lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <200308201349.51616.jstewart@lurhq.com>
From: jstewart at lurhq.com (Joe Stewart)
Subject: W32/Welchia, W32/Nachi backdoor?

On Wednesday 20 August 2003 11:20 am, Barry Irwin wrote:
> >creates a backdoor listening on TCP/707 or some other randomly chosen port
>
> between TCP/666 and >TCP/765 [2]
>
> Telnetting to this port seems to disconnected after 1-5 characters have
> been entered?  This doesn't look like TFTP (port 65/tcp&UDP), and the
> windows tftp client doesn't seem to offer any means of specifying a port to
> connect to?
>
> Is this some kind of password protected backdoor ?

No, it's a reverse shell. Telnet to the port and enter the following 2 lines
to see how it works:

Microsoft Windows
system32>

-Joe

-- 
Joe Stewart, GCIH 
Senior Security Researcher
LURHQ Corporation
http://www.lurhq.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ