Technology so some decides to post my external ip address...
- Thread starter tennis_dog
- Start date
Yes. Reverse connections are the easiest method. So much easier than killing a firewall then attempting to connect, etc.
There's ALOT of those script-kiddie hackers out there that just use premade trojans to get in your system. All you really need to do is keep a close eye on everything you download and at least KNOW who your downloading from.
When I played with trojans, I usually just binded it with an image or a game or something. You open it, and I'm in. It's as simple as that.
There's ALOT of those script-kiddie hackers out there that just use premade trojans to get in your system. All you really need to do is keep a close eye on everything you download and at least KNOW who your downloading from.
When I played with trojans, I usually just binded it with an image or a game or something. You open it, and I'm in. It's as simple as that.
Firewalls still track reverse connections. You will need an AV killer or advanced injection to bypass the latest firewalls (including the latest Windows one). For the latest zone alarm which even scans stuff trying to inject itself through the memory (this is how it is done), to programs allowed access already, it is even harder to bypass.
You cannot bind trojans with images, only executables (exe, bat etc). Using premade utilities, any AV will pick up the stub (used to join the files together and run them upon execution) of the binder.
So, no, its not as simple as that.
But if he monitors what he downloads he will never get one of these files. AV will pick it up if it does get in (in most 'script-kiddie' situations).
If it has had an amateur manual code-crypt routine or manual pack, AV heuristics will see it.
You cannot bind trojans with images, only executables (exe, bat etc). Using premade utilities, any AV will pick up the stub (used to join the files together and run them upon execution) of the binder.
So, no, its not as simple as that.
But if he monitors what he downloads he will never get one of these files. AV will pick it up if it does get in (in most 'script-kiddie' situations).
If it has had an amateur manual code-crypt routine or manual pack, AV heuristics will see it.
was that to me? if so, no. it actually made me more ignorant.
It's kind of hard for you to tell me that I can't bind a trojan with an image when I've already done it. Also, not all AV software is 'as good as you think'. It's about a weekly/monthly routine for the creators of these trojans to update and find a way to get past when an AV prog finally finds another way to see it.
As for the firewall thought. Yes most AV progs will see the trojan close to immediatly (not always immediatly), which is why AV killers are built in as well. I don't mean this in a smart ass way, but have you ever seen the client side of a trojan? Most trojans are built ready to break ur machine down starting with av's, then firewalls, and then whatever you feel.
And I did say if he watched what he downloaded he wouldn't get the files. I didn't say it was impossible not to get them. Obviously, if you didn't download b/s all the time like music, movies, PORN, etc.. then you wouldn't have a strong chance of catching a trojan.
my answer
to add on to that answer. I say again, the firewall can be killed with the same trojan used to make the reverse connection.
It's kind of hard for you to tell me that I can't bind a trojan with an image when I've already done it. Also, not all AV software is 'as good as you think'. It's about a weekly/monthly routine for the creators of these trojans to update and find a way to get past when an AV prog finally finds another way to see it.
As for the firewall thought. Yes most AV progs will see the trojan close to immediatly (not always immediatly), which is why AV killers are built in as well. I don't mean this in a smart ass way, but have you ever seen the client side of a trojan? Most trojans are built ready to break ur machine down starting with av's, then firewalls, and then whatever you feel.
And I did say if he watched what he downloaded he wouldn't get the files. I didn't say it was impossible not to get them. Obviously, if you didn't download b/s all the time like music, movies, PORN, etc.. then you wouldn't have a strong chance of catching a trojan.
my answer
to add on to that answer. I say again, the firewall can be killed with the same trojan used to make the reverse connection.
oh, sorry about my earlier comment. i don't know what i was thinking. you CAN bind an image to a trojan, but the outcome will show an executable as the file type (for instance britneyxxxfuckslutwhorecum.exe).
you cannot rename it to .jpg or something because that is not executable and neither the image nor trojan will work at all. and this will fool nobody anyway, as i doubt you are familiar with resource editing in this field (although it is implemented in certain apps nowadays.) to make a thumbnail of the picture the main icon. if people see picture.exe (regardless of the image as the icon) they will usually not click.
lol... do you know what the creators do to make them undetectable from all AV? create fake variables and constants, change the names and bitlengths of the titles of current var/cons (and accordingly throughout the source code), add fake program code in between random lines and change the crypt properties directly in the source code (changing one or two numbers...). this all takes <5 minutes.
AV is guaranteed not to pick it up, heuristics are no match if done right. as long as the program is not given out, AV will NEVER pick it up. especially if you have your own crypt or packing routine that has not been released to anyone. the file then cannot be scanned after the EP and crypt routine points. it will read right past the jibberish because it cannot decipher it, as it is not in the database of formats.
these are only a couple ways to get stuff undetected.
A program with an AV killer cannot kill AV if the AV has not immediately recognized it as a trojan. AV killer or not, and despite if it picks it up right away, when you execute the file it will go through the AV first. it doesn't run first and then get scanned. even if your AV does not possess the ability to scan in real-time (constantly scanning, even when doing nothing), it will still scan upon file execution, BEFORE the file is read into the memory and launched.
and yes, i have seen many client sides. many of the options are useless but why try to destroy anything?
what you want is stealth, isnt it?
and this is where bigmack has the right idea. reverse-connecting trojans are by far the most useful. sure, you could kill the AV and FW, but its far better being in a system, undetected without the firewall noticing outgoing connections (injection, or using certain ports) and the AV not picking up anything (because it cannot be detected...).
you would not need to do any harm but you could easily set up a permanent key logger that sends updates via CGI to your free webserver every day, which you created with anonymous proxies enabled. thats splinter cell shit
if you kill everything on the system they are gonna know something is wrong. of course, either way, you would not want to do this to anybody anyway. its a serious breach of privacy, and you will probably get caught. i mean you, im not generalizing...
and i say again- if you would be willing to kill this service, which will no doubt alert the system owner, you are a fool.
you cannot rename it to .jpg or something because that is not executable and neither the image nor trojan will work at all. and this will fool nobody anyway, as i doubt you are familiar with resource editing in this field (although it is implemented in certain apps nowadays.) to make a thumbnail of the picture the main icon. if people see picture.exe (regardless of the image as the icon) they will usually not click.
lol... do you know what the creators do to make them undetectable from all AV? create fake variables and constants, change the names and bitlengths of the titles of current var/cons (and accordingly throughout the source code), add fake program code in between random lines and change the crypt properties directly in the source code (changing one or two numbers...). this all takes <5 minutes.
AV is guaranteed not to pick it up, heuristics are no match if done right. as long as the program is not given out, AV will NEVER pick it up. especially if you have your own crypt or packing routine that has not been released to anyone. the file then cannot be scanned after the EP and crypt routine points. it will read right past the jibberish because it cannot decipher it, as it is not in the database of formats.
these are only a couple ways to get stuff undetected.
A program with an AV killer cannot kill AV if the AV has not immediately recognized it as a trojan. AV killer or not, and despite if it picks it up right away, when you execute the file it will go through the AV first. it doesn't run first and then get scanned. even if your AV does not possess the ability to scan in real-time (constantly scanning, even when doing nothing), it will still scan upon file execution, BEFORE the file is read into the memory and launched.
and yes, i have seen many client sides. many of the options are useless but why try to destroy anything?
what you want is stealth, isnt it?
and this is where bigmack has the right idea. reverse-connecting trojans are by far the most useful. sure, you could kill the AV and FW, but its far better being in a system, undetected without the firewall noticing outgoing connections (injection, or using certain ports) and the AV not picking up anything (because it cannot be detected...).
you would not need to do any harm but you could easily set up a permanent key logger that sends updates via CGI to your free webserver every day, which you created with anonymous proxies enabled. thats splinter cell shit
if you kill everything on the system they are gonna know something is wrong. of course, either way, you would not want to do this to anybody anyway. its a serious breach of privacy, and you will probably get caught. i mean you, im not generalizing...
and i say again- if you would be willing to kill this service, which will no doubt alert the system owner, you are a fool.
Donate
Any donations will be used to help pay for the site costs, and anything donated above will be donated to C-Dub's son on behalf of this community.
Members online
No members online now.