Leviathan 0.1
(Backdoor.Win32.Leniv)

by Aphex

Written in Delphi

Released in April 2004

more versions 


Project Leviathan
http://www.iamaphex.cjb.net
[email protected]

This is the ultimate in FWB technology. It is a completely seemless integration of a backdoor on all listening ports. 
As soon as a connection is received the socket is passed to Leviathan. Then, Leviathan compares the source IP address to a DNS host.
If the host returns the same IP as the incomming source IP then Leviathan will keep control of the socket and use it for it's connection.
Otherwise, it will pass it up to the process that it was originally intended for.

To an outside observer there is no way to tell who is using the socket, Leviathan or a host process. Leviathan is completely transparent.
There are no DLL files. No extra processes. Just Leviathan running silently in the background.

Use:

To install Leviathan on a target you must first use the included "editor.exe" to create a installation patch.
The editor is command line and needs 3 parameters.

  editor.exe <output path> <master dns> <password>


For example: c:\> editor "install.exe" "aphex.no-ip.org" "qwerty"

Once the install file is ran on the target all listening ports are now able to accept Leviathan connections. 
To connect you must know of an open port. This is the tricky part but most users do have at least 1 or 2 that are usuable. 
Once you have identified an open port, telnet to it. When you are connected you will not be prompted.
Simply type in the configured password, in this case "qwerty", and hit enter. You will then see the Leviathan shell prompt.
Type help for a list of commands.

The reason for using aphex.no-ip.org is so that Leviathan knows when to intercept sockets. 
If I have aphex.no-ip.org set to ip 1.2.3.4 and connect to the host using IP 1.2.3.4 Leviathan will then trigger and create a shell.

There is no startup method included. I wanted this to be flexable so that it can autorun in many different ways.
The best way is left up to you to decide.

Project Leviathan bypasses ALL software firewalls that already have services allow

Aphex
MegaSecurity