Looking for a windows trojan

Viewing 12 reply threads
  • Author
    Posts
    • #6963
      SephStorm
      Participant

      Anyone know where I can find a decent windows trojan? I’m testing one out (in the lab). I’ve done it with a linux RAT before (rathole) but I couldnt find a… trustworthy one for windows. I was going to go for BO, but the CDC mirrors are all down.  I also found a tool called Pro Rat, but rumor is the free servers come with an additional backdoor… so yeah…

    • #43230
      hurtl0cker
      Participant

      Trojans  ::)

      Well.. I prefer using Dark Comet 4, it has been recently released and has fully undetectable features n stuff like that, there is a Mac version coming soon.
      http://www.darkcomet-rat.com/

    • #43231
      p0et
      Participant

      Hey SephStorm,

      I wouldn’t use Pro Rat since most AV suites know the signature for that one.  Many people use the same Trojans (Beast, Optix Pro, Pro Rat, etc..) as well as the same Packers (Mophine, PECompress, etc..) so pretty much all AV’s have sigs for those and can detect them rather easily.  I’d suggest Googling and trying to find the not well known ones such as VX Heaven and VX Chaos. 

      If you’re going to use a popular or semi-popular trojan, toss on a Byte Adder. This basically adds garbage bytes to your trojan to confuse the AV. For this, check out StealthTools v2.

      Finally, you could do some hex editing or make your own Trojan.  (lots of free trojan source code out there to recompile/decompile)

    • #43232
      SephStorm
      Participant

      Thanks both of you for the info. I’ll definatly try DC.

      p0et, Thanks! thats actually one of the things i’ll be testing, how well the AV on the vm detects the malware. Unfortunately I couldnt get MSE or AVG to install on the XP SP0 host… 🙁

      Also thanks for the advice!

    • #43233
      MaXe
      Participant

      I would recommend you play with e.g. Meterpreter from Metasploit, which is capable of pretty much everything you need. You can always extend it to whatever you want it to do, and it also has a massive amount of scripts too 🙂

      Making it persistent and more stealthy would of course require some work on your part  😉

    • #43234
      SephStorm
      Participant

      I will eventually, but im trying to get away from the point, click, exploit design of MSF, even through the console. I think im going to dl DC, use eLiTeWrap to wrap it with calc.exe and go from there. I’ll need to find out how to install NMAP on the “remote” host via command line… Im sure ill figure it out. 🙂

    • #43235
      White ghost
      Participant

      Hello and the best solution fro u is here !!!

      Majic ps , Prorat , Sub 7 are the best windows trojans majic ps is my recommended you search it in 4shared and download the latest version of it

      you can also use them with an cryptor application and then no antivirus can against them

      Go and enjoy! 🙂

    • #43236
      MaXe
      Participant

      @White ghost wrote:

      Majic ps , Prorat , Sub 7 are the best windows trojans majic ps is my recommended you search it in 4shared and download the latest version of it

      you can also use them with an cryptor application and then no antivirus can against them

      Sub7, no. It’s like 10 years old. Majic PS, sounds too much like it includes a hidden trojan. Prorat? It’s usable and okay. Same with Poison Ivy.

      If you really have to use any of these trojans, you could try Turkojan as well. And then use Thermida to pack it as that would make it a lot harder to disassemble.

      You do however, not need to use a “cryptor application”. That “no antivrus can against them” is also untrue, as most public “crypters” are usually highly detectable except completely new ones.

      Let’s say you want something that actually uses new methods, one that does this, is Abyssec’s crypter: http://www.abysssec.com/blog/2011/09/25/bypassing-all-anti-virus-in-the-world-good-bye-detection-hello-infection/ (And they’re even a real company.)

      A decent trojan a lot of hacker groups used a while back was Shark:
      http://forum.intern0t.net/hacking-tools-utilities/217-shark-3-1-a.html
      (Please note the InterN0T community does not condone unethical hacking.)

      And for the sake of this thread, here’s a cool proof of concept that has nothing to do with regular RAT’s:
      http://forum.intern0t.net/hacking-tools-utilities/1324-skypetrojan.html

      Edit / Update
      Bypassing Anti-Virus Scanners like a Pro:
      http://forum.intern0t.net/offensive-guides-information/2775-blackpaper-bypassing-anti-virus-scanners.html

      That paper only shows how to bypass signature based scanners, but play enough with a detected executable file, and you’ll eventually end up with a fully undetectable file and that’s even WITHOUT encrypting, packing or encoding it.

      Remember that simple ncx99.exe backdoor which spawns a netcat process listening on port 99? I made that completely undetectable once, even against heuristic scanners.

      Not because I used it for anything, just for the research fun to see how long it would take. (Approximately 1½ evening after work.)

    • #43237
      SephStorm
      Participant

      I just want to say that all of you guys are awesome, and I can only hope to be on your level one day.

    • #43238
      hayabusa
      Participant

      I have no doubt you will, SephStorm…

      Time, effort, dedication, and that ever-present will to ‘try harder’!

    • #43239
      White ghost
      Participant

      the new version of majic ps is not old but i think its a trojan
      beginners did you used this with a cryptor program???

    • #43240
      p0et
      Participant

      Speaking of Trojan’s..  just in case you missed it, here’s a good example of an old one (PoisonIvy) which was modified to get around modern defenses, it seems. 

      http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,8095.msg43992/topicseen,1/#new

    • #43241
      eth3real
      Participant

      @MaXe wrote:

      Sub7, no. It’s like 10 years old.

      Wow, that’s a name I haven’t heard in a while. I’m surprised it’s even still around. I remember the first time I played around with Sub7, back when I knew nothing about computers. 🙂

      Now, this modified PoisonIvy has been causing quite a commotion, and I believe I read it could be deployed by attaching it to an Excel spreadsheet and emailing it. I’d love to try it out in a lab sometime, but I haven’t had any spare time.

      Good luck, let us know what you find, SephStorm. 🙂

Viewing 12 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?