Category backdoors

Capturing Windows 2K and XP Credentials at logon using stub GINA DLL

I wrote this DLL years ago and spoke about it at Rochester BSides last year. I’ve been meaning to post this since then, but time tends to get away from me. Because Windows 2K and XP might not be around that much longer I’m going to keep this post short and sweet. You can download […]

Genesis – Generic Rootkit Dropper with SSL Support

Quick update to add SSL support to Genesis, my (very) generic rootkit dropper which you can download at http://leetsys.com/programs/genesis/genesis-ssl.zip.  This allows us to download our rootkit over an encrypted tunnel.  Genesis still uses the curl library, however I chose not to compile it statically in this case.  If you wanted to compile this statically you’d have […]

Capturing Windows 7 Credentials at Logon Using Custom Credential Provider

For the Eternally Impatient The quick lowdown: I wrote a DLL capable of logging the credentials entered at logon for Windows Vista, 7 and future versions which you can download at http://www.leetsys.com/programs/credentialprovider/cp.zip.  The credentials are logged to a file located at c:\cplog.txt.  Simply copy the dll to the system32 directory and run the included register.reg […]

Covert System Manipulation Tool – SimSim

Scenario You have an Internet system that you would like to administer remotely without leaving the administrative service open to the entire Internet.  However you’re not always coming from the same source IP address.  Although it’s common practice to restrict access to only secure administration services (eg SSH) I’d like to avoid having any TCP […]

Genesis – Generic file (rootkit) dropper

I just wrote this simple rootkit dropper using the curl library which is extremely easy to customize to fit many needs.  Currently there are only three defines to change to specify the file you want to download and run.  Right now I’ve tested it grabbing the file via HTTP and executing it, works very nice. […]