Professional Documents
Culture Documents
2
by shapeless
http://poisonivy-rat.com
[ INTRODUCTION ]
The server is only 7.5 KiB long (unpacked, can reach 3.8 when packed with FSG for example), is completely stand-alone, is
independent of any runtimes, etc, and will run on all NT based Windows operating systems (even on restricted accounts),
32bit and 64bit; it doesn't drop any files, except the key logger log file (if the feature is enabled).
Please note that this document is a general guide to get users familiar with the applications, and some features might not
be described in detail here – you will you them and see how they work.
You are encouraged to visit the official website http://poisonivy-rat.com, for more screen shots, news and development log.
firewall bypassing, reverse connection, ARC4 encrypted communications, transparent compression of transfers and
communications, full-featured file, registry, services and process manager, relay server, view installed applications (some
support remote silent uninstallation), key logger, socks4/5 server, traffic sniffer, remote screen capture and web cam
viewing, password manager (IE cached passwords, MSN passwords, Firefox cached passwords, wireless zero configuration
passwords, LM/NTLM hashes), runs on restricted accounts.
[ GENERAL USAGE ]
You might want to know that the client (PI2.1.2.exe) does not touch the registry nor any other files outside it's folder
where you extracted it from the distribution archive.
It will save it's settings in an INI file, and all communication details (folder cache, downloaded files, etc.) will be saved in a
folder “Users”, that will contain folders named <remote_computer_name>^<remote_user_name>, where you will find
your downloaded files, etc.
This document is to be considered a general guide to get you started, you will see that the application is rather easy to use,
and you will learn it while you use it.
The general rule of thumb is that right-clicking on the right-side of the feature tree (after selecting a feature), always
reveals the options, which are self-explanatory.
To pause/resume/cancel and view transfers, the “Toggle Transfers View” button is located on top, like in the image below
(the other buttons all have tool tips):
Right-clicking on a transfer reveals various options.
[ BUILDING A SERVER ]
The first thing you will need to do if you are using the client behind a router, is to forward a port to your computer.
An extensive guide that covers most (if not all) routers is at http://portforward.com.
If you are behind a corporate firewall, you will have to ask your network administrator to forward a port for you.
Either way, remember the port number, as you will need it when building the server.
Run the application (Poison Ivy 2.1.2.exe), and go to the “Build” tab.
The first thing you need to do is add at least one DNS/Port entry, so the server will know where to connect (you will
probably also need to sign up with free DNS providers, like http://no-ip.info).
Click the “Add” button near the “DNS/Port” box, and add as many entries as possible to ensure that you will no loose
servers, should one DNS go down. After completing this, it's always a good idea to use the “Test” button to see if
everything works.
The “Socks4” check box is when you would like the server to connect to you through a socks4 server (same configuration
method as above).
Tick the “Startup” box if you would like the server to start automatically with Windows (most of the time you wold check
that).
Only change settings in the “Advanced” section if you know what they mean/what you are doing.
Finally, you can choose an icon for the server if you want (by clicking on the “Icon” square in the lower-right site), or leave
it without an icon.
You can restore the 'no-icon' by right-clicking on the same box.
Now you are ready to generate the server, by pressing the “Build” button.
[ ESTABLISHING CONNECTION ]
Assuming you have all the network-related settings configured and working properly (no firewall blocking the client, port
forwarded correctly, internet connection if needed, etc), the are a couple of things to st up in the “Settings” tab.
The essential settings here are the port and the password, the ones you chose when building the server.
Adjust the other settings as you see fit.
When you are done, press “Save” and you are ready to accept connections (they will show in the “Connections” tab).
Right clicking on a connection reveals some options.
Double-clicking on a connection opens up the management features.
If a connection is marked in red, you should restart the server in order to take advantage of the new features in the client
you're using.
When sharing a server, the same method is applied as when building a server.
Tip: you can quickly change the port the client listens on by clicking the “Port: xxxx” part in the status bar of the client.
Q: The remote server is working fine, until it suddenly disappears, and i can't connect anymore.
A: The other user might be running an antivirus application, which picks up the server and deletes it.
Q: When i retrieve the key log file, parsing/displaying it takes a very long time.
A: For very long key log files (also depends on your CPU), you might want to disable 'Key log colors' in the 'Settings' tab.
Q: Sometimes it takes very long for a server to connect, even if the other computer is online.
A: This is because the interval at which the server tries to establish connection with the client is dynamic, and you probably
started the client just before the longest interval. Be patient.
[ Undetected Versions ]
You don't have to worry about future versions either, as said above, servers need to be updated very rarely (in case of
major protocol changed), because of the special way Poison Ivy works.
If it's such a case, you will receive a new version.
Email: support@poisonivy-rat.com
poisonivyrat@yahoo.se
Beta Testers:
Caecigenus, Crazy Boris, Digerati, eNerGie, e-e, giuliano, Heike, hnZ^, Lord, p0ke, redlime, Th3ChaS3r.
Credits go to:
Andvare, Aphex, Billy Belceb, Caecigenus, eNerGie, Erwan, Geiger Tamás, ksv, Laszlo Toth, Mark James
(http://www.famfamfam.com), Markus Stephany, Michael Puff, p0ke, Salvatore Meschini, TM.
- Disclaimer -
Poison Ivy must only be used on your own computers or onomputers where the
owner has expressly given his/her approval. The creator of Poison Ivy will in no
way b held responsible for any damages caused by the negligent use of
this software.