Ver documentación (Borocito.odt)
Basado. Basado en CWS. un software a la espera de comandos remotos.
Código proporcionado por los mórbidos pensamientos de nosotros... los informáticos.
First, you must mount the server. In releases you can see a .zip called "Server-Side", this compressed contains the files and folders that you must upload to an FTP server so that BorocitoCLI can connect to them and thus be used.
Inside the .zip, you will find the following files and folders:
- Boro-Get/
- REPO/
- boro-hear.zip
- broKiloger.zip
- broRescue.zip
- broScrincam.zip
- RMTDSK_Client.zip
- RMTFS_Client.zip
- TeamViewer.zip
- RepoList.ini
- boro-get.ini
- boro-hear.ini
- broKiloger.ini
- broRescue.ini
- broScrincam.ini
- RMTDSK_Client.ini
- RMTFS_Client.ini
- TeamViewer.ini
- REPO/
- Files/
- Telemetry/
- tlmRefresh.php
- Users/
- Commands/
- cliResponde.php
- Commands/
- Borocitos.zip
- Client.ini
- fileUpload.php
- GlobalSettings.ini
- telemetryPost.php
- userReport.php
Pay attention, now I will explain what these files are, one by one.
- Boro-Get/
- REPO/
- boro-hear.zip: Contains the boro-hear plugin binaries.
- RepoList.ini: Contains the information of each plugin that can be used by boro-get. Here are the links to the plugin configuration files.
- boro-get.ini: It contains the basic information of the plugin, such as the version, the author, the page link and the download link of the compressed with the binaries.
- boro-hear.ini: It contains the basic information of the plugin, such as the version, the author, the page link and the download link of the compressed with the binaries. [This is the file listed within RepoList.ini]
- REPO/
- Telemetry/
- tlmRefresh.php: This PHP is the one that processes the telemetry sent from the CLI to the server, and from the server to the CMD.
- Users/
- Commands/
- cliResponde.php: This is used to process the sends and responses related to the commands. Response from CLI to CMD and sends from CMD to CLI.
- Commands/
- Borocitos.zip: Contains the binaries of Borocyte itself. The extractor, the updater and the CLI. It is recommended to always use the latest version of these binaries.
- Client.ini: Contains the information about the Borocito assembly itself. The version and the download link of the compressed that contains the binaries.
- fileUpload.php: It is used within the BorocitoCLI command processor. (/Payloads.uploadAfile=...)
- GlobalSettings.ini: Contains general information about the BorocitoCLI configuration. This is where the boro-get plugin should be downloaded from.
- telemetryPost.php: Used for when a new instance of BorocitoCLI is started. Processes the first information generated by the CLI telemetry.
- userReport.php: It processes the information of the user who started an instance of BorocitoCLI for the first time. This file is very important, since it is the one that generates the necessary files and connections to control.
All files and folders have a function. So it is important that these are inside your server. Obviously, some URLs need to be modified, since by default they point to my server.
The files you should modify are:
- Boro-Get/
- boro-get.zip>boro-get.txt
- RepoList.ini
- boro-get.ini
- boro-hear.ini
- broKiloger.ini
- broRescue.ini
- broScrincam.ini
- RMTDSK_Client.ini
- RMTFS_Client.ini
- TeamViewer.ini
- Client.ini
- GlobalSettings.ini
In these appears my URL to my server. These should be modified with your server URL.
Now, you can also have some functions taken from my server. This way you avoid updating certain things every time they are updated within this repository. In this way, you also manage to avoid overloading your server (but you could overload mine).
These files where you can leave my URL of my server are:
- Boro-Get/
- boro-get.zip>boro-get.txt
- RepoList.ini
- boro-get.ini
- boro-hear.ini
- broKiloger.ini
- broRescue.ini
- broScrincam.ini
- RMTDSK_Client.ini
- RMTFS_Client.ini
- TeamViewer.ini
- Client.ini
- GlobalSettings.ini
And do not worry. I can't steal your victims. Since the server being injected is yours, it must not be mine.
You must start the control panel. For this is the executable borocitocmd.exe. Initial and start unboxing.
When you start, show the main form, and naturally, being the first instance, you will ask for certain data.
Window 1: "Ingrese la direccion del servidor"
In this field, you must enter the raw link from the Borocito HTTP directory. An example is ´chemic-jug.000webhostapp.com/Borocito´.
The directory link (from your server) where the borocyte server-side files are. No protocol (without HTTP, HTTPS, FTP, etc)
Windows 2: "Ingrese el direccion host del servidor"
The host address is the complete FTP route of the borocito directory (from your server). It looks like this: ´ftp://files.000webhost.com/public_html/Borocito´
Basically, if you put that URL in the browser, you should ask for a user and password to access the FTP server. When you start session, you should be already located in the Borocito Server-side folder.
Windows 3: "Ingrese el usuario del servidor" Username to start session on the FTP server.
Windows 4: "Ingrese la contraseña del servidor" Password to start session on the FTP server.
If everything is fine, you should be able to see the file "Settings" in the box below. If not, you may have failed to enter a field.
To infect a computer, it is necessary to create the executable that infected the target computer.
Inside the control panel, you must go to the "Inject" tab, there is a textBox that puts your server address, and there is also a "Inject!" Button. You just have to prevent "Inject!" And a window will appear there, there you must choose the binary "borocytoextractor.exe", then another window will open, it is in this where you should choose the name and location of the distributable.
Computer you have access, as you start the binary you have saved in the previous section. In theory, delay around 15 seconds in which Borocitocli is executed successfully.
Once someone infected, you can perform some activities with the borocito control panel.
I'm not going to teach you how, because there are really many things and I'm lazy to write this.