Virus TXTs

ACK Tunneling Trojans

– Arne Vidstrom, arne.vidstrom@ntsecurity.nu
Summary

Trojans normally use ordinary TCP or UDP communication between their client and server parts. Any firewall between the attacker and the victim that blocks incoming traffic will usually stop all trojans from working. ICMP tunneling has existed for quite some time now, but if you block ICMP in the firewall you’ll be safe from that. This paper describes another concept, that I call ACK Tunneling. ACK Tunneling works through firewalls that don’t apply their rule sets on TCP ACK segments (ordinary packet filters belong to this class of firewalls).

WinShell v5.0 £­ A finished telnet server for windows

Author : janker
Homepage: http://www.janker.org

About
=====
WinShell was a telnet server for windows platform. Main program was just a 5k bytes stand-alone executable file, Could run stably without any third dll, Although it was so thin, it had many of functions, such as custom port, password protect, muti-user logon, NT Service mode, download file£¬user-defined message, special anti-ddos and etc. Detail to see the following:

farm9 README.txt for cryptcat
09-22-2000

Thanks for downloading cryptcat

This is a simple modification to netcat to add twofish encryption.
netcat was origianally written by the l0pht (hobbit and weld pond).

The portion of the code written by farm9 is being released as Open Source.

See the file ‘farm9 Public License Agreement.txt’ for info on Open Source licensing.

Netcat 1.10=========== Netcat is a simple Unix utility which reads and writes dataacross network connections, using TCP or UDP protocol.It is designed to be a reliable "back-end" tool that canbe used directly or easily driven by other programs andscripts. At the same time, it is a feature-rich networkdebugging and exploration tool, since it can create almostany kind of connection you would need and has severalinteresting.....

sdbot 0.5b (test release) by [sd] =================================== web site: http://sdbot.n3.net/ e-mail: sdbot@mail.ru sonork id: 100.2600 icq: 21381594 irc: irc.lcirc.net, #sdbot how to edit the source file ----------------------------- extract the files from the zip into a folder, and look for a file called 'sdbot05b.c' (LCC/mingw) or 'sdbot05b.cpp' (MSVC++). these are source files for sdbot. the contents of both files are exactly the same, they are seperate.....

Hacker defender v0.7.3====================== Main---- Hacker defender v0.7.3 byHoly_Father <holy_father@phreaker.net> & Ratter/29A <ratter@atlas.cz>Copyright (c) 2000,forever ExEwORxbirthday: 10.01.2003home: http://rootkit.host.skBetatesters:ch0pper <THEMASKDEMON@flashmail.com>phj34r (sandstorm99@ziplip.com)ierdna (ierdna@go.ro)UnixDied Hacker defender is rootkit for Windows NT 4.0, Windows 2000 and Windows XP.Main code was written in Delphi 6. New functions are written in assembler.Backdoor and redirector clients are coded mostly in Delphi 6. program uses adapted LDE32LDE32, Length-Disassembler Engine, 32-bit, (x) 1999-2000 Z0MBiEspecial edition.....

========================

– Sub 7 2.1.5 –
– coded by mobman –
_ ReaDMe/Tutorial _
– by FuX0reD –
[ http://www.sub7.net ] ========================

Intro:
In this tutorial I, FuX0reD, will try to do as much hand-holding and will
try to be as THOROUGH as possible, AND IT WILL BE IN PLAIN ENGLISH (for
those people who dont know, or dislike to speak in english). As easy as it
is to figure out, some people still end up screwin up somehow, and infecting
their own asses and end up being 0wned by some other llahmas, so try to
understand these features as well as possible If you have anything to add to
this tutorial or you find something I’ve missed, please email me at
{ fux0red@devil.com }
Everyone’s Favorite Llahma and #SubSeven whore,
– FuX0reD

EXE2HTML 1.0b Dox (C) 2000 by [ByteRage] —————————————-

 

What’s new in 1.0b
——————
– Fixed some bugs so that the program is looks less crappy 🙂
– Better exploit code (Windows directory can be variable, a little smaller)

 

How does it work, what systems does it run on ?
———————————————–
EXE2HTML creates an HTML file that will use the HTA exploit to extract an EXE/JPG/etc…-file from an HTML file. According to Georgi Guninski, the exploit runs on all windows versions with Internet Explorer 5.0/5.1 on.

CIPE-Win32 v2.0-pre14 README

——————————————————————–

This package consists of a binary installation and a development
environment of and for CIPE-Win32 v2.0 beta. This document assumes
a working knowledge of CIPE and it’s installation requirements.

 

CIPE-Win32 is a port of Olaf Titz’s CIPE VPN software from Linux
to Windows NT.

 

This software implements a functional node in a CIPE network on
Windows NT4.0 SP3-SP6 and Windows 2000. I don’t know if any DOS-based
Window OS’S will work or Windows XP, others are welcome to attempt
installation.

 

I know this documentation is not “polished”. When the software is
working perfectly, I’ll do a nice HTML help system (unless someone
is willing to start it for me).

 

128 bit Blowfish encryption is supported at the moment. 128 bit IDEA
support is being worked on.