nowhere
Apr 6 2004, 08:51 PM
| QUOTE |
RECUB Features.
1 RC4 Encripted Reverce connect Shell for XP,2k,2003.
2 Bypass Firewalls by starting new instance of Internet explorer and injecting code
3 Activate throw Encrypted ICMP request
5 No listning ports
6 No Process visible,injects into Explorer.exe on startup and exiting
6 Activex startup
7 Empty All Event Logs After exiting the shell.
8 We can use Netcat also for remote shell.
9 EXE size only 5.39 KB
Install
Copy to any folder like windows of system32 and run once
Uninstall
Just delete the exe file
and this key at
HKEY_LOCAL_MACHINE\Software\\Microsoft\\Active Setup\\Installed Components\\{H9I12RB03-AB-B70-7-11d2-9CBD-0O00FS7AH6-9E2121BHJLK}
HKEY_CURRENT_USER\Software\\Microsoft\\Active Setup\\Installed Components\\{H9I12RB03-AB-B70-7-11d2-9CBD-0O00FS7AH6-9E2121BHJLK}
By
Hirosh
www.hirosh.net
www.eos-india.net
Bugs mail me - hir_osh@yahoo.com
Thanks for starch at http://mir-os.sourceforge.net/recub.htm For the idea,I started this by
porting his version in linux to win32,after some time i stoped porting bc i prefer
a small EXE heheh..,and thanks to NC source too.. //
|
Fareway
Apr 6 2004, 10:30 PM
the big problem is that this one doesn't work when nobody is logged on to the system. It only works when there is at least one user logged on. That because the code can only inject into a running process.
SeNe
Apr 6 2004, 11:25 PM
is good to have a trojan that bypass firewall gonna give this one a try.
thanks
Daume
Apr 7 2004, 11:54 AM
like so many well known backdoor
AV detected ( for me by Kapersky )
+++
extreme
Apr 8 2004, 08:22 PM
There is C++ source code available, so it is easy to make it UD... Also, it is unique because it is activated through PING request
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
