I found a file called winreg on a box containing FTP users and passes...
then I found whost.bat which contained
"rundll32 winhost.dll,RundllInstall SENS"
Anyone know what program is sniffing thoose FTP logins?
Full Version: Winhost.dll
I think that winhost.dll is the file .ini with account of a serv-u modded.
Can you show us the content of this files? And mask passwords and logins ofcorse
I got more info on it now
copy testdll.dll %systemroot%\system32\iat.dll
copy launcher.exe %systemroot%\system32\senss.exe
rundll32 Winhost.dll,RundllInstall SENS
injects into winlogon.exe and logs FTP connections outgoing and ingoing on all ports
in winreg it looks like following
Port : 110 USER rwogle
Port : 110 PASS Red!51neck
Port : 110 PASS 424242
Port : 110 USER sjain3
Etc.
I also found a script of his to DL the files and install them, i'll upload it if its wanted..
copy testdll.dll %systemroot%\system32\iat.dll
copy launcher.exe %systemroot%\system32\senss.exe
rundll32 Winhost.dll,RundllInstall SENS
injects into winlogon.exe and logs FTP connections outgoing and ingoing on all ports
in winreg it looks like following
Port : 110 USER rwogle
Port : 110 PASS Red!51neck
Port : 110 PASS 424242
Port : 110 USER sjain3
Etc.
I also found a script of his to DL the files and install them, i'll upload it if its wanted..
of course show us.
does that thing only log ftp accesses or also other sorts of authentiation, as http oder netbios ?
does that thing only log ftp accesses or also other sorts of authentiation, as http oder netbios ?
Only FTP... this dude is sick, he injects like 3 dll's into winlogon and installs rootkits, winshell and like 20MB of crap
it seems that it a function keylog of wollf manage i think
Here is the sniffing files ..
QUOTE(Thom @ Oct 16 2004, 04:23 PM)
Here is the sniffing files ..
where ? can the others see some files / links? hmm hope this isn't a problem of mine :/
noname
QUOTE(n0n4m3 @ Oct 17 2004, 05:11 PM)
QUOTE(Thom @ Oct 16 2004, 04:23 PM)
Here is the sniffing files ..
where ? can the others see some files / links? hmm hope this isn't a problem of mine :/
noname
i cant too
lol
they're not there
they're not there
It must have been messed up somehow, anyway. http://www.sexplorer.it/sniffer.rar
there they are..
there they are..
seems not too easy to know from where is from, what it do, and how it do...
now im very interested in your question ...
anyone have an opinion?
now im very interested in your question ...
anyone have an opinion?
Hey Thom, give us those files , becouse they aren't there. Please.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
