qcred11
Apr 25 2004, 07:28 PM
| QUOTE |
NOTE: This program is provided for educational purposes only, any misuse of the product is at your own risk. It is released in hope to increase people's awareness in client-side security issues by showing how easy it is to exploit http channel in remote command execution.
This is a proof of concept implementation of win32 reverse backdoor program called the Insider. Unlike many other backdoor programs, Insider is not server listening some tcp/udp port, it is a client program that communicates with the server part through http protocol. This design has some unique features:
Pass through almost any corporate firewall (it can automatically detect proxy settings if needed)
No listening services found with "netstat -an"
Easy to hide from IDS - communication seems like a normal web browsing
Web interface for client management
See the management interface.
Insider network consists of the following parts:
Client(s) on victim machine(s)
2 cgi scripts: a driver script "cc.cgi" that communicates with the clients and a script "master.cgi" that gives a user interface to Insider network.
Client is a simple win32 program that is distributed on victim machine in some way - send some executable to victim, do some ActiveX tricks, whatever. The client features:
Automatic http proxy detection
Automatic proxy authentication
System command execution
File download/upload
Simple keylogger (NT/2000/XP only)
Uninstallation
OS shutdown/reboot
The cgi part can be installed on any server that can execute perl cgi scripts - anonymous hosting service should be fine.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
iWeasel410
Apr 25 2004, 08:53 PM
Very interesting package. Great features, thanks for the prog. note: you're going to have to actually go to the site as that download link doesn't allow outside linking.
qcred11
Apr 25 2004, 11:16 PM
sorry iWeasel410. Now everybody can download it from here:
strohunter
Apr 25 2004, 11:28 PM
mmmm interesting concept, i will take a look at the source code.
B3T4
Apr 26 2004, 09:46 AM
whoohoo. i love new ideas, thanks for sharing this refreshing trojan with us
sfzhi
Apr 27 2004, 07:29 AM
has some new features
thx sharing
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
