iStealer is a nifty little password stealer, basically you build an .exe in which will contain details to your ftp server. You send the .exe to a victim and when he executes it, all of his 'remembered' passwords will be uploaded to your ftp server in an easy to read layout.Many versions of iStealer on the internet have been backdoored with somebody elses RAT/Trojan/Keylogger or stealer, however this version is and will remain safe.
What you will need for this tutorial
1. iStealer 3.0
3. Drivehq Account
Click the "iStealer 3.0" link above. Download the .zip to a folder or your desktop. Extract the folder to your desktop, you will be prompted for a password,
Open the folder, inside you will find a subfolder and the iStealer executable program. Open the .exe. Fill in the blanks with the information of your drivehq account you made earlier, make sure the same boxes are ticked and leave the black area alone.
Once your FTP details are filled in, click the "Test FTP" button.
If your FTP is working fine then continue to build the iStealer server by pressing the "Build" button, you will be prompted to save the file. Save it to your desktop, name it whatever you want. If your FTP test was not successfull then please check the details and try again, alternatively post here.
Click the "Crypter" link above and download it to your desktop. Extract it as you previously did with the iStealer. Open the crypter which in this case is BRM Crypt as it is the least detected public one available. First click Add and select the .exe you previously built with the iStealer, you will then be prompted to "Encrypt this file?"
Ignore all of the steps about file cloning and icon changing, however if you want you can choose to use an error message. Finally, navigate to the "More Settings" tab and press the "Build" button. This will be your final .exe so feel free to name it whatever you want and save it to a place you find fit.
You are now done! All that is left is to distribute the Crypted .exe you made. As this tutorial is for educational purposes only I cannot tell you that you can get a shit load of Rapidshare accounts using this method, so up yours crackers.
Once people have downloaded your crypted stealer, you want to check the logs for any accounts. All you have to do is go to http://www.drivehq.com/file/ShowFolderFrame.aspx? and login. There should be a list of the computers you have infected, the file name will be something like "AdminPC-22832323" which is the name of the PC followed by some random number. What you need to do now is click on the file and inside will be a list of accounts for you to enjoy!!