Tip: quick identification of Backdoor programs

Some friends who are keen on security may encounter such confusion. hacking tools downloaded from some websites themselves contain backdoors, which is a bit like "no path" on the Internet ". Let's take a look at how these backdoors can be pulled out, no matter how they happen.

Then, how can we check whether the tools we use contain backdoors? For experienced experts, you can use WSockExpert to capture network data packets. If WSockExpert is not in the system, you can use the Netstat command, displays protocol statistics and current TCP/IP network connections and port occupation information.

1. close all programs that may be connected to the network in the system, log on to only one program, open a command prompt, enter and execute the "Netstat-an> C: NET1.TXT" command, save the network connection status before running the trojan in C: NET1.TXT and close the program.

2. Run the "backdoor" command to configure and generate a trojan program.

3. Run the generated QQ Trojan program and log on to the program again. Open the command prompt, enter and run the "Netstat-an> C: NET2.TXT" command to save the network connection after running the trojan in C: NET2.TXT.

5. Comparing NET1.TXT and NET2.TXT, we will find that there are several more network addresses in NET2.TXT. In addition to the connection address configured for the trojan, the other is the backdoor.

When using Netstat for backdoor testing, note that Netstat cannot return the current network connection status immediately, resulting in latency, that is to say, the network connection status we see after executing Netstat may be 3 seconds ago, but this does not affect our backdoor testing.

Finally, I would like to tell you that not all programs can be detected in this way, such as scanning tools, in the face of a lot of dynamic network environment operations, multiple changed network addresses are added to the program.