[illwill]

wow clubfed your code looks eerily similar to my code i released the code to last year .... http://illmob.netfir...killer_src.html could i be mistaken? besides this new code i made also stops 400 service names which as you should know service exes cant be killed unless the service is stopped first.. hence the 11kb unpacked and 4.87kb packed, but dont worry this source code will be released a few weeks from now then you can make a new one for yourself. :lol:

[Nick W]

illwill, on Oct 3 2003, 05:50 PM, said:

hence the 11kb unpacked and 4.87kb packed, but dont worry this source code will be released a few weeks from now then you can make a new one for yourself. :lol:

I'll probably take a look at it when you release it.

I've never really had a reason to disable AV. The way I figure it, the least amount attention I draw, the better. There's plenty of tools out there that don't get recognized and the tools I make myself *never* get recognized. :)

Ironically, I don't think I've ever seen an effect AV/Firewall killer *under* 5k so I'm pretty impressed with that aspect of it. Also makes me wonder how large a AV killer would be that kills just Norton and McAfee AV scanners, since those two are the most widely used on those fat corporate lines. :)

Illwill, have you ever thought about or made an IRC bot so users could get around firewalls and initiate the connection via IRC? I've done some theorizing on making a bot that would connect to a possible 30 or so irc chat rooms on various servers randomly. Then for the person doing the compromising they would have another bot that would connect to all 20 or so of those chat channels on IRC and just sit.

The trigger for the bot would be an "on join" reponse. If a person came into the channel the bot would automatically try to connect to that remote user on a specified port. The owner of all the bots would code his bot to listen on that same port and when he/she joins the 20 or so chat rooms, will start accepting each of those connections as they drop to shell.

I've also done some testing with coordinating bots without an IRC network in a sort of point-2-point protocol aspect. Imagine something like that being up 24/7. Yikes. Anyone could potentially use it too.

[illwill]

it sure can . i get 1024 bytes or 1kb , cant beat that with a bat

[toska]

anyone got the source code of illwill's page (http://illmob.netfirms.com/aim.html) befored it was removed??!??? If so, please contact me (PM). 10x!

[what]

Quote

We can generally guess what is going on here. As .hta or "HTML Application" files are not binary and resemble - mechanically - HTML files, IE's check of content will be unable to return that this file is anything but safe. The second check of MIME type will see that we are requesting a safe file type... and the third check of MIME type will be from the server saying this is a HTML Application. For whatever reason, IE has ignored the returned MIME type from a security context, but paid attention to it from an execution context.

I found this here. Now that microsoft has applied the patch, exactly what does the patch do? Does it add another form of checking, deny HTML application types, or am I way off. Just wondering, because it seemed that just as i got it to work on my webserver, a patch came out, and now nothing works. <_<

[Nick W]

what,

That is for the PERL HTA exploit that I wrote. It's basically a security risk assesment that was written when this exploit first came out.

[GhostCow]

iwill you can you post that AV killer it sounds like an intresting piece of code..
you got also an av killer for linux and unix firewalls?

[illwill]

no just for windows
and yes my new one doesnt use lazy code of shellexecutine net stop to the apps listed it enumerates which service names are running then compares it with the list of names to kill then stops that service name