hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > System Security > Beginners Section
x1`
Feb 16 2004, 06:12 PM
ok i am trying to host a tftp service on my pc on port 69 , but it shows a tftp service is already running , but i dont see it in the process list sad.gif
how can i find and stop it , ive got mcfee virus scanner and sygate personal firewall running , i had walsoft tftp server running ok last 2 days but all of a suddden it says there is one running , i puzzled
Ash
Feb 16 2004, 06:19 PM
rootkit unsure.gif
Acid-Burn
Feb 16 2004, 06:21 PM
try 2 find and del it
valsmith@punkasfuck.org
Feb 16 2004, 06:31 PM
nmap your computer. Nmap for windows can be found at:

http://download.insecure.org/nmap/dist/nmap-3.50-win32.zip

Look and see if that port is really open. Hell try to tftp to it.

Then from sysinternals there is a great tool called tcpview which will show you ports to processes. Then you could backtrack from there. windows really needs a good LSOF.

http://www.sysinternals.com/ntw2k/source/tcpview.shtml


theres a bunch of other tools on there that might help as well.


Hope that helps.

V.
x1`
Feb 16 2004, 06:43 PM
ok i tired tcp view heres a screen shot of what it showed

also i remeber last night i installed a root kit on my self i think not sure was trying to see if it works the name of it was called vanquish i think cause i just click on the exe file sad.gif so it might be it
roto
Feb 17 2004, 02:38 AM
owned? rofl, prolly a rootkit or blaster
daguilar01
Feb 17 2004, 04:23 AM
QUOTE (roto @ Feb 16 2004, 07:38 PM)
owned? rofl, prolly a rootkit or blaster

he just said he installed a rootkit so i think we know its a rootkit, after reading hte readme for vanquish, it shows
QUOTE
The autoloader(vanquish.exe) accepts the following parameters:
    -install    Install & activate vanquish as a service.
    -remove    Remove vanquish. (needs restart).

so go back to where you ran vanquish from and use the -remove parameters, and then restart and you should be rid of it, gl
FiNaLBeTa
Feb 17 2004, 06:49 AM
QUOTE (daguilar01 @ Feb 17 2004, 04:23 AM)
QUOTE (roto @ Feb 16 2004, 07:38 PM)
owned? rofl, prolly a rootkit or blaster

he just said he installed a rootkit so i think we know its a rootkit, after reading hte readme for vanquish, it shows
QUOTE
The autoloader(vanquish.exe) accepts the following parameters:
    -install    Install & activate vanquish as a service.
    -remove     Remove vanquish. (needs restart).

so go back to where you ran vanquish from and use the -remove parameters, and then restart and you should be rid of it, gl

We know he's a du****s for not uninstalling the rootkit.
But here the rootkit can't be the problem. Vanquish onely hides files and tryes to log windows logins. Nothing else.
pdf
Feb 17 2004, 07:36 AM
QUOTE (Dickybob20 @ Feb 16 2004, 06:12 PM)
ok i am trying to host a tftp service on my pc on port 69 , but it shows a tftp service is already running , but i dont see it in the process list sad.gif
how can i find and stop it , ive got mcfee virus scanner and sygate personal firewall running , i had walsoft tftp server running ok last 2 days but all of a suddden it says there is one running , i puzzled

when you installed the tftp it will be run automatically when windows starts (service)

you can set it as a manual service or just close it from the taskmanager everytime you need to run it again
pyr0
Feb 18 2004, 05:13 AM
do tasklist /svc or download PrcView v 3.6.2.1 and make a .bat
-
@echo off
prcview -e > PRC1.txt
prcview -w > PRc2.txt
-
Then it will list all proccess with C:\<path to it>\something.exe so then u can check all the .exe's out and find your tftp .exe

:edit :Link happy.gif

http://www.pcworld.com/downloads/file_desc...fid,6102,00.asp ph34r.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.