hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: Xdcc Bot
GovernmentSecurity.org > The Archives > General Network Security
tibbar
Feb 23 2004, 09:09 AM
hi

This is related to my firewall killer post. My plan is to write or modify and existing xdcc bot, so that upon a xdcc request, the firewall is disabled, the pack sent and then when the download completes, the firewall reenables.

This would allow any firewalled vic to become an xdcc bot, with less risk of being detected (on the less busy xdcc networks).

If anyone else has ideas on how to get around firewalls for this type of purpose please reply - n.b. I thought about manually configuring software firewalls to open a port for xdcc sends, but given the number of different firewalls out there, im not sure this is feasible.

thanx
fyle
Feb 23 2004, 09:38 AM
If the firewall is initially enabled, how would the bot recieve the DCC request in the first place?
PacMan03
Feb 23 2004, 09:42 AM
what you probably want is at http://iroffer-lamm.sourceforge.net/

Here is a quote from the change log:
QUOTE
Added mIRC-style "DCC Server" protocol for sends


Basically, if the box is firewalled, you can
set it up so that the bot initiates the connection.
tibbar
Feb 23 2004, 11:10 AM
that sounds perfect. if only i had found out about that before!!!

can anyone explain the config script:

## - Lamm add-ons - ##
## ##
## dccserverport <port> - mIRC-style dccserver port number (def:0 = off) ##
## rsend yes - only works in connection dccserverport for now, ##

so i can specify any port i want, or does the port need to be opened on the firewall 1st?

e.g. will this work:

dccserverport 45000
rsent yes

if its a revcon, then i think i dont need to open the port.

thanx for the help again.
xlove
Feb 23 2004, 11:32 AM
the port needs to be open.... on the firewall....
eg. if port 8080 is blocked, then setting it to this port wont work...
tho the port can be set to any current open ports
i dont think it uses the local machine's port
tibbar
Feb 23 2004, 04:03 PM
what would be cool, is a iroffer working like a lan bypass rev con. often the fast connections are behind routers, and it's not feasible to remotely configure the router.

so i guess, in that situation i have to scan the pc, and hope for a free open port. if there isnt one, there is nothing i can do.

can someone explain to me, the difference between the fserve approach used in this version of iroffer, and the revcon method used in modern RATS?
o0oKARo0o
Feb 24 2004, 04:52 AM
This msg has nothing to see here but I canīt post new messages and I just wanted to share that link which is quite usefull if you want to disable all the dcom of windows after patching your machine..
http://grc.com/dcom/
DumpZ
Mar 1 2004, 10:09 AM
hxxp://iroffer.org/

This i an open source bot for Linux, which also runs under windows with the cygwin dlls. The source is also available.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.