.: Telnet Backdoor for WindowsXP 1.3 :.
Released 17 years, 12 months ago. Aug 2004By heroin
- Coded by: heroin
- Version: Telnet Backdoor for WindowsXP 1.3
- Released date: Aug 2004, 17 years, 12 months ago.
- Family: Telnet Server
- Category: Remote Access
dropped file: c:\WINDOWS\system32\svchost.exe size: 67.584 bytes port: 1023 TCP added to registry: HKEY_CLASSES_ROOT\.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NTLMSSP\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TLNTSVR\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NtLmSsp\Enum HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NTLMSSP\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TLNTSVR\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtLmSsp\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum tested on Windows XP
### USAGE: ### cmd:\>Telnet 127.0.0.1 1023 Login with: "iwam_user" Password is: "mypass" #### WHAT HAPPENS: #### :: ADD USER WITH SUFFiCENT RiGHTS! add user "iwam_user" with password "mypass" to the administrators group this will be the login and password. :: SET DiENST! (service) set the telnet service to run as svchost.exe in the system account /you will not notice it on the first view! :: SET REGiSTRY! set our service to run on port 1023 instead 23, disable event & admin logs :: SET LOGiN.CMD! set the login-screen. :: RUN iT! as the name it says.. #### WHAT TO DO: #### the batchfile is configured to run in a german operating system if you want to use it in an english-os just change in line: 11 the word "administratoren" to "administrators", thats all! heroin
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at email@example.com, thank you in advance.