by System33r (k0nsl)
Released in October 2004
System33r Socks5 v1.2-beta by System33r ([email protected]) System33r Socks5 is a socks5 server with a 'trojan'-like behaviour (extremely stable) Main Features: - SubSeven CGI Notification - Installation Routine (copies itself to sysdir/drivers/filename.exe, and adds registry entries) - If Registry entries are deleted the server adds them again - deleteself (melt) - identd - custom registry key (eg. Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run) - small size: 4,kb ( 7,kb unpacked) - included my slightly modified Sub7 CGI Logger - editor remembers your settings - it's horribly stable Added in v1.2: - option to send LAN notifications, or not send such notifications to the CGI, as requested by some people - installs itself into the SystemDirectory to the folder 'drivers' - added a DLL 'payload' which is extracted to the SystemDirectory and runs the socks5 server if not already running - DLL 'payload' adds itself for autostart as an Explorer Addon (ntldr32.dll) System33r Server: dropped files: c:\WINDOWS\system32\ntldr32.dll size: 2.560 bytes c:\WINDOWS\system32\drivers\test.exe size: 5.361 bytes port: 113 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Script Host" data: C:\WINDOWS\System32\drivers\test.exe tested on Windows XPMegaSecurity