This topic is locked
sweet, this baby rocks!
complements to the authors and everyone involved
Sponsored by: █ Sparkhost - Hosting Without Compromises! █ Hybrid Performance Web Hosting █ Spark Host Stream Hosting █ Hybrid IRC & IRCd Server Shell Accounts
Hacker Defender Recompiled
Started by
jimmy
, Jan 29 2004 03:34 PM
102 replies to this topic
#17
Thom
-
- Members
-
- 308 posts
Staff Sergeant
Posted 30 January 2004 - 05:00 AM
Very good work, I just got one problem;
[Hidden Ports]
TCP:2125,6667
UDP:2125,6667
looks good eh?
Started the service and I launched a netcat shell on it, typed netstat and I get
TCP ssbm124:2350 ***:2125 ESTABLISHED
any ideas?
[Hidden Ports]
TCP:2125,6667
UDP:2125,6667
looks good eh?
Started the service and I launched a netcat shell on it, typed netstat and I get
TCP ssbm124:2350 ***:2125 ESTABLISHED
any ideas?
#18
Fletcher
-
- Members
-
- 53 posts
Private First Class
Posted 30 January 2004 - 05:13 AM
wow great work 
thanks a lot
thanks a lot
#19
AlessandroIT
-
- Members
-
- 48 posts
Private First Class
Posted 30 January 2004 - 05:14 AM
Try To Hidden Port 2350 too 
#21
jimmy
-
- Members
-
- 135 posts
Specialist
Posted 30 January 2004 - 06:52 AM
Thom , I just tested it. The ports hide function works properly.
I hope you don't have a netcat shell with root privileges or started from the backdoor shell, which also has root privileges than
I hope you don't have a netcat shell with root privileges or started from the backdoor shell, which also has root privileges than
#22 Guest_Torment_*
Guest_Torment_*
-
- Guests
Posted 30 January 2004 - 10:13 AM
Well is not complete invisible my AV detected it , btw is the F-Secure.
, btw is the F-Secure.
#23
mech
-
- Members
-
- 12 posts
Private
Posted 30 January 2004 - 10:30 AM
Thanks for the app mate. It isn't detected by Kaspersky AV. Well done and thatnks a bunch.
#24
MxMx
-
- Members
-
- 329 posts
Staff Sergeant
Posted 30 January 2004 - 11:06 AM
if your AV detects it .. just use morphine or upxmodified .. i think the only problem is that morphine doesnt encrypt your hxdefdriver.dll 
which the program creates at the startup
which the program creates at the startup
#25
jimmy
-
- Members
-
- 135 posts
Specialist
Posted 30 January 2004 - 11:17 AM
MxMx you cleary don't know what you're talking about
first of al it's the system driver which gets detected. Which is truly annoying.
Second of all some AV detect morphine, and complain about it. So plz first check stuff out before giving such lame comments. I even said it in the readme. I didn't UPX or anything cause some AV detect and complain ...
first of al it's the system driver which gets detected. Which is truly annoying.
Second of all some AV detect morphine, and complain about it. So plz first check stuff out before giving such lame comments. I even said it in the readme. I didn't UPX or anything cause some AV detect and complain ...
#26
phaeton
-
- Members
-
- 137 posts
Specialist
Posted 30 January 2004 - 12:38 PM
jimmy take it easy dude 
he just said what anyone might say if something is detected. you dont need to shoot him down.
if its detected on any av someone could tell you that you "clearly dont know what you are doing" if you release it and its detected.
just simmer down, he tried to help and that never hurts.
he just said what anyone might say if something is detected. you dont need to shoot him down.if its detected on any av someone could tell you that you "clearly dont know what you are doing" if you release it and its detected.
just simmer down, he tried to help and that never hurts.
#27
AlessandroIT
-
- Members
-
- 48 posts
Private First Class
Posted 30 January 2004 - 02:24 PM
Well it works good...So Sm1 Can explain me How To use backdoor? I tried to put in ini file that "BackdoorShell=client.exe"
Then tried to connect to localhost on port 80...But it don't work..
Sm1 can help me?
Then tried to connect to localhost on port 80...But it don't work..
Sm1 can help me?
#28
jimmy
-
- Members
-
- 135 posts
Specialist
Posted 30 January 2004 - 02:38 PM
you need to connect with client.exe to the box
that's all
just open the client.exe at home. and don't change the ini for that part
that's all
just open the client.exe at home. and don't change the ini for that part
#29
phaeton
-
- Members
-
- 137 posts
Specialist
Posted 30 January 2004 - 03:33 PM
Also make sure your backdoor shell is part of the root processes so that is has some meaning over a regular nc shell =D
#30 Guest_clubfed_*
Guest_clubfed_*
-
- Guests
Posted 31 January 2004 - 04:37 AM
Thom I had the same problem - hxdef doesn't filter REMOTE ports, just local. which is lame as hell, because I had told them about the problem over a year ago. I switched away from hxdef since around version 073 because i was fet up with not being able to cover netstat output and ended up writing my own (based on another rootkit, so a lot of ripped code, but who cares it was just for me never released)Very good work, I just got one problem;
[Hidden Ports]
TCP:2125,6667
UDP:2125,6667
looks good eh?
Started the service and I launched a netcat shell on it, typed netstat and I get
TCP ssbm124:2350 ***:2125 ESTABLISHED
any ideas?
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
