Telnet Backdoor 1.3
Released 20 years, 3 months ago. August 2004
Copyright © MegaSecurity
By heroin
Informations
Author | heroin |
Family | Telnet Server |
Category | Remote Access |
Version | Telnet Backdoor 1.3 |
Released Date | Aug 2004, 20 years, 3 months ago. |
Additional Information
dropped file:
c:\WINDOWS\system32\svchost.exe
size: 67.584 bytes
port: 1023 TCP
added to registry:
HKEY_CLASSES_ROOT\.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NTLMSSP\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TLNTSVR\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NtLmSsp\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NTLMSSP\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TLNTSVR\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtLmSsp\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum
tested on Windows XP
Author Information / Description
### USAGE: ###
cmd:\>Telnet 127.0.0.1 1023
Login with: "iwam_user"
Password is: "mypass"
#### WHAT HAPPENS: ####
:: ADD USER WITH SUFFiCENT RiGHTS!
add user "iwam_user" with password "mypass" to the administrators group this
will be the login and password.
:: SET DiENST! (service)
set the telnet service to run as svchost.exe in the system account /you will not
notice it on the first view!
:: SET REGiSTRY!
set our service to run on port 1023 instead 23, disable event & admin logs
:: SET LOGiN.CMD!
set the login-screen.
:: RUN iT!
as the name it says..
#### WHAT TO DO: ####
the batchfile is configured to run in a german operating system if you want to use it
in an english-os just change in line: 11 the word "administratoren" to "administrators",
thats all!
heroin
If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.