Okay so I found a method how to get your actually detected trojan undetected to the victims computer.
I basically use an encryption tool so it doesn't get picked up.
Then I'll make a batch file that decrypt the trojan and run it afterwards.
Now the problem is when this is done while the anti-virus is running it will pick it up (if the victim scan the file before running it, it wont detect it).
What I wanted to do is to somehow add it to boot files or something like so it launch my script BEFORE the anti-viruses loads, like prioritizing.
If that doesn't make sense I'll try to explain what I want to.
Victim downloads encrypted files.
Victim runs encrypted files.
Victims computer reboots.
When the victims computer is booting up the files will decrypt and run.
By that way it will get past the anti-virus.
I believe this is possible because of programs like Ad-Aware, it can scan your computer BEFORE anything else loads.
Alright need some help here about booting files.
-
furiousjoe
- Newbie
- Posts: 4
- Joined: 02 Nov 2006, 17:00
- 17
-
pseudo_opcode
- cyber messiah
- Posts: 1201
- Joined: 30 Apr 2006, 16:00
- 17
- Location: 127.0.0.1
while it may seem possible theoretically.. but most of the antivirus detect modification of MBR and other boot files like a virus like activity.
I like your approach but you havent done your homework.. a good antivirus prepares the checksum of all the files so if you are messing up with files it will come to know.
I m not gonna explain how you can make them undetected but i'll give you some hint.. the answer lies in antivirus itself.
Another hurdle which you ignore is the firewall, what can a trojan do if the firewall forbids it. You simply cant expect a victim to be lame enough.. when suddenly your firewall throws a message that "win32services.exe is trying to act as a server, you wanna allow it??" and victim says yes.
If victim computer is on dsl connection or some other connections(say dhcp based) how will you route packets to his computer on the port your trojan is running.
Newbies often dont know these facts and think that the trojan does not work, and it defeats the purpose of the trojan.. i remember i have rooted hundreds of boxes in good old days of dialup connections.. you have to stay one step ahead of technology.. technology is ever upgrading so we need to upgrade our war strategies as well.
Thats why we always discourage the use of trojans and keyloggers.
If you know how to use trojan you can hack many computers.
If you know how to make one.. you can hack ANY box.
People always look for tools for hacking and they dont realize that they already have the world's most powerful tool.. the human brain.
So make use of it. If you discovered this method yourself.. it impressed me, atleast we have some thinking brains here.
Suck-o is not a place for distributing trojans and help others hack others.
We respect the art of hacking...we discuss it,we try to stay one step ahead of hackers by being hackers. Everything here is for a good purpose, we dont want anyone to misuse the art of hacking.
Already the media has created a very bad impression and people think hackers are criminals and bad guys.
Remember, weapons are used by both criminals and police.
Cheers!!
I like your approach but you havent done your homework.. a good antivirus prepares the checksum of all the files so if you are messing up with files it will come to know.
I m not gonna explain how you can make them undetected but i'll give you some hint.. the answer lies in antivirus itself.
Another hurdle which you ignore is the firewall, what can a trojan do if the firewall forbids it. You simply cant expect a victim to be lame enough.. when suddenly your firewall throws a message that "win32services.exe is trying to act as a server, you wanna allow it??" and victim says yes.
If victim computer is on dsl connection or some other connections(say dhcp based) how will you route packets to his computer on the port your trojan is running.
Newbies often dont know these facts and think that the trojan does not work, and it defeats the purpose of the trojan.. i remember i have rooted hundreds of boxes in good old days of dialup connections.. you have to stay one step ahead of technology.. technology is ever upgrading so we need to upgrade our war strategies as well.
Thats why we always discourage the use of trojans and keyloggers.
If you know how to use trojan you can hack many computers.
If you know how to make one.. you can hack ANY box.
People always look for tools for hacking and they dont realize that they already have the world's most powerful tool.. the human brain.
So make use of it. If you discovered this method yourself.. it impressed me, atleast we have some thinking brains here.
Suck-o is not a place for distributing trojans and help others hack others.
We respect the art of hacking...we discuss it,we try to stay one step ahead of hackers by being hackers. Everything here is for a good purpose, we dont want anyone to misuse the art of hacking.
Already the media has created a very bad impression and people think hackers are criminals and bad guys.
Remember, weapons are used by both criminals and police.
Cheers!!
-
furiousjoe
- Newbie
- Posts: 4
- Joined: 02 Nov 2006, 17:00
- 17
Indeed a very good read, thank you.
And yes, I did come up with this idea myself.
This trojan will supposingly disable any firewall/anti-virus before initiating the server.
That means that if this is executed BEFORE the antivirus it will have time to disable any existing firewall and stop the anti-virus as soon as it's executed.
The whole point of this is that the Trojan isn't detectable before I want it to be, and of course the only drawback is that it can't be runned while it's undetectable.
I included all the neseccary files in a binder and created a splitter as well.
It includes and .exe compiled batch script. A blowfish encrypter/decrypter and the sever itself.
And yes, I did come up with this idea myself.
This trojan will supposingly disable any firewall/anti-virus before initiating the server.
That means that if this is executed BEFORE the antivirus it will have time to disable any existing firewall and stop the anti-virus as soon as it's executed.
The whole point of this is that the Trojan isn't detectable before I want it to be, and of course the only drawback is that it can't be runned while it's undetectable.
I included all the neseccary files in a binder and created a splitter as well.
It includes and .exe compiled batch script. A blowfish encrypter/decrypter and the sever itself.
Well being honest, i'd say your Method SuckS bigtime, that ain't work! playing with simple encryption and Decryption won't work anymore.... and that detecting/undetecting is old game, may be it'll work with Av's like Norton but def Av's like Kav gonna detect it,
hexa editors/packers/binders are good way to make UD, i packed up trojan multiple times, it was okay.... at least it was undetectable to Kaspersky Antivirus and probably to rest of all cos KAv has got best unpacking Engine
hexa editors/packers/binders are good way to make UD, i packed up trojan multiple times, it was okay.... at least it was undetectable to Kaspersky Antivirus and probably to rest of all cos KAv has got best unpacking Engine