Strawberrry
Forum Veteran
- Joined
- Aug 2, 2016
- Posts
- 1,598
- Solutions
- 4
- Reaction
- 633
- Points
- 524
Updated Builder And Stub Tutorial!
The better AND easier way. It's noob proof.
The builder is the program that accepts information from the user such as an email address, password, and settings, and writes the stub plus those variables to a new file.
The stub is a template in which every file made by the builder will inherit. The builder reads the information in this file, copies it, and writes it to a new file which also has the predefined variables.
An example: Pretty much every RAT and keyl(o)gger on the market utilizes a builder/stub system. For a keyl(o)gger, you input information such as your email address and password into the builder, and the builder copies this plus the data from the stub to a new file - which is what you would send to your victim.
Note: This is going to be a long tutorial. I'm going to try to explain everything the best I can, so bare with me.
Please note that this tutorial is more directed to beginners that still use the FileOpen blahblah method as shown below, and I'm aware of the other methods available.
Ok, now that that's out of the way, let's get started! If you encounter any errors or have a question, feel free to post it below!
Requirements
Before we start any coding, I want to make sure you know how this method is different, and much better, than the typical outdated method. The other method usually looks something like this:
First of all, I don't think this method really even works anymore. I tried using it a couple days ago, which is what caused me to write this tutorial, and I simply couldn't get it to work. Also, this method is slower, more CPU intensive, and more detectablethan my method. Yeah that's right, it's more detectable because you typically end up doing something called 'file dropping', which gets picked up by AV's very easily. With my method we're never opening files directly, we're getting the bytes stored in them instead. You'll see, it's great.
The builder
Let's start off by designing our builder form. Just add a couple textboxes, a checkbox, and a button as shown below:
First off, we have to add the following code so we can use Encoding.* without having to type the full path all the time:
Alright, now let's start working in the Button1_Click event. Add the following code and I'll explain what it does after:
What we're doing in this code is creating a new SaveFileDialog (the browser that pops up) called filesaver, checking to make sure the path is valid, and then setting the string 'filePath' as the chosen path.
Then we have to declare our variables. We get these from the textbox's and the checkbox. The only thing that may be a little weird to you there is that '.Checked.ToString'. The reason for this is that we can only convert strings into bytes, which is how we are going to write to the stub. That little function returns the string 'true' if it's checked, and 'false' if it isn't. Oh, and the constant value '----FILESPLIT----' is how we are going to separate the stub code from the variables. You'll understand it when we get to it. All you need to know now is that it's important, so copy it somewhere.
Simple right? Ok, let's move on. Add the following right below the Const FileSplitter line:
Don't worry, I'm going to explain all of that right now! We made a new instance of My.Computer.FileSystem so we can easily read and writes bytes to and from files. We then get all the bytes from our stub file by using the ReadAllBytes method. I'm assuming that you'll have your builder inside a folder, and your stub inside that folder, inside another folder called 'Resources'. You can change this to match your needs of course. You should already see a major difference between my method and the typical method.
Now comes the meat of the builder; writing the stub PLUS the variables to our new file. First we'll copy the stub's bytes to the file using the following code, right below where we left off:
Ok, this will probably be the hardest thing for you to understand if you're new, and to be honest it's really not that complicated. This is what the WriteAllBytes method is composed of:
Using that format, we set the path to the path the user browsed to, the bytes to write is the stub's bytes, and since this is the first thing we're writing to the file we don't want to overwrite. The second line is what I call a variable splitter. We need to put this in-between every piece of data we write and it's how we'll retrieve the written data when we're working in the stub. Of course, we set the boolean to true because we don't want to overwrite the stub bytes.
Hang in there, we're almost done with the builder! Let's write the variables now using the same method:
Hey, you did it! Now all your data plus the stub data has been written to the new file. Hats off to you, sir! You do not have permission to view the full content of this post. Log in or register now. Let's just add a MessageBox for confirmation. Here's what your whole class should look like:
Once again, good job! You're more than half way done now. Great work.
The Stub
Here comes the easy part. Create a new project and setup a couple textbox's like so:
View the code for Form1 and Import System.Text just like last time:
And now we will declare all the variables we need:
Seem familiar? I bet you see where this is going, don't you? But wait, what's that self as byte declaration? This is another major differnece between my method and the common method, our stub doesn't have to open itself per say, it just needs to read itself and store its own bytes in the variable 'self'. Lets get at it, put the following code inside the Form1_Load sub:
What we're doing here is we're using the same FileSystem as in the builder to get the bytes of the stub, this program, and then we encode the bytes into a readable string. Now to get the variables, or 'settings', that we wrote to the stub with the builder. We will do this with the following code:
Recognize that FileSplit? That MUST be the same as the FileSplit you used in your builder program. Check and the check again. What we're doing here is giving the array 'settings' a new value every time the 'variable splitter' shows up in the code. This is why we inserted a FileSplit after every variable we injected into the stub; this is how we're going to read that information.
Good. Now comes the fun part...getting the data! Right below the Settings = blah blah line, write this down:
It's very important that you understand how this works. If you're a beginner this might be news to you, but the first piece of data in an array has a ID of 0, NOT 1. So you might be wondering why the email shouldn't be Settings(0), since it's the first piece of information we wrote to the file. Right? Well, not exactly. If you look at the code from the builder program, we actually wrote the stub data first, then the email, and so on. Take a look:
See? Good, it's important that you understand how this works.
The whole class should now look like this:
Guess what? That's it! You've successfully built a builder and stub the proper way. It's even easier than the other method, isn't it?
Using the Data
Now I'm going to quickly show you how you can use the data you collected in this application. This will be a super simple example, we're basically going to mimic the builder form, but it'll help you understand everything a bit more:
All that code does is sets all the textbox's to show the data that the builder injected into the stub. Also, if the user checked the box in the builder, the box will be checked in the stub!
Build Format
Unless you changed the code in the places I told you you could, this is how you should have your built files set up; Folder -> TutorialBuilder.exe + Another Folder -> Inside that folder is the stub.exe.
Note: Unless you named your project just 'stub', your stub will be called something else when it's compiled. You must rename it to 'stub.exe'.
Now run your builder.exe and voila, it works! Check it out!
WOO, THAT'S IT! Thanks so much for reading my tutorial, I hope it helped you out! And remember, if you have any questions or comments feel free to post them below. That's a wrap. You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.
Note: I spent over 2 hours writing this and making sure I covered every last detail. All I ask in return is for you to leave some feedback if this helped you out and give me credit where it's due. Thanks and have a good one!
The better AND easier way. It's noob proof.
The builder is the program that accepts information from the user such as an email address, password, and settings, and writes the stub plus those variables to a new file.
The stub is a template in which every file made by the builder will inherit. The builder reads the information in this file, copies it, and writes it to a new file which also has the predefined variables.
An example: Pretty much every RAT and keyl(o)gger on the market utilizes a builder/stub system. For a keyl(o)gger, you input information such as your email address and password into the builder, and the builder copies this plus the data from the stub to a new file - which is what you would send to your victim.
Note: This is going to be a long tutorial. I'm going to try to explain everything the best I can, so bare with me.
Please note that this tutorial is more directed to beginners that still use the FileOpen blahblah method as shown below, and I'm aware of the other methods available.
Ok, now that that's out of the way, let's get started! If you encounter any errors or have a question, feel free to post it below!
Requirements
- Minor experience in VB.NET programming
- You do not have permission to view the full content of this post. Log in or register now. or You do not have permission to view the full content of this post. Log in or register now.
Before we start any coding, I want to make sure you know how this method is different, and much better, than the typical outdated method. The other method usually looks something like this:
Code:
FileOpen(1, Application.StartupPath & "\sub.exe", OpenMode.Binary, OpenAccess.Read)
FileGet(1, "string to put file into")
FileClose(1)First of all, I don't think this method really even works anymore. I tried using it a couple days ago, which is what caused me to write this tutorial, and I simply couldn't get it to work. Also, this method is slower, more CPU intensive, and more detectablethan my method. Yeah that's right, it's more detectable because you typically end up doing something called 'file dropping', which gets picked up by AV's very easily. With my method we're never opening files directly, we're getting the bytes stored in them instead. You'll see, it's great.
The builder
Let's start off by designing our builder form. Just add a couple textboxes, a checkbox, and a button as shown below:
First off, we have to add the following code so we can use Encoding.* without having to type the full path all the time:
Code:
Imports System.Text
' This is where Public Class Form1 should beAlright, now let's start working in the Button1_Click event. Add the following code and I'll explain what it does after:
Code:
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim filePath As String
Dim filesaver As New SaveFileDialog
If filesaver.ShowDialog = Windows.Forms.DialogResult.OK Then
filePath = filesaver.FileName
Dim stubBytes as Byte()
Dim email As String = TextBox1.Text
Dim password As String = TextBox2.Text
Dim useSecure As String = CheckBox1.Checked.ToString
Const FileSplitter = "----FILESPLIT----"
End If
End SubWhat we're doing in this code is creating a new SaveFileDialog (the browser that pops up) called filesaver, checking to make sure the path is valid, and then setting the string 'filePath' as the chosen path.
Then we have to declare our variables. We get these from the textbox's and the checkbox. The only thing that may be a little weird to you there is that '.Checked.ToString'. The reason for this is that we can only convert strings into bytes, which is how we are going to write to the stub. That little function returns the string 'true' if it's checked, and 'false' if it isn't. Oh, and the constant value '----FILESPLIT----' is how we are going to separate the stub code from the variables. You'll understand it when we get to it. All you need to know now is that it's important, so copy it somewhere.
Simple right? Ok, let's move on. Add the following right below the Const FileSplitter line:
Code:
Dim fileSystem = My.Computer.FileSystem
stubBytes = fileSystem.ReadAllBytes(Application.StartupPath & "\Resources\stub.exe")Don't worry, I'm going to explain all of that right now! We made a new instance of My.Computer.FileSystem so we can easily read and writes bytes to and from files. We then get all the bytes from our stub file by using the ReadAllBytes method. I'm assuming that you'll have your builder inside a folder, and your stub inside that folder, inside another folder called 'Resources'. You can change this to match your needs of course. You should already see a major difference between my method and the typical method.
Now comes the meat of the builder; writing the stub PLUS the variables to our new file. First we'll copy the stub's bytes to the file using the following code, right below where we left off:
Code:
fileSystem.WriteAllBytes(filePath, stubBytes, False)
fileSystem.WriteAllBytes(filePath, Encoding.Default.GetBytes(FileSplitter), True)Ok, this will probably be the hardest thing for you to understand if you're new, and to be honest it's really not that complicated. This is what the WriteAllBytes method is composed of:
Code:
WriteAllBytes(PathToFile, BytesToWrite, BooleanOverwrite)Using that format, we set the path to the path the user browsed to, the bytes to write is the stub's bytes, and since this is the first thing we're writing to the file we don't want to overwrite. The second line is what I call a variable splitter. We need to put this in-between every piece of data we write and it's how we'll retrieve the written data when we're working in the stub. Of course, we set the boolean to true because we don't want to overwrite the stub bytes.
Hang in there, we're almost done with the builder! Let's write the variables now using the same method:
Code:
fileSystem.WriteAllBytes(filePath, Encoding.Default.GetBytes(email),True)
fileSystem.WriteAllBytes(filePath, Encoding.Default.GetBytes(FileSplitter), True)
fileSystem.WriteAllBytes(filePath, Encoding.Default.GetBytes(password), True)
fileSystem.WriteAllBytes(filePath, Encoding.Default.GetBytes(FileSplitter), True)
fileSystem.WriteAllBytes(filePath, Encoding.Default.GetBytes(useSecure), True)Hey, you did it! Now all your data plus the stub data has been written to the new file. Hats off to you, sir! You do not have permission to view the full content of this post. Log in or register now. Let's just add a MessageBox for confirmation. Here's what your whole class should look like:
Code:
Imports System.Text
Public Class Form1
Dim stubBytes As Byte()
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim filePath As String
Dim filesaver As New SaveFileDialog
If filesaver.ShowDialog = Windows.Forms.DialogResult.OK Then
filePath = filesaver.FileName
Dim email As String = TextBox1.Text
Dim password As String = TextBox2.Text
Dim useSecure As String = CheckBox1.Checked.ToString
Dim fileSystem = My.Computer.FileSystem
Const FileSplitter = "----FILESPLIT----"
stubBytes = fileSystem.ReadAllBytes(Application.StartupPath & "\Resources\stub.exe")
fileSystem.WriteAllBytes(filePath, stubBytes, False)
fileSystem.WriteAllBytes(filePath, Encoding.Default.GetBytes(FileSplitter), True)
fileSystem.WriteAllBytes(filePath, Encoding.Default.GetBytes(email), True)
fileSystem.WriteAllBytes(filePath, Encoding.Default.GetBytes(FileSplitter), True)
fileSystem.WriteAllBytes(filePath, Encoding.Default.GetBytes(password), True)
fileSystem.WriteAllBytes(filePath, Encoding.Default.GetBytes(FileSplitter), True)
fileSystem.WriteAllBytes(filePath, Encoding.Default.GetBytes(useSecure), True)
MessageBox.Show("Stub has been created!")
Else
MessageBox.Show("That isn't a valid file path!")
End If
End Sub
End ClassOnce again, good job! You're more than half way done now. Great work.
The Stub
Here comes the easy part. Create a new project and setup a couple textbox's like so:
View the code for Form1 and Import System.Text just like last time:
Code:
Imports System.Text
' This is where Public Class Form1 should beAnd now we will declare all the variables we need:
Code:
Dim Settings(), selfText, email, password, useSecure As String
Dim self As Byte()
' Private Sub Form1_Load will be hereSeem familiar? I bet you see where this is going, don't you? But wait, what's that self as byte declaration? This is another major differnece between my method and the common method, our stub doesn't have to open itself per say, it just needs to read itself and store its own bytes in the variable 'self'. Lets get at it, put the following code inside the Form1_Load sub:
Code:
self = My.Computer.FileSystem.ReadAllBytes(Application.ExecutablePath)
selfText = Encoding.Default.GetString(self)What we're doing here is we're using the same FileSystem as in the builder to get the bytes of the stub, this program, and then we encode the bytes into a readable string. Now to get the variables, or 'settings', that we wrote to the stub with the builder. We will do this with the following code:
Code:
Settings = Split(selfText, "----FILESPLIT----")Recognize that FileSplit? That MUST be the same as the FileSplit you used in your builder program. Check and the check again. What we're doing here is giving the array 'settings' a new value every time the 'variable splitter' shows up in the code. This is why we inserted a FileSplit after every variable we injected into the stub; this is how we're going to read that information.
Good. Now comes the fun part...getting the data! Right below the Settings = blah blah line, write this down:
Code:
email = Settings(1)
password = Settings(2)
useSecure = Settings(3)It's very important that you understand how this works. If you're a beginner this might be news to you, but the first piece of data in an array has a ID of 0, NOT 1. So you might be wondering why the email shouldn't be Settings(0), since it's the first piece of information we wrote to the file. Right? Well, not exactly. If you look at the code from the builder program, we actually wrote the stub data first, then the email, and so on. Take a look:
Code:
fileSystem.WriteAllBytes(filePath, stubBytes, False)
fileSystem.WriteAllBytes(filePath, Encoding.Default.GetBytes(FileSplitter), True)
fileSystem.WriteAllBytes(filePath, Encoding.Default.GetBytes(email), True)See? Good, it's important that you understand how this works.
The whole class should now look like this:
Code:
Imports System.Text
Public Class Form1
Dim Settings(), selfText, email, password, useSecure As String
Dim self As Byte()
Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
self = My.Computer.FileSystem.ReadAllBytes(Application.ExecutablePath)
selfText = Encoding.Default.GetString(self)
Settings = Split(selfText, "----FILESPLIT----")
email = Settings(1)
password = Settings(2)
useSecure = Settings(3)
End Sub
End ClassGuess what? That's it! You've successfully built a builder and stub the proper way. It's even easier than the other method, isn't it?
Using the Data
Now I'm going to quickly show you how you can use the data you collected in this application. This will be a super simple example, we're basically going to mimic the builder form, but it'll help you understand everything a bit more:
Code:
Me.TextBox1.Text = email
Me.TextBox2.Text = password
If useSecure.Equals("True") Then
Me.CheckBox1.Checked = True
Else
Me.CheckBox1.Checked = False
End IfAll that code does is sets all the textbox's to show the data that the builder injected into the stub. Also, if the user checked the box in the builder, the box will be checked in the stub!
Build Format
Unless you changed the code in the places I told you you could, this is how you should have your built files set up; Folder -> TutorialBuilder.exe + Another Folder -> Inside that folder is the stub.exe.
Note: Unless you named your project just 'stub', your stub will be called something else when it's compiled. You must rename it to 'stub.exe'.
Now run your builder.exe and voila, it works! Check it out!
WOO, THAT'S IT! Thanks so much for reading my tutorial, I hope it helped you out! And remember, if you have any questions or comments feel free to post them below. That's a wrap. You do not have permission to view the full content of this post. Log in or register now.
You do not have permission to view the full content of this post. Log in or register now.
Note: I spent over 2 hours writing this and making sure I covered every last detail. All I ask in return is for you to leave some feedback if this helped you out and give me credit where it's due. Thanks and have a good one!
(