by heroin
Released in August 2004
Telnet Backdoor for WindowsXP Ver 1.2 FiNAL 09/August 2004 (1.411 Bytes) (C) heroin_AT_mol.mn ### USAGE: ### cmd:\>Telnet 127.0.0.1 1023 Login with: "iwam_user" Password is: "mypass" #### WHAT HAPPENS: #### :: ADD USER WITH SUFFiCENT RiGHTS! add user "iwam_user" with password "mypass" to the administrators group this will be the login and password. :: SET DiENST! (service) set the telnet service to run as svchost.exe in the system account /you will not notice it on the first view! :: SET REGiSTRY! set our service to run on port 1023 instead 23, disable event & admin logs :: SET LOGiN.CMD! set the login-screen. :: RUN iT! as the name it says.. #### WHAT TO DO: #### the batchfile is configured to run in a german operating system if you want to use it in an english-os just change in line: 11 the word "administratoren" to "administrators", thats all! heroin dropped file: c:\WINDOWS\system32\svchost.exe size: 67.584 bytes changed file: c:\WINDOWS\system32\login.cmd old size: 487 bytes new size: 354 bytes port: 1023 TCP keys added to registry: HKEY_CLASSES_ROOT\.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\svchost HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\C HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\svchost tested on Windows XPMegaSecurity