• 26,769
  • +1,026
  • 3,010
Remote Administration Tool Zeus BotNet (RAT)

Remote Administration Tool Zeus BotNet (RAT)

Bookmark

After many people asking tutorial about Remote Administration Tool (RAT), today we will learn how to set up Remote Administration Tool Zeus BotNet (RAT). We choose Zeus because Zeus was one of the famous trojan horse in history that infected many servers around 2007-2010.

If you don't know about Zeus, here is some definition from Wikipedia:

Zeus is a Trojan horse that steals banking information by Man-in-the-browser keystroke logging and Form Grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009, security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and BusinessWeek.

In late 2010, a number of Internet security vendors including McAfee and Internet Identity claimed that the creator of Zeus had said that he was retiring and had given the source code and rights to sell Zeus to his biggest competitor, the creator of the SpyEye trojan. However, those same experts warned the retirement was a ruse and expect the cracker to return with new tricks. As of 13 May 2011, the source code and compiled binaries are found to be hosted on GitHub.

 

Requirements:

1. Remote Administration Tool(RAT) Zeus BotNet (Download)

2. Web Server + Database Server (in this example we use XAMPP)

Remote Administration Tool(RAT) Zeus BotNet:

1. Firstly, we need to install the web server and database server. Since we're using XAMPP for this tutorial, you can refer to previous step by step How to Install XAMPP in 7 Simple Steps to install XAMPP on Windows machine and make sure your XAMPP apache and MySQL service was started and running.

2. Open the internet browser and type http://localhost/phpmyadmin. Input the username and password, by default the username is root and password leave it empty. After that create a new database, I named it bot, but you can change it into whatever you want. This database name will be used for the installation of remote administration tool.

Remote Administration Tool Zeus BotNet (RAT)

3. The next step we need to download the remote administration tool file and extract it, you will find 3 main folder builder, other, and server[php]. Create a new folder inside C:\xampp\htdocs. I give the folder name as bot, then copy the server[php] contents into C:\xampp\htdocs\bot.

Remote Administration Tool Zeus BotNet (RAT)

4. Now back again into our web browser and type http://localhost/bot/install into the address bar. Input all required field with the correct information.

Remote Administration Tool Zeus BotNet (RAT)

Information:

– The host address for MySQL filled with your database server IP address. If you run XAMPP it should be your IP address.

Remote Administration Tool Zeus BotNet (RAT)

– Database is filled with information about our database name that already created in step 2.

– Encryption key you can filed with any characters with length from 1 – 255

click Install to start installing.

Notes: If you get this error

ERROR:Failed connect to MySQL server: Host 'myusername' is not allowed to connect to this MySQL server

You need to do the following step by step

a. Open your PHPMyAdmin http://localhost/phpmyadmin and click the Privileges tab. Click edit button to edit the root user privileges.

Remote Administration Tool Zeus BotNet (RAT)

b. In the edit user page, scroll down and find the login information section. Change the Host from localhost to Any host and press Go button.

Remote Administration Tool Zeus BotNet (RAT)

5. This is the information preview if zeus remote administration tool web server was successfully installed.

Remote Administration Tool Zeus BotNet (RAT)

6. The next step is configuring and create the zeus bot client. Open the builder folder and open config.txt configuration file. Change the url_config, url_loader and url_server configuration according to your setting, you can see my setting in the picture below.

Remote Administration Tool Zeus BotNet (RAT)

Note: don't forget to edit the path of webinjects.txt.

7. Now for the next step, open the zsb.exe file. In the picture below I've already create the step by step to build the bot executable. Just follow the step.

Remote Administration Tool Zeus BotNet (RAT)

8. After all the build bot config and bot executable on step 7, now we have the new file config.bin and bot.exe. Copy those two file into the htdocs folder. Mine was inside C:\xampp\htdocs\bot.

Remote Administration Tool Zeus BotNet (RAT)

9. Now let's says we will send the generated bot.exe to the victim. After victim execute the file we can check our attacker server. Open the browser and type http://localhost/bot/cp.php and insert your username and password.

Remote Administration Tool Zeus BotNet (RAT)

10. We can see the new infected victim in the web interface and even view the desktop screenshot of the victim.

Remote Administration Tool Zeus BotNet (RAT)

Here is the video tutorial in case you don't get the explanation above. Sorry if the video was cutted in the end, I accidentally stopped the recording, but anyway it's still working 🙂

Conclusion:

1. When victim already infected, attacker can gather many information from the victim including all internet activities and even gather all the website username and password since this tool can act as a keylogger and capturing the log in information.

2. To prevent the attack of this trojan, always update your operating system and anti virus and do not click any link that looks suspicious in your mail or chat messenger.

Hope you found it useful 🙂

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • Rohan

    Awesome Tutorial

  • hadad

    sir can you explain me how to edit the path of webinjects.txt.

    • v4L

      #hadad

      just open the folder in your window explorer and copy and paste the path.

  • Farhad Mehdi

    Hi, Sir i am very big fan of you,i learned all of my little hacking tricks from you, my question is that we cannot send .exe files in facebook by message, is there any way so that i can send it in a message? please help me out..
    Thanks

    • v4L

      #Farhad Mehdi

      No other way. Upload it and send the link.

      • Farhad Mehdi

        you mean i should uploadit to 4hared or anyother website?

  • sir some files are not going to be copied in “www” directory am getting error you don’t have permission to copy even there are permission to copy anything in folder .. whats da matter even i am not able to zip it am getting the same error kindly guide me how can i upload it on host or local server some files are not going to copy there is permission error i am using windows 7

    • v4L

      #sheeks

      it’s because the win 7 UAC, turn it off on control panel

  • kay

    i need the setup of the zeus this is my email: kallysky@yahoo.com

  • Nguyễn Nhân

    hi, sir i’m setup zeus botnet sucessfull, but when test file bot.exe , i check out attack server, in browser localhost/bot/cp.php, i not see OS of victim, or any infomation victim. please help me.

    • v4L

      hmm….maybe you can try to change the localhost to http://YOUR_IP_ADDRESS

      • amith

        I m having the same problem..i created the bot..but unable to detect the victim in cp.php..

        • dani

          me to

      • sara

        it doesn’t work
        it doesn’t work.. what can i do??:(( tell me plzz

      • fred

        Hello sir please i need your help .i need to have a good link to get zeus download please email if you have the link fredmiller1120@yahoo.com

  • George

    Im Getting This Error

    ERROR: Failed to open file of HTTP injects.

    When Trying To Create Config.bin

    • v4L

      Note: don’t forget to edit the path of webinjects.txt.
      you can re-check again the file path.

      • falex

        Please i keep getting this “ERROR: Failed to open file of HTTP injects.” when i try to build bot config , i am using on virtual box and path is correct even copied from properties to be sure , i see i am not the only one with this , kindly help. And thanks for the tutorial too.

      • Ali Mohammad

        how does one edit the webinject, seeing that the codes in there are complicated. you didn’t illustrate it. please reply…thanx in advance.

        • apache

          Please i can i get the new file to download…i need latest one

      • apache

        Please i need new file to download…i need latest one

  • BigManGame

    Im also getting this error ERROR: Failed to open file of HTTP injects. when trying to create config.bin please can somebody helle..

    • v4L

      Note: don’t forget to edit the path of webinjects.txt.
      you can re-check again the file path.

      • einestein

        Iam also faced this problem and i re-chek the file path and it’s correct .. pleas help us to find the problem ,

    • Hammereditor

      Place “webinjects.txt” in the “C:” folder. After that, edit the file_webinjectsline so it looks like this:
      file_webinjects “C:/webinjects.txt”

  • noor

    looks like good tut,

    I’ll give it a try on my vbox system

  • Don

    your http://localhost/phpmyadmin have been deleted please how and where can i get it officially? please reply

    • v4L

      #Don
      see above

  • puppet

    what do information we can get once the victim execute bot.exe?
    and what is the function of the web server(xampp) that we use?

    • v4L

      #puppet
      http://en.wikipedia.org/wiki/Zeus_(Trojan_horse)

  • kokid

    What’s stopping you from infecting our machines? How do i make sure the download files provided are not infected.

    • v4L

      #kokid
      do check the source code by yourselves if you feel not safe enough 🙂

      • Revolver

        Pls tell me if this is safe

        • v4L

          @disqus_MhU0jQd8Kt:disqus
          your question in ambiguous, if you ask “safe from me?” yes of course.
          if your AV detect trojan, read again the tutorial above, that zeus is a TROJAN HORSE
          if you worried, check the code by yourselves
          if you can’t check by yourselves, then find another tutorial in this website that not make you worried 🙂

  • Advance Slim

    hello admin… do we need to crypter the bot?? what is the good crypter for this bot?? do we need to port forward our router to connect the bot with server??? thanx for advance

    • v4L

      @advanceslim:disqus
      I can’t give any idea, but my suggestion is if you have your own crypter must be much better .

      • Revolver

        Is it possible to do this on a mac?

        • v4L

          Revolver
          It’s only affect Windows PC: http://en.wikipedia.org/wiki/Zeus_(Trojan_horse

          • Revolver

            No can i make a botnet with a mac computer?

  • snifer999

    download file is infected …lo … never trust a hacker ..

  • Faizan

    The Host on phpmyadmin states linux instead of the number address.

  • Faizan

    In other words instead of coming up with 127.0.0.1 in the Host column in “privileges” it comes up with “linux”

  • Arjun Naha

    Hi
    I can not download the Zeus bot, the page just refreshes.
    Please can you give me a direct download link.

    Thanks

    • Lindi

      Disable adblock!

  • adlan rami

    tnx for everything plz am waiting for mail subscribe and i can download

  • jay

    once my bot.exe launched, the server doesnt show anything. how i could solve this? please need it for my final project dissertation

  • max

    ERROR:Failed to create database: Access denied for user ”@’localhost’ to database ‘bot’

  • Matthew

    Hey, Sir can you fix the download link for Zeus Ive subscribed however it says im not.

  • FUCKYOURSELFLIERSmeetic

    Auuuuuuu. PLEASE INMEDIATELLY SOMEONE HELP HELP ME hack meetic they use zeus for server.

  • ——————————

    Not work!!!!

  • samh111

    I have this problem when I am trying to install the bot:Installation steps:• Connecting to MySQL as ‘root’.• ERROR:Failed connect to MySQL server: A connection attempt failed because the connected party did not properly respond after a period of time or established connection failed because connected host has failed to respond.How can I fix this?

  • sam2739

    When am trying step 7. Am getting
    ERROR: Can’t find url_compip entry.

  • eze

    please sir can i host or install the install folder in an hosted server?…….if yes what are the steps
    thanks in advance.

  • pmkscorpio

    hi i have already subscribed for email, but even i cant download the botnet

  • pmkscorpio

    i have already subscribed, if i do it again its showing that email already subscribed, but if i download it is showing this error,
    fix it immly

    Email not found or haven”t verified, please Sign Up your Email below

  • Bhuwanesh Sisodia

    Is there any trick to, do not get caught by the Webhost, Bcoz i installed Solar, Zeus, Spyeye, Citadel all types of botnets but after some hour Account get suspended

  • Ahmed Alameri

    I could not downloaded the Zeus bot net this message appear “Email not found or haven”t verified, please Sign Up your Email below”. but I’m already subscribed

  • Ahmed Alameri

    would you upload the Zeus bot-net again . this what media-fire shows “We apologize, but this download is currently unavailable. Please be patient, we will retry your download again in 30 seconds”

  • troullet

    Hello guys
    When i click on “build the bot configuration” , Here is the message that appears “ERROR: Failed to open file of HTTP injects.” I am currently stuck . How can i do ? thank u in advance

    • dooren

      Hi troullet,

      Could you please help us with the zeus download link or the downloaded source file to my email mrsdooren@yahoo.com
      .
      Thanks in advance.

    • Shivani Sharma

      Hi troullet,

      Can u please help me too with the download link.. i am unable to download that.. it says u aren’t subscribed whereas i have already had..
      please reply on stutishivani11@gmail.com

  • Nazamuddin

    How to create payload to avoid antivirus detection in present day because these days most powerfully av exist on victim computer.

  • HUONG VU

    Hello,

    I install the control Panel in Mac OSX (Lion). I got error ERROR:Failed write to config file.

  • of course, being an attack made on a xamp, this applies only to the local network. If you want to send the file bot.exe to a victim outside our network, we do forward of our ip right?

  • cardim

    ERROR:Failed to create database: Access denied for user ‘root’@’%’ to database ‘bot’

    • thedestroyr

      edit the privelleges for root %, go to databases and edit the access for “bot”

      • dani

        they change back all the time. can some one help out here?

  • fox991

    Hi Vishnu,
    nice work there,i have done all the above steps and i also have a victim but how can i know the email id and password and all other information of the victim .Plzz help

  • eHow Tutorials

    – I am unable to download Zeus no email :/

  • BiJoY

    please update the download link

  • Ali Mohammad

    i find your tut very interesting and pungent, but can i use no-ip account instead of my ipv4 address for my host and escape the ordeal of port forwarding? and what crypter would make this bot.exe FUD?

  • Enkidu

    i can open the panel using …/install i jut get a blank page. what can be the problem?

  • George

    lol nice

  • George Koukou

    Guys the link is doesn’t work any more.Please fix it or send me the new link.Thanks.

  • Zeek

    there is no zsb.exe

  • Zeek

    it also gives me an error when i try to change priv ” #126 – Incorrect key file for table ‘.mysqldb.MYI’; try to repair it”

  • zeekl

    WHERE TF is the exe file e.e

  • Dr MAHO

    some one should please me with zeus trojan johnlarry547@gmail.com

  • Dr MAHO

    Please help me with zeus trojan my email johnlarry547@gmail.com

  • Shivani Sharma

    please help me out.. I am unable to download the RAT.
    And i am already a subscriber.

  • Shivani Sharma

    couldn’t find the zsb.exe file…?????????????

  • Where can I get a tutorial on how to rewrite other peoples .htaccess and robots.txt files?

  • mahie

    when i want to download the file in mediafire i have this message : Dangerous File Blocked
    The file you attempted to download was determined to be dangerous. For your protection, MediaFire does not enable distribution of dangerous files.

    Still have questions, or think we’ve made a mistake? Please contact support for further assistance.