Hi guyz,
i got victim of a mass scan on the same port (4000) can someone please tell me which exploit uses this port ?
Full Version: Port Scanning My Computer On Port 4000
ra i believe 
remote anything uses this port, the server.
As far as i know there's no exploit for remote anything...
but there's just "trial" default password in trial version.
And while searching the net i've notified that mostly in that cases remote anything is installed by some malware programs.
for example
BKDR_BOOSTDB.A
This memory-resident backdoor program contains no propagation routine and must be manually ran on a machine. It serves as a server component used by a remote user to control the affected system.
By default, it opens port 4000 and waits for commands from the malicious user such as:
* Activates Ctrl-Alt-Del
* Blank screen
* Disconnect user from the Internet
* Get passwords
* Log off current user
* Play a sound
* Restart, shut down, or lock up the machine
* Send commands and dialog box
* Share cliboard
* Start screensavers
* Transfer file
It also attempts to drop a copy of SLAVE.EXE and has an option to create a customized copy of itself as MY_SLAVE.EXE in the Windows folder.
This backdoor runs on Windows 95, 98, ME, NT, 2000, and XP.
but there's just "trial" default password in trial version.
And while searching the net i've notified that mostly in that cases remote anything is installed by some malware programs.
for example
CODE
BKDR_BOOSTDB.A
This memory-resident backdoor program contains no propagation routine and must be manually ran on a machine. It serves as a server component used by a remote user to control the affected system.
By default, it opens port 4000 and waits for commands from the malicious user such as:
* Activates Ctrl-Alt-Del
* Blank screen
* Disconnect user from the Internet
* Get passwords
* Log off current user
* Play a sound
* Restart, shut down, or lock up the machine
* Send commands and dialog box
* Share cliboard
* Start screensavers
* Transfer file
It also attempts to drop a copy of SLAVE.EXE and has an option to create a customized copy of itself as MY_SLAVE.EXE in the Windows folder.
This backdoor runs on Windows 95, 98, ME, NT, 2000, and XP.
Yup indeed, its used in many private noob rootkits.
hummm thanx a lot guyz it's also known as RA .....isn't it ?
anyaway i don't have this port opened or listening as well
anyaway i don't have this port opened or listening as well
the Witty Worm uses this port as well as some game servers, and miribalis.
I scanned 4000 for remote a, yep secure with no sploits that i know of, YET 
if the software is still in trial mode, not registered i can guarentee the password is "trial"... its the only pass that can be used in trial mode, see if you can get some hits from that
[EDIT] Should read all replies, GW cash
if the software is still in trial mode, not registered i can guarentee the password is "trial"... its the only pass that can be used in trial mode, see if you can get some hits from that
[EDIT] Should read all replies, GW cash
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
