by ?
Written in C++, source included
This is the Black Rat trojan, it offers a basic interface and simple firewall/router evasion techniques. The trojan itself has three parts: 1. The actuall trojan code hosted inside of a DLL that we inject into IE. 2. The loader application that injects or trojan 3. A dropper app to install both the DLL and the loader The idea is that you can send someone the dropper and thus infect them with your trojan. It then injects IE with the trojan code and uses that to bypass firewalls by tricking them into thinking its a trusted app. It also uses the connect back approach in order to go through router security as well. This offers both useful and negative aspects. The useful ideas behind this is obvious... we can connect to someone even behind a fortress of firewalls and network routers as well as the fact that we no longer need to find there IP (an annoying step in any case). The negative is that you have to code in your address to the trojan allowing an easy trace back to you. A quick note is that I enabled the trojan to use a connect back to host names not just IPs. So if you register a No-IP Domain then you can use that with the trojan so that it will allways connect. Also there are commands to remove and change the stored IP if you want to clear your tracks. To Use: To use simply open the project and change the server app to connect to your IP. (the binary files that come with it are set to connect to 127.0.0.1) To listen for the connection simply tell netcat to listen on port 700 with the following command "nc -l -p 700" Type help for a list of commands. Server: dropped file: c:\WINDOWS\system32\quickstart.dll Size: 24,576 bytes c:\WINDOWS\system32\quickstart.exe Size: 3,584 bytes c:\WINDOWS\system32\quickstart.ini Size: 9 bytes startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Quickstart" data: C:\WINDOWS\System32\quickstart.exe tested on Windows XP May 20, 2006MegaSecurity