Follow us on Twitter!
Become the change you seek in the world. - Gandhi
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 13
Guests Online: 12
Members Online: 1

Registered Members: 82889
Newest Member: Geriztul
Latest Articles
View Thread

HellBound Hackers | Computer General | Programming

Author

Trojan Reverse Connection

dopeboimag1k
Member

Your avatar

Posts: 30
Location: the Internet
Joined: 01.05.11
Rank:
Moderate
Posted on 05-01-12 08:53
I've been researching writing a trojan in C, and I want to verify that the information I have gathered is correct, and I haven't misunderstood anything. I understand the basic premise of a trojan and how they work, but the reverse connection part is what I want to clarify.

I have read that a trojan using a reverse connection is able to bypass firewall restrictions because it acts (from the firewall's perspective) in the same manner that a web browser would by opening a connection to a remote address and then waiting for a response. Does this imply that the executable won't be flagged by AV as a threat? Or do I have an incorrect understanding of the concept? Or maybe the user will have to authorize the program access to the internet?

I also have looked into implementing the reverse connection through an IRC bot. Could I implement this by "packaging" the trojan with an IRC bot? By packaging I mean having the program connect to some IRC channel from the infected computer, and then use the IRC bot (via private messages), which is also a trojan, to execute commands on the infected computer. Sorry if that doesn't make any sense, or it needs further clarification.


thirdgen.net16.net/images/signature.jpg

"Everybody wants greatness but nobody wants to work for it."

"If it was easy, everybody would do it."
Author

RE: Trojan Reverse Connection

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 05-01-12 14:08
dopeboimag1k wrote:
I've been researching writing a trojan in C, and I want to verify that the information I have gathered is correct, and I haven't misunderstood anything. I understand the basic premise of a trojan and how they work, but the reverse connection part is what I want to clarify.

I have read that a trojan using a reverse connection is able to bypass firewall restrictions because it acts (from the firewall's perspective) in the same manner that a web browser would by opening a connection to a remote address and then waiting for a response. Does this imply that the executable won't be flagged by AV as a threat? Or do I have an incorrect understanding of the concept? Or maybe the user will have to authorize the program access to the internet?

I also have looked into implementing the reverse connection through an IRC bot. Could I implement this by "packaging" the trojan with an IRC bot? By packaging I mean having the program connect to some IRC channel from the infected computer, and then use the IRC bot (via private messages), which is also a trojan, to execute commands on the infected computer. Sorry if that doesn't make any sense, or it needs further clarification.


if you code it yourself, provided its coded well it won't be picked up by AV scans.

a reverse connection is handy if you dont know the targets address, and saves you connecting to it each time they reboot.

if you get it to just visit a webpage and check for new commands is one way to do it, but it will still be flagged by firewalls as any attempt to reach the outside world is caught. however i bet this would be flagged as lower risk that a trojan that was going to be connecting to IRC..... i could be wrong though, it's been a while since i've played around with trojans.

http://www.hellboundhackers.org/
Author

RE: Trojan Reverse Connection

starofale
Member



Posts: 218
Location: England
Joined: 05.12.07
Rank:
Moderate
Posted on 05-01-12 22:30
dopeboimag1k wrote:
I have read that a trojan using a reverse connection is able to bypass firewall restrictions because it acts (from the firewall's perspective) in the same manner that a web browser would by opening a connection to a remote address and then waiting for a response.


As far as I know, the default Windows firewall settings block incoming connections but allow outgoing connections, so yes, a reverse connection would help you to bypass the firewall. A reverse connection would also be needed if the victim is behind a NAT (like most home routers).

http://en.wikiped. . .connection

dopeboimag1k wrote:
Does this imply that the executable won't be flagged by AV as a threat?

No.


Try a new search engine
Author

RE: Trojan Reverse Connection

dopeboimag1k
Member

Your avatar

Posts: 30
Location: the Internet
Joined: 01.05.11
Rank:
Moderate
Posted on 06-01-12 07:20
As far as I know, the default Windows firewall settings block incoming connections but allow outgoing connections, so yes, a reverse connection would help you to bypass the firewall. A reverse connection would also be needed if the victim is behind a NAT (like most home routers).

http://en.wikiped. . .connection

dopeboimag1k wrote:
Does this imply that the executable won't be flagged by AV as a threat?

No.


I guess my next area of research will need to be in the area of bypassing AV. I have successfully been able to use an IRC bot to act as a middle man between my computer and my test machine, and it bypasses Windows firewall with no problems.


thirdgen.net16.net/images/signature.jpg

"Everybody wants greatness but nobody wants to work for it."

"If it was easy, everybody would do it."