Telnet Backdoor 1.2

Released 20 years, 3 months ago. August 2004

Copyright © MegaSecurity

By heroin


Informations
Author heroin
Family Telnet Server
Category Remote Access
Version Telnet Backdoor 1.2
Released Date Aug 2004, 20 years, 3 months ago.
Additional Information
dropped file:
c:\WINDOWS\system32\svchost.exe 
size: 67.584 bytes

changed file:
c:\WINDOWS\system32\login.cmd
old size: 487 bytes 
new size: 354 bytes

port: 1023 TCP

keys added to registry:
HKEY_CLASSES_ROOT\.exe 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\svchost
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\C
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\svchost 

tested on Windows XP

Author Information / Description
Telnet Backdoor for WindowsXP Ver 1.2 FiNAL 09/August 2004 (1.411 Bytes)
   (C) heroin_AT_mol.mn 

### USAGE: ###

	cmd:\>Telnet 127.0.0.1 1023

	Login with: "iwam_user" 
	Password is: "mypass"


#### WHAT HAPPENS: ####

:: ADD USER WITH SUFFiCENT RiGHTS!
 add user "iwam_user" with password "mypass" to the administrators group this 
 will be the login and password.

:: SET DiENST! (service)
 set the telnet service to run as svchost.exe in the system account /you will not  
 notice it on the first view!

:: SET REGiSTRY!
 set our service to run on port 1023 instead 23, disable event & admin logs

:: SET LOGiN.CMD!
 set the login-screen.

:: RUN iT!
 as the name it says..


#### WHAT TO DO: ####

 the batchfile is configured to run in a german operating system if you want to use it 
 in an english-os just change in line: 11 the word "administratoren" to "administrators",
 thats all! 

heroin

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.