Xqtftqx Posted December 23, 2007 Share Posted December 23, 2007 Alrighty, i got a idea where when you run a payload it silently installs ssh. and then you can connect. there for you can transfer files through your computer to the victims or the victims to you. any ideas on ssh servers? Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted December 23, 2007 Share Posted December 23, 2007 openssh Quote Link to comment Share on other sites More sharing options...
Xqtftqx Posted December 24, 2007 Author Share Posted December 24, 2007 ill try it... Quote Link to comment Share on other sites More sharing options...
Xqtftqx Posted December 24, 2007 Author Share Posted December 24, 2007 Alright, its finished and working :) it will be in Xqtftqx payload 1.0. Quote Link to comment Share on other sites More sharing options...
sist3m Posted December 25, 2007 Share Posted December 25, 2007 I was curious about the keylogger you are using. It's fairly stealthy as I couldn't get a Av company to name th threat. I even tried running through a popular binary analysis system online. http://www.threatexpert.com Here are the results : http://www.threatexpert.com/report.aspx?md...ab95bd9d7cb001f I believe that encrypting binary is useless as they will have to be decrypted in memory to be executed as most modern AV products can monitor memory. They safest way to get around the AV problems is to kill the AV processes in memory. I'm going to modify your payload. I'm going to make a list of popular AV binaries, identify and kill then in memory. BUt first the MS Security center will have to be disabled so the user does not get the alert telling him/her their computer is at risk because no AV is running. With on the payload I modified, I was able to run win-grep to search for Credit Card regex's and log them to a text file then email it to me via Blat!! :) ^([34|37]{2})([0-9]{13})$ and your expression for VISA or MC is ^(5[1-5]d{2})d{12}|(4d{3})(d{12}|d{9})$ they will not find the same sequence. If you want to further limit your search for MC or Visa, MC starts with a 51, 52, 53, 54 or 55 and Visa with a 4. So you could write ^([51|52|53|54|55]{2})([0-9]{14})$ or ^([4]{1})([0-9]{12,15})$. Regular expressions can be very, very helpful. you get the idea Quote Link to comment Share on other sites More sharing options...
hexlax Posted December 26, 2007 Share Posted December 26, 2007 You may also want to check out PsExec from sysinternals. There are many obstacles that one has to overcome when dealing with IP reachback: -the node has a publicly routable IP address -Client Software Firewalls (whether Windows embedded or 3rd party such as Zone Alarm) -NAT, DMZ, port forwarding, etc. Just some ideas. Interesting post though on the key logger. :) Quote Link to comment Share on other sites More sharing options...
Xqtftqx Posted December 27, 2007 Author Share Posted December 27, 2007 Alright guys. well im gonna realse the new payload as soon as me and stablefoxx get some stuff together. oh and sist3m, IM me Txqtftqx(aim) and maybe you can join the team. Thanks P.S. if you didnt know me and stablefoxx teamed up working on this. Maybe Ill Post a beta today Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.