i am not sure if other people have tried this before, but here's a good idea for trojan notification. I'm not planning on posting my code publicly, but if u pm me i can help.
Please note that I do not condone the use of trojans, and this is posted as a concept only.
Setup a ftp somewhere, which logs all connections to it. Now setup dyndns to link to the ftp.
Upload all your trojan / pubstro installation progs to it. You need to make two progs: 1) a ftp downloader that will get all these progs from the ftp and execute on "victim". 2) a ftp notifier, which will auto connect and disconnect to ftp on reboot. Upload 2) to the ftp as well.
The trojan to distribute here, is the ftp downloader, which will then get and install all the other progs.
Now, each time the "victim" reboots, it will log into the ftp, which will be noted in the ftp's log.
All you need to do, is pick up the logs now and then from the ftp server.
This method has big advantages over the standard cgi / php notifiers, since you dont need an unreliable, easily traceable webhost.
Full Version: New Idea For Notification
| QUOTE (tibbar @ Feb 4 2004, 07:13 AM) |
| i am not sure if other people have tried this before, but here's a good idea for trojan notification. I'm not planning on posting my code publicly, but if u pm me i can help. Please note that I do not condone the use of trojans, and this is posted as a concept only. Setup a ftp somewhere, which logs all connections to it. Now setup dyndns to link to the ftp. Upload all your trojan / pubstro installation progs to it. You need to make two progs: 1) a ftp downloader that will get all these progs from the ftp and execute on "victim". 2) a ftp notifier, which will auto connect and disconnect to ftp on reboot. Upload 2) to the ftp as well. The trojan to distribute here, is the ftp downloader, which will then get and install all the other progs. Now, each time the "victim" reboots, it will log into the ftp, which will be noted in the ftp's log. All you need to do, is pick up the logs now and then from the ftp server. This method has big advantages over the standard cgi / php notifiers, since you dont need an unreliable, easily traceable webhost. |
well I prefer using a Static Ip Notifier than this one.
Coz its easy to code.
Regards
~Faceless Master
SIN is fine for a small number of "victims". Once you are into the 1000's, the result will effectively be DDOS on your ip.
For those who like SIN, visit #hue on irc.doomdead.com, for a RAT which purely works through SIN.
For those who like SIN, visit #hue on irc.doomdead.com, for a RAT which purely works through SIN.
Tibbar i think this is a great way to work with dynamic ip's.
i gonna code one i hope i can do it
is there a way to find out of a ip is dynamic?
i gonna code one i hope i can do it
is there a way to find out of a ip is dynamic?
i don't like this idea because the victim can easily find out your ip and you're busted if you're lucky ;/ (but that's only my opinion ) perhabs that can be useful on a remote server ...
gr€€tZ fl4Shb4Ck
gr€€tZ fl4Shb4Ck
hey dont even dream of using this method on your own ip!!!
well, you could if you chained two dyndns' together with a proxy...
but i would recommend using this on a remote ftp, perhaps one you "made" before...
if your remote ftp dies, just make a new one, and update the dyndns account.
well, you could if you chained two dyndns' together with a proxy...
but i would recommend using this on a remote ftp, perhaps one you "made" before...
if your remote ftp dies, just make a new one, and update the dyndns account.
you can olso do it with comby of wincap and proxy..
hue is horrible at the state its in, VERY buggy and no real features that make it worth using. It has a broken webdler, no upload function, no network tools blah anyway enough whining because its still undetected but all in all its a glorified SIN notifier
including that if they find your ip its easy to close down the server and stop the virus.
Why not adding a backdoor to the infected pc's included with your virus witch allows you to view the logs ? it saves space and you have the option to see the log from the target you wanted to log.
Mayb you should read this analysis: http://www.klake.org/~jt/malware/spotcom/
it looks a bit like the idea you have
~/warlord
Why not adding a backdoor to the infected pc's included with your virus witch allows you to view the logs ? it saves space and you have the option to see the log from the target you wanted to log.
Mayb you should read this analysis: http://www.klake.org/~jt/malware/spotcom/
it looks a bit like the idea you have
~/warlord
cgi and php Notification is good
the irc Bot is my favorit
the irc Bot is my favorit
sigh...do ppl here really use SIN without going through a proxy... it's not hard...
vic --> dyndns --> proxy --> you
and for all the cgi lovers out there, the ftp notifier doesn't run the risk of your illegal cgi page getting shutdown, or the network admin of the cgi page stealing the bots.
vic --> dyndns --> proxy --> you
and for all the cgi lovers out there, the ftp notifier doesn't run the risk of your illegal cgi page getting shutdown, or the network admin of the cgi page stealing the bots.
If you are interesten in ful sin lan bypas trojan go on http://www.evileyesoftware.com/ees/index.shtml and download Asasin2 and you will find alot of useful tools!!!Binders...
Trojan with sin notify and reverse conection is the best becouse the server conects to you and you can control computers on LAN(with normal trojans you cant)
Or download Apre and bind it with your trojan and it will make it SIN lan bypass trojan...
Trojan with sin notify and reverse conection is the best becouse the server conects to you and you can control computers on LAN(with normal trojans you cant)
Or download Apre and bind it with your trojan and it will make it SIN lan bypass trojan...
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
