.: CmdShell 2.0 :.
Released 14 years, 6 months ago. May 2007By BlackCobra
- Coded by: BlackCobra
- Version: CmdShell 2.0
- Released date: May 2007, 14 years, 6 months ago.
- Coded in: Visual Basic
- Family: CmdShell
- Category: Remote Access
Server: dropped files: c:\WINDOWS\system32\server.dll Size: 28,692 bytes c:\WINDOWS\system32\yahoomessenger.exe Size: 50,705 bytes startup: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Windows Updates" data: C:\WINDOWS\yahoomessenger.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Updates" data: C:\WINDOWS\System32yahoomessenger.exe Tested on Windows XP July 08, 2007
This application is based on the fwb injection technique completely coded in vb. No c/c++/Delphi dlls or other is used for injection. Purely in vb. As the name suggests open a port on the victim computer and you can telnet to the target port and you will have the cmd shell. The application is not using any of the vb form. EditServer =========== Only 2 options for the moment. 1. port, to be opened on vic 2. registry name The application drops a dll file in the system32 dir and an exe file. The application auto starts on every boot.
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at email@example.com, thank you in advance.