System33r Socks5 1.4b
(Not detected by AVP on October 22, 2004)

by System33r (k0nsl)

Released in October 2004

more versions


System33r Socks5 v1.4b by System33r

System33r Socks5 is a socks5 server with a 'trojan'-like behaviour (extremely stable)


Main Features:
- SubSeven CGI Notification
- DLL injection with SRT library
- Installation Routine (copies itself to sysdir/drivers/filename.exe, and adds registry entries)
- If Registry entries are deleted the server adds them again
- deleteself (melt)
- identd
- custom registry key (eg. Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run)
- reasonable size
- included my slightly modified Sub7 CGI Logger
- editor remembers your settings
- it's horribly stable

Additional information:
- Server written in cpp
- Loader/Injector in ASM
- XOR routine by drocon 

Changes in v1.4b:
- mostly changes in the editor
- ability to send test notification to the cgi list by double clicking in the cgi url field
- wrote a extremely simple socks5 stub updater, see updater.readme.txt
- server sets it's own 'last modifed date' to that of notepad.exe
- stubs are not compatible with any older version of the editor
- socks5 username/password is no longer stored as plaintext in the registry
- tested on WinXP with Service Pack 2, it worked


System33r



MegaSecurity