UD
-
- Fame ! Where are the chicks?!
- Posts: 212
- Joined: 26 Mar 2006, 16:00
- 18
- Location: Infinite Loop
- Contact:
UD
Hey hey! i'm back (bet ya miss me *cough*)
So Lets say you have a RAT or even a Trojan. Some of them come with the "Kill AV" "Block CMD" "Block Tsk Mngr" etc...
Thats all very pretty but the thing is i can´t get them into anything, some of them either are detected as they enter the system (via Floopy or USB disk) or get insta-blocked by the AV once they are double clicked.
I KNOW there is a way to make them UD agains the AV.
I can't find anything about this.
Ty guys.
(ahhh the smell of flaming in the mornin' ) lol
So Lets say you have a RAT or even a Trojan. Some of them come with the "Kill AV" "Block CMD" "Block Tsk Mngr" etc...
Thats all very pretty but the thing is i can´t get them into anything, some of them either are detected as they enter the system (via Floopy or USB disk) or get insta-blocked by the AV once they are double clicked.
I KNOW there is a way to make them UD agains the AV.
I can't find anything about this.
Ty guys.
(ahhh the smell of flaming in the mornin' ) lol
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
to be honest I've never seen a real UD trojan.....I've been able to bind sub7 once so it wasn't detected by AVG and Norton, but I am sure other AVs would have been able to identify it.
and this "kill AV" command is a joke imo....ever tried to kill Norton? even if you, as validated user, want to do it: no chance....so how could a trojan do this? and even to ALL AVs?
UDs exist, but they only work for a short timespan, and only for a single AV that has an unfixed flaw....but well, even then, it'll show up in the processes and connections, so it only hits a DPU imo (dumbest possible user).
but well, maybe I am not really up to date anymore....
and this "kill AV" command is a joke imo....ever tried to kill Norton? even if you, as validated user, want to do it: no chance....so how could a trojan do this? and even to ALL AVs?
UDs exist, but they only work for a short timespan, and only for a single AV that has an unfixed flaw....but well, even then, it'll show up in the processes and connections, so it only hits a DPU imo (dumbest possible user).
but well, maybe I am not really up to date anymore....
-
- Fame ! Where are the chicks?!
- Posts: 212
- Joined: 26 Mar 2006, 16:00
- 18
- Location: Infinite Loop
- Contact:
lol, i remember in my golden age to have infected myself with a trojan that killed my AV (AVG)
Anyways....
You mentioned binders, wich binder you think, and what combination of files should be the most effective? (jpeg-exe, exe-exe, etc..)?
Yeah your right Norton is faav (fucking annoying anti virus) lol, cant be killed by user, and uses shitloads of memory (like that review from neo that stated it use like 900 MB of RAM doing a full scan, rofl, the only game that i seen using more than that is Fligh simulator (and dude thats 15 GB in HD lol))
Nice to hear from ya b_b
Anyways....
You mentioned binders, wich binder you think, and what combination of files should be the most effective? (jpeg-exe, exe-exe, etc..)?
Yeah your right Norton is faav (fucking annoying anti virus) lol, cant be killed by user, and uses shitloads of memory (like that review from neo that stated it use like 900 MB of RAM doing a full scan, rofl, the only game that i seen using more than that is Fligh simulator (and dude thats 15 GB in HD lol))
Nice to hear from ya b_b
just use a crypter or even better a PE protectoreppik wrote:lol, i remember in my golden age to have infected myself with a trojan that killed my AV (AVG)
Anyways....
You mentioned binders, wich binder you think, and what combination of files should be the most effective? (jpeg-exe, exe-exe, etc..)?
Yeah your right Norton is faav (fucking annoying anti virus) lol, cant be killed by user, and uses shitloads of memory (like that review from neo that stated it use like 900 MB of RAM doing a full scan, rofl, the only game that i seen using more than that is Fligh simulator (and dude thats 15 GB in HD lol))
Nice to hear from ya b_b
that way it wont be detected by av
-
- cyber messiah
- Posts: 1201
- Joined: 30 Apr 2006, 16:00
- 17
- Location: 127.0.0.1
lol you're back after a long time and you're still stuck on skiddie tools,
All antivirus software have their own way of detecting things...
a common way is database, they match the signatures of the already known virus/trojans. This can be bypassed by hex editing... change the values of the strings and some other stuff, which is not significant, try not to change opcodes or your virus/trojan will crash most probably.
Also many antivirus softwares monitor system activity, for e.g. if some program is trying to access or write at MBR, some program is trying to mess with system files.. some program is trying to play with registry and shit..
in that case, you need to start a hidden process thread, or kill AV, one can kill AV from another program but one has to know what program is running and create the code to kill that.. or one can make a list of all the AVs and assume that system has any one of them.. thats what i think kill av buttons do. But then i dont give a damn to skiddie tools.. so only creaters know what they are doing...
but if one has those skills... he wont be binding trojans and distributing around.
All antivirus software have their own way of detecting things...
a common way is database, they match the signatures of the already known virus/trojans. This can be bypassed by hex editing... change the values of the strings and some other stuff, which is not significant, try not to change opcodes or your virus/trojan will crash most probably.
Also many antivirus softwares monitor system activity, for e.g. if some program is trying to access or write at MBR, some program is trying to mess with system files.. some program is trying to play with registry and shit..
in that case, you need to start a hidden process thread, or kill AV, one can kill AV from another program but one has to know what program is running and create the code to kill that.. or one can make a list of all the AVs and assume that system has any one of them.. thats what i think kill av buttons do. But then i dont give a damn to skiddie tools.. so only creaters know what they are doing...
but if one has those skills... he wont be binding trojans and distributing around.
-
- Fame ! Where are the chicks?!
- Posts: 212
- Joined: 26 Mar 2006, 16:00
- 18
- Location: Infinite Loop
- Contact:
Thats the thing, i trie to hex edit the server file, but AVDEVIL (or smthing) doesnt work, gives an error message in german i believe, so i dont know wich code to alter (yes i read the hexing tut arround here)pseudo_opcode wrote:lol you're back after a long time and you're still stuck on skiddie tools,
All antivirus software have their own way of detecting things...
a common way is database, they match the signatures of the already known virus/trojans. This can be bypassed by hex editing... change the values of the strings and some other stuff, which is not significant, try not to change opcodes or your virus/trojan will crash most probably.
Also many antivirus softwares monitor system activity, for e.g. if some program is trying to access or write at MBR, some program is trying to mess with system files.. some program is trying to play with registry and shit..
in that case, you need to start a hidden process thread, or kill AV, one can kill AV from another program but one has to know what program is running and create the code to kill that.. or one can make a list of all the AVs and assume that system has any one of them.. thats what i think kill av buttons do. But then i dont give a damn to skiddie tools.. so only creaters know what they are doing...
but if one has those skills... he wont be binding trojans and distributing around.
and i aint stuck with skiddie toolz, just im w8ting till i get permission to test a company's network (server with 10 pc linked to it, has some thing i dont remember in the server, that makes a natural firewall using 2 netword cards (bridge i think?) I like that kinda stuff and i keep asking lots of people and local businesses to let me temper with stuff, i follow the "learn by doing rule", i like to spend half a day trying new stuff. Very educative...(i dont use trojans for that lol)
and bubzuru:
Crypter? PE Protector?just use a crypter or even better a PE protector
that way it wont be detected by av
Wtf is that lol im kind outdated.
- floodhound2
- ∑lectronic counselor
- Posts: 2117
- Joined: 03 Sep 2006, 16:00
- 17
- Location: 127.0.0.1
- Contact:
You could program an original. I programed a Trojan that was not detected by AV software, it was tricky to do, but effective. I figure it gives you a few weeks or even a month to get what you want. Then again i did not use mine to cause damage just to monitor the teenager at one of my computers. Of course after i handed it out to a few people here in Suck-o it became detected by AV, at least that is what i was told.
P.s. Trojans are weak in my opinion.
P.s. Trojans are weak in my opinion.
₣£ΘΘĐĦΘŮŇĐ
-
- cyber messiah
- Posts: 1201
- Joined: 30 Apr 2006, 16:00
- 17
- Location: 127.0.0.1
trojans are easy to code, if you're looking for something interesting, try rootkits, but then nothing is better than exploiting a system. Where's the challenge in sending trojans and waiting for them to execute.
Its ok.. knowledge is never harmful.. but trojans are for people, who are looking for a vulnerable user, it doesnt matter who is he.
Where as if you enjoy exploiting a specific target, you need excercise those cells, you'll realize, that trojans/viruses are out of question.. and securityfocus bugs just wont do, all applications have vulnerabilities waiting to be exploited, its just that no one has thought about, it, and those who do become famous...lol.
Ofcourse that requires time and commitment, you have to keep yourself motivated and initially you get that feeling that nothing is working out and you're wasting your time unless you get fruits for your hardwork.
So never say die....lol
Its ok.. knowledge is never harmful.. but trojans are for people, who are looking for a vulnerable user, it doesnt matter who is he.
Where as if you enjoy exploiting a specific target, you need excercise those cells, you'll realize, that trojans/viruses are out of question.. and securityfocus bugs just wont do, all applications have vulnerabilities waiting to be exploited, its just that no one has thought about, it, and those who do become famous...lol.
Ofcourse that requires time and commitment, you have to keep yourself motivated and initially you get that feeling that nothing is working out and you're wasting your time unless you get fruits for your hardwork.
So never say die....lol
a PE Protector is a program that coderseppik wrote:
Crypter? PE Protector?
Wtf is that lol im kind outdated.
use to stop crackers from cracking there programs
but ppl like you also like you use them because they
have lots of options like
memory guard
metamorph security
anti dumpers
resources encryption
monitor blockers ( file monitors , registry monitors )
entry point obfuscation
advanced api wrapping
advanced anti-debugger
and many more
i just coped them from the PE protector i use
so basically it just stops the av from detecting the signatures
and monitoring your files so then it becomes ud
- Big-E
- Administrator
- Posts: 1332
- Joined: 16 May 2007, 16:00
- 16
- Location: IN UR ____ , ____ING UR _____ .
- Contact:
Hey, what language did you code this in? I might be interested in it for POC type deal. I am interested in getting in Network Security, thus I am interested in how things work - available source code of an undetected trojan would be pretty decent to study.floodhound2 wrote:You could program an original. I programed a Trojan that was not detected by AV software, it was tricky to do, but effective. I figure it gives you a few weeks or even a month to get what you want. Then again i did not use mine to cause damage just to monitor the teenager at one of my computers. Of course after i handed it out to a few people here in Suck-o it became detected by AV, at least that is what i was told.
P.s. Trojans are weak in my opinion.
-
- Fame ! Where are the chicks?!
- Posts: 212
- Joined: 26 Mar 2006, 16:00
- 18
- Location: Infinite Loop
- Contact:
Nah, i've been away since ARPAnet...G-Brain wrote:They use Google back in your time?eppik wrote:Wtf is that lol im kind outdated.
lol
lol only programing i ever did was a pearl program that calculated areas and volumes lol. (I started learning HTML using that "defenitive guide to html in Suck-o DL section. i finally gathered the guts to do that lol)floodhound2 wrote:You could program an original. I programed a Trojan that was not detected by AV software, it was tricky to do, but effective. I figure it gives you a few weeks or even a month to get what you want. Then again i did not use mine to cause damage just to monitor the teenager at one of my computers. Of course after i handed it out to a few people here in Suck-o it became detected by AV, at least that is what i was told.
P.s. Trojans are weak in my opinion.
You using yoda's protector?buzburu wrote:a PE Protector is a program that coders
use to stop crackers from cracking there programs
but ppl like you also like you use them because they
have lots of options like
memory guard
metamorph security
anti dumpers
resources encryption
monitor blockers ( file monitors , registry monitors )
entry point obfuscation
advanced api wrapping
advanced anti-debugger
and many more
- floodhound2
- ∑lectronic counselor
- Posts: 2117
- Joined: 03 Sep 2006, 16:00
- 17
- Location: 127.0.0.1
- Contact:
Well i did this in Visual basic and i did one in CBig-E wrote:
Hey, what language did you code this in? I might be interested in it for POC type deal. I am interested in getting in Network Security, thus I am interested in how things work - available source code of an undetected trojan would be pretty decent to study.
₣£ΘΘĐĦΘŮŇĐ