Category Programs

WOMAN v0.01 release

I’m releasing version 0.01 of WOMAN (Who’s On Ma Network). I find myself creating fake access points often for penetration tests and created this very simple tool to fill a need of mine. When clients associate to me I want a quick and dirty (and reliable) way to identify which systems are active and the […]

Static Callback (reverse cmd.exe)

As promised below is a link to the netcat like callback program.  It’s sole purpose is to send back cmd.exe to the IP and port of your choosing.  Default is 10.0.0.1 on port 1025.  These can be redefined in main.c.  There is no window on the client so it is relatively stealthy.  Just start your […]

Netcat Callback Every X Seconds

Threw this together real quick.  Basically just calls the netcat command every 10 seconds to callback to our server and open a shell.  It’s use is limited since it doesn’t hide the cmd window that it generates.  However I can see a few cases where this would be acceptable and it’s a good POC if […]

Execute Trojan exe before every executable

Someone asked me about a virus on a machine that altered the registry to execute itself every time another executable was opened. I explained that this was relatively trivial to do and thought I should back it up with some source code. First piece is how do we tell windows to launch an exe before […]

Linux Stealthy Backdoor using portknocking technique

http://leetsys.com/programs/stealthybd/stealthybd.c Wrote this program back in 2004 and had posted it using a pseudonym. I cleaned it up a tiny bit, and it is fully functional. The backdoor puts the interface in promiscuous mode and does not open a listen()ing socket until it sees 5 packets on port 5000 within a 60 second period. At […]

Win32 tcp connect() skeleton

http://leetsys.com/programs/skeletons/win32/connect.c Very simple example of using winsock to connect to a chosen port. Grabbed most of the source from gandalf’s whois.c, so thank you gandalf. Sends the 3rd command line argument over the socket, prints the data received and then quits. Test it by telneting to an smtp server on port 25 and sending ‘helo […]

Brute Force AIM Password Perl Script – from Aimsniff Authentication Dump

Here’s the perl script to brute force the aim password using the challenge code and response hash from Aimsniff. It is very surprising how fast it is, especially considering it’s just using an interpreted language. Best thing would be to use a dictionary creator and go to town. Benchmark it by putting your password at […]