I Feel Lucky I Feel Very Lucky

Wisdom (aa)

Copyright © MegaSecurity

By ?

Informations
Author ?
Family Wisdom
Category Remote Access
Version Wisdom (aa)
Language C++, source included
Additional Information 
dropped file:
c:\WINDOWS\SYSCFG16.EXE
size: 37,376 bytes 

port: 559 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows System Configuration"
data: C:\WINDOWS\SYSCFG16.EXE 



tested on Windows XP
February 23, 2007

Author Information / Description 
commands:
  "*" beside a command means it isnt working correctly
  *NOTE* MAKE SURE YOU PUT IN CORRECT PARAMATERS, AS THE BOT MAY CRASH IF YOU DONT
  1)  ! version - request version of bot
  2)  ! moo - exit bot
  3)  ! spoof get - get current spoof address
  4)  ! spoof off - disable spoofing from ip, only spoof from current subnet (default)
  5)  ! spoof <ip> - set spoofing to an ip address (this can be used for example with ping, to create a smurf attack, or a syn flood to create a drdos attack)
  6)  ! icmp <ip> <time> - sends random icmp codes to an ip address for an allotted time (512 byte packets + spoofing)
  7)  ! ack <ip> <port> <time> - attacks an ip with ack packets (spoofing, VERY fast sending)
  8)  ! syn <ip> <port> <time> - attacks an ip with syn packets (spoofing, TURBO fast sending)
  9)  ! random <ip> <port> <time> - alternates between syn/ack packets (spoofing, REALLY fast sending)
  10) ! enable <password> - attempts to enable commands on the bot, the password is what you set with the disable command
  11) ! disable <password> - if bot is enabled, disables it, and sets the enable password
  12) ! udp <ip> <port> <time> - sends udp packets (spoofed) to an ip, if port = 0 then it uses random desination ports
  13) ! dns <ip/host> - resolve a host/ip
  14) ! exec <file> [command line] - opens a file (no spaces)
  15) ! uptime - get the system uptime
  16) ! keyspy enable <number between 0 to 15> - enable real time irc based keylogger, the number is used as the colour for the messages (easier to read with many bots)
  17) ! keyspy disable - disable real time irc keylogger
  18) ! delete <file> - delete a file off victims hard disk
  19) ! send <nick> <file> <send as> - sends a file to someone
  20) ! active - returns the active window (usefull if your looking for an interesting screen capture)
  21) ! capture screen <save as> - takes a screen shot
  22) ! capture drivers - list video for windows device(s)
  23) ! capture frame <save as> <index> <width> <height> - captures a frame (bitmap) from a video for windows device
  24) ! capture video <save as> <index> <time> <width> <height> - captures a video (avi) from a video for windows device
  25) ! pscan <subnet> <port> <type> [delay] - scan a subnet for open ports.. if type is 1 then subnet is X, if type is 2 then subnet is X.X, etc..
  26) ! sysinfo - gives you some info about the system
  27) ! raw <command> - sends a raw command to the server
  28) ! dload <http url> <file> [execute] - downloads a file, execute is a boolean of wether to execute
  29) ! clone load <server> <port> - loads 1 clone onto a server 
  30) ! clone kill - disconnects all clones
  31) ! clone raw <command> - sends a raw command to the server
  + you can dcc files to the bot
  + dcc chat console with basic file/process manager
  + socks4 server running on port 559
  + basic plugin system

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.