[aNd1]p|z0ph3cY
13th June 2002, 03:49
Tutorial Made by Gilrim of the Apez Bot Forums
for all you n00b ppl... ;) this is how to remove the keylogger from RagnaBot..... v116 that is....
if you use a packetsniffer at the bot (ie wpe) and login, you'll notice that the bot sends your username & pwd in packet 1 and 13... there you go - the keylogger (imho it's more a trojan than a keylogger, but anyways) packet #1 is supposed to send your char&pwd - it's to the logonserver
open ragnabot116b.exe in a hex editor, and check out offset 21052 (523C hex) you'll see T.h.i.3.f (54006800330069006600 hex)
now what you're to do, is to change this to 00000000000000000000 hex this will in turn make the bot send the user/pwd to a character w/o name - nice, as I'm doubting that exists... This is because 00 hex is a 0byte char, it's nothing
jump to offset 21948 (55BC hex) and do the same, 0 out the name there ( change 530065007000680061006900 to 000000000000000000000000)...
now, your bot will still send the user/pwd, but to a char that plainly dont exist....
or, if your lazy... just DL mine pre edited.... I guarentee it's not sending the char to me.. just launch wpe and check the packets...
preCracked RagnaBot
Peace Out!
Ppl are asking how to do it, so that it's an executable exe... that's really easy: Don't edit anything except what I tell you to :)
I took the time to add some commants - to clear things up a bit... (it was 04:30 when I first wrote this, hence the crappy context :)
update 3rd of may 2k2:
I've had reports that ppl still are getting their accounts looted... I've reRun the packetSniffer, and have checked the first 50.000 packets...
No id's and pwd's are being sent with my edited bot
--------------
Peace Out!
Gilrim Dol
Creator of GilMod / masta hustla
_________________________________
I am not the creator of this tutorial
I just made it easier for people to have access to it
Need questions ask gilrim
for all you n00b ppl... ;) this is how to remove the keylogger from RagnaBot..... v116 that is....
if you use a packetsniffer at the bot (ie wpe) and login, you'll notice that the bot sends your username & pwd in packet 1 and 13... there you go - the keylogger (imho it's more a trojan than a keylogger, but anyways) packet #1 is supposed to send your char&pwd - it's to the logonserver
open ragnabot116b.exe in a hex editor, and check out offset 21052 (523C hex) you'll see T.h.i.3.f (54006800330069006600 hex)
now what you're to do, is to change this to 00000000000000000000 hex this will in turn make the bot send the user/pwd to a character w/o name - nice, as I'm doubting that exists... This is because 00 hex is a 0byte char, it's nothing
jump to offset 21948 (55BC hex) and do the same, 0 out the name there ( change 530065007000680061006900 to 000000000000000000000000)...
now, your bot will still send the user/pwd, but to a char that plainly dont exist....
or, if your lazy... just DL mine pre edited.... I guarentee it's not sending the char to me.. just launch wpe and check the packets...
preCracked RagnaBot
Peace Out!
Ppl are asking how to do it, so that it's an executable exe... that's really easy: Don't edit anything except what I tell you to :)
I took the time to add some commants - to clear things up a bit... (it was 04:30 when I first wrote this, hence the crappy context :)
update 3rd of may 2k2:
I've had reports that ppl still are getting their accounts looted... I've reRun the packetSniffer, and have checked the first 50.000 packets...
No id's and pwd's are being sent with my edited bot
--------------
Peace Out!
Gilrim Dol
Creator of GilMod / masta hustla
_________________________________
I am not the creator of this tutorial
I just made it easier for people to have access to it
Need questions ask gilrim