by Hirosh
Released in january 2004
RECUB Features.
1 RC4 Encripted Reverce connect Shell for XP,2k,2003.
2 Bypass Firewalls by starting new instance of Internet explorer and injecting code
3 Activate throw Encrypted ICMP request
5 No listning ports
6 No Process visible,injects into Explorer.exe on startup and exiting
6 Activex startup
7 Empty All Event Logs After exiting the shell.
8 We can use Netcat also for remote shell.
9 EXE size only 5.39 KB
Hirosh
Server:
size: 5.520 bytes
startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{H9I12RB03-AB-B70-7-11d2-9CBD-0O00FS7AH6-9E2121BHJLK} "StubPath"
registry added:
HKEY_CURRENT_USER\Software\Microsoft\Cryptography\UserKeys\*Default*
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\*Default*\Data\4d1fa410-6fd9-11d0-8c58-00c04fd9126b\4d1fa412-6fd9-11d0-8c58-00c04fd9126b
MegaSecurity