[White Scorpion]

hi all,

Tiny v3.0 has just been released. it is easy to use and better hidden then the previous versions...

the zip-file contains:

tiny.exe
userinit.dll
sources
README.TXT

the program is explained in more detail in the README.TXT

have fun with it and don't do anything stupid, i have written it for educational purposes only!


you can get it here.

thanks to x^r for helping me out with the injection part ;)

[thesource]

Ive downloaded it but how come ya cant connect with telnet?

[Titus]

thesource, on Apr 3 2005, 01:20 AM, said:

Ive downloaded it but how come ya cant connect with telnet?

<{POST_SNAPBACK}>

read readme.txt its so easy :D. btw great job WS. thx for sc too ^^

[exobot]

Cool, nice - not detected by Norton yet, wonder how long it will take.

An idea for future versions could be a reverse connect feature, to get around those pesky people who insist on using routers ;).

I haven't actually tested it yet so excuse me if this has been answered already; does it start automatically with windows, etc - does it install itself as a service?

[White Scorpion]

Quote

Cool, nice - not detected by Norton yet, wonder how long it will take.

An idea for future versions could be a reverse connect feature, to get around those pesky people who insist on using routers wink.gif.

I haven't actually tested it yet so excuse me if this has been answered already; does it start automatically with windows, etc - does it install itself as a service?

not long i think since they are watching this site... but hey, packers are always an option...

i'm thinking about reverse connections, but i'm not sure yet how to retrieve the IP from someone who is connecting to a specific port....

it changes HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ --> Shell
to make it start automatically. this way, whenever explorer crashes tiny will restart as well...

[r00t]

HI White Scorpion

Thank you very much for your tool's. I was on your HP and found also other usefull apps.

Will try to change the port etc on the backdoor :D I hope i find the clue :D

So Thank's.

But doesn't i need ASM copiler or so for the includes ????

to make the bat file etc ??

[White Scorpion]

I've been told that there's a bug in the tiny 3.0, it won't start explorer.exe after a reboot, so you will have to uninstall it BEFORE Windows is restarted. As soon as i have released v3.1 this problem will be solved...
<edit>V3.1 is released now, the problem is solved. i've tested it with several machines while rebooting about 20 times per system and every time tiny will start along with the rest of Windows...</edit>

nebo > you do need the masm assembler indeed, you can download it FOC from here.
after installing masm32 you can run the make.bat file to assemble the new program.

[thesource]

So you just didn't want to add the feature to connect through telnet? Cause I can connect to other backdoors (ex. wolf) that have passwords.

[White Scorpion]

Quote

So you just didn't want to add the feature to connect through telnet? Cause I can connect to other backdoors (ex. wolf) that have passwords.

Well it's very simple, Telnet sends directly every character you type while nc waits until you've pressed enter.
All i had to do to accept telnet sessions it to read everything into one buffer and then compare the complete buffer to the password... you can implement it yourself if you like, but i think it is better safety not to use telnet...

[GekAapie]

when i unpack the files i get a message from norton: fixed tiny.exe or something and then the file is gone...

anyone know what happened????

[GhostShell]

Necrocide, on Jun 22 2005, 08:55 PM, said:

GekAapie, on Jun 22 2005, 09:52 PM, said:

when i unpack the files i get a message from norton: fixed tiny.exe or something and then the file is gone...

anyone know what happened????

<{POST_SNAPBACK}>

....maybe because your anti-virus detects it as a virus/trojan/backdoor/whatever?

<{POST_SNAPBACK}>

yeah most likely thats what happened bcuz norton likes to do things without asking...look in the quarantine folder that shpuld tell you :) by the way get rid of norton dude it sucks

[setthesun]

Thank you for source, I was looking for good ASM practices.

[saetji]

Nice one mate. Outta curiousity, are there any tuts out there for dll injections?

[spook]

saetji, on Jun 23 2005, 12:14 PM, said:

Nice one mate. Outta curiousity, are there any tuts out there for dll injections?

<{POST_SNAPBACK}>

http://www.thecodepr...on_tutorial.asp

http://www.anticrack...liCZ/export.htm

http://www.phrack.or...w.php?p=62&a=13

http://www.rohitab.c...-9-11998-0.html

http://www.megasecur...rogramming.html

http://users.ece.gat...20injecting.doc

I just took a quick look at them.. So don't blame me if they aren't all dll injection :)

Enjoy reading them though, it's quite interesting