP3 settings, to download file, the SMTPz.
There is already a new thing to use for filetransfer: the ftp server.
Miscellaneous:
- you can open the CD tray
[+CDOPEN]
- you can close it, too :)
[+CDCLS]
- you can turn monitor off
[+MONOFF]
- and on, too
[+MONON]
- you can close the actual window
[+CAW]
- you can send message to the remote machine
[+MSGSHOWThis is an example message]
- you can draw a message to the remote machine's display
[+MSGDRAWThis is an example message]
- you can change the wallpaper
[+WALLPc:\logo.sys]
- you can play sound
[+SOUNDc:\windows\media\The Microsoft Sound.wav]
Machine:
- you can suspend the system
[+SUSP]
- you can restart the machine
[+REBOOT]
- you can shut down the machine
[+POWER]
- you can lock up the remote system
[+LOCKUP]
- you can start keylogging (it will store the log
in C:\WINDOWS\SYSTEM\WINA386.DLL)
[+STARTKL]
- you can stop the keylogging
[+STOPKL]
- you can start FTP server
[+STARTFTP]
- you can stop FTP server
[+STOPFTP]
- you can send mailbomb to anybody (if you don't use parameter,
the server will send the mails to the previos victim)
[+STARTBOMBemailaddress]
- you can stop it
[+STOPBOMB]
- you can pause the server processing the commands for half minute
Eg. you send an email with this subject:
[+CDOPEN+SLEEP+MSGSHOWyou fuck+SLEEP+OPENCD]
Note: power off does not work properly on NT, I think.
There is Lockup code for NT.
Informations:
- you can get the RAS passwords
[+RASPWZ]
- you can get the cached passwords
[+CACHEPWZ]
- you can get the current username
[+CUSER]
- you can get the directory of windows
[+WDIR]
- you can get the active processes
[+LISTPROCESS]
- you can kill process
[+KILLPROCESSprocessletter]
Final Note: to control the server via you mobile phone, you need to
send an sms-email to the emailaddress POPUSR@POPHST. The commands
have to be in the subject.
you can use more than one command in once, eg:
+CDOPEN+MSGYou fuck!+LOCKUP
If you would like control more than one computer via email, then
set the POP things same on all computers, then you can send command
like this:
[+DONTDELETE+MSGSGOWhello]
All computers will process this command, until you send an another
without the command +DONTDELETE, like this:
[+MSGSGOWstop!]
Uninstall
-----------
The simplest way is sending a command to the server: +REMOVE
Or you can remove the server manually:
delete the registry entry JYService from the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
Then you must delete the file: C:\WINDOWS\SYSTEM\J4YSRV.EXE
or C:\WINDOWS\SYSTEM\WINAPI.EXE or C:\WINDOWS\SYSTEM\MAPISRV.EXE
The configuration of the server are in the registry, too:
HKEY_LOCAL_MACHINE\Software\Spy
-=|R|S|C|=-
If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.