It is recommended that all users read through this document before using Poison Ivy. Contents: I. Description and features II. Building a server III. Accepting connections IV. General usage and informations V. Plugin system VI. FAQ VII. Undetected versions VIII.Credits and contact information IX. Changelog
Poison Ivy is an advanced remote administration tool for Windows (the client is reported to run on WINE or other emulators on various Linux/UNIX flavors), written in pure assembly (server), and Delphi (client). The server contains no dependencies of any kind, and runs on 2000/XP/2003/Vista. Since version 2.3.0, the server size is dependent on the settings, which means additional features(like key logger, etc.), will make the final server larger. Even so, the maximum size of the server is around 7KiB, unpacked. Being independent code, the server builder can produce PEs, or shellcode(in the form of arrays for C, Delphi, Python, or raw binary), depending on your needs. The most important features are encrypted communications (256bit Camellia), compressed communications, full-featuredfile manager, registry manager, key logger, services manager, relay server, process manager, remote audio capture, screen capture, web cam capture, multiple simultaneous transfers, password manager, and the ability to share servers, based on privilege levels, and various other things that you will find useful. Poison Ivy is also special compared to other similar tools, because the server doesn'tneed to be updated, even if new features are added. Even though the server supports 3rd party plugins, it's important to know that all the features not listed in the “Plugins” section are self-contained in the server, and no additional files are used at any time. The plugins (as well as the server and key logger file) are stored encrypted in ADS (Alternative Data Stream) on NTFS partitions (they arestored normally on FAT32). Check the official website for screen shots. This document doesn't describe all the various features of the application, but tries to cover the basics.
The GUI is assumed to be self-explanatory, so users with a decent level of experience will have no problems discovering the features and using the application to its full potential. On the other side, users which lackthe very basic network skills (forwarding a port, knowing what a port is in the first place, knowing how a client - server application is supposed to work) or better off learning these things first before attempting to use Poison Ivy.
II. Building a Server To build a new server, you need to start the application, and select “File” -> “New Server”. You will see a screen similar to thefollowing:
As you can see above, you can easily manage your profiles. First, you will want to create a new profile, by pressing “Create Profile”, and selecting a name. You will notice that until you create your profile, you need to go through each section (on the right, the others being disabled). After you have created the profile, you are able to edit anything is whatever section. This behavior isintentional, to prevent skipping a section by mistake.
Next, in the “Connection” section, you should see the something like this:
Since PI is a “reverse connection” administration tool, you need to specify at least one valid DNS/IP and a Port combination where the server will find a listening client. You do this with the “Add” button. Generally it is a good idea to “Test Connection” after youhave set everything up (for this to work, a client must be listening, with the correct password/port, and the DNS/IP must be valid and must point to the client). The password can be a user-defined string, or you can use a random-generated key file (recommended). The key file will be saved in the “Profiles” directory, and will be named .pik. In either cases, losing your password/key file will...