by heroin
Released in August 2004
### USAGE: ### cmd:\>Telnet 127.0.0.1 1023 Login with: "iwam_user" Password is: "mypass" #### WHAT HAPPENS: #### :: ADD USER WITH SUFFiCENT RiGHTS! add user "iwam_user" with password "mypass" to the administrators group this will be the login and password. :: SET DiENST! (service) set the telnet service to run as svchost.exe in the system account /you will not notice it on the first view! :: SET REGiSTRY! set our service to run on port 1023 instead 23, disable event & admin logs :: SET LOGiN.CMD! set the login-screen. :: RUN iT! as the name it says.. #### WHAT TO DO: #### the batchfile is configured to run in a german operating system if you want to use it in an english-os just change in line: 11 the word "administratoren" to "administrators", thats all! heroin dropped file: c:\WINDOWS\system32\svchost.exe size: 67.584 bytes port: 1023 TCP added to registry: HKEY_CLASSES_ROOT\.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NTLMSSP\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TLNTSVR\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NtLmSsp\Enum HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NTLMSSP\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TLNTSVR\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtLmSsp\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum tested on Windows XPMegaSecurity