.

Looking for a windows trojan

<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Sun Oct 30, 2011 12:31 am

Looking for a windows trojan

Anyone know where I can find a decent windows trojan? I'm testing one out (in the lab). I've done it with a linux RAT before (rathole) but I couldnt find a... trustworthy one for windows. I was going to go for BO, but the CDC mirrors are all down.  I also found a tool called Pro Rat, but rumor is the free servers come with an additional backdoor... so yeah...
sectestanalysis.blogspot.com/‎
<<

hurtl0cker

User avatar

Jr. Member
Jr. Member

Posts: 73

Joined: Thu Nov 18, 2010 10:09 am

Location: WWW

Post Sun Oct 30, 2011 3:47 am

Re: Looking for a windows trojan

Trojans  ::)

Well.. I prefer using Dark Comet 4, it has been recently released and has fully undetectable features n stuff like that, there is a Mac version coming soon.
http://www.darkcomet-rat.com/
“Knowing is not enough; we must apply. Willing is not enough: we must do.”
- Bruce Lee
<<

p0et

User avatar

Full Member
Full Member

Posts: 197

Joined: Thu Nov 02, 2006 4:38 pm

Location: Victoria, Canada

Post Sun Oct 30, 2011 1:00 pm

Re: Looking for a windows trojan

Hey SephStorm,

I wouldn't use Pro Rat since most AV suites know the signature for that one.  Many people use the same Trojans (Beast, Optix Pro, Pro Rat, etc..) as well as the same Packers (Mophine, PECompress, etc..) so pretty much all AV's have sigs for those and can detect them rather easily.  I'd suggest Googling and trying to find the not well known ones such as VX Heaven and VX Chaos. 

If you're going to use a popular or semi-popular trojan, toss on a Byte Adder. This basically adds garbage bytes to your trojan to confuse the AV. For this, check out StealthTools v2.

Finally, you could do some hex editing or make your own Trojan.  (lots of free trojan source code out there to recompile/decompile)
GCIH, Security+, Network+, A+, MCP, DCSE
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Sun Oct 30, 2011 1:09 pm

Re: Looking for a windows trojan

Thanks both of you for the info. I'll definatly try DC.

p0et, Thanks! thats actually one of the things i'll be testing, how well the AV on the vm detects the malware. Unfortunately I couldnt get MSE or AVG to install on the XP SP0 host... :(

Also thanks for the advice!
sectestanalysis.blogspot.com/‎
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Sun Oct 30, 2011 3:36 pm

Re: Looking for a windows trojan

I would recommend you play with e.g. Meterpreter from Metasploit, which is capable of pretty much everything you need. You can always extend it to whatever you want it to do, and it also has a massive amount of scripts too :)

Making it persistent and more stealthy would of course require some work on your part  ;)
I'm an InterN0T'er
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Sun Oct 30, 2011 4:33 pm

Re: Looking for a windows trojan

I will eventually, but im trying to get away from the point, click, exploit design of MSF, even through the console. I think im going to dl DC, use eLiTeWrap to wrap it with calc.exe and go from there. I'll need to find out how to install NMAP on the "remote" host via command line... Im sure ill figure it out. :)
sectestanalysis.blogspot.com/‎
<<

White ghost

User avatar

Newbie
Newbie

Posts: 36

Joined: Sun Oct 30, 2011 11:21 am

Location: ASIA

Post Mon Oct 31, 2011 1:59 am

Re: Looking for a windows trojan

Hello and the best solution fro u is here !!!

Majic ps , Prorat , Sub 7 are the best windows trojans majic ps is my recommended you search it in 4shared and download the latest version of it

you can also use them with an cryptor application and then no antivirus can against them

Go and enjoy! :)
MCITP CCENT
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Mon Oct 31, 2011 6:25 pm

Re: Looking for a windows trojan

White ghost wrote:Majic ps , Prorat , Sub 7 are the best windows trojans majic ps is my recommended you search it in 4shared and download the latest version of it

you can also use them with an cryptor application and then no antivirus can against them


Sub7, no. It's like 10 years old. Majic PS, sounds too much like it includes a hidden trojan. Prorat? It's usable and okay. Same with Poison Ivy.

If you really have to use any of these trojans, you could try Turkojan as well. And then use Thermida to pack it as that would make it a lot harder to disassemble.

You do however, not need to use a "cryptor application". That "no antivrus can against them" is also untrue, as most public "crypters" are usually highly detectable except completely new ones.

Let's say you want something that actually uses new methods, one that does this, is Abyssec's crypter: http://www.abysssec.com/blog/2011/09/25 ... infection/ (And they're even a real company.)

A decent trojan a lot of hacker groups used a while back was Shark:
http://forum.intern0t.net/hacking-tools ... 3-1-a.html
(Please note the InterN0T community does not condone unethical hacking.)

And for the sake of this thread, here's a cool proof of concept that has nothing to do with regular RAT's:
http://forum.intern0t.net/hacking-tools ... rojan.html


Edit / Update
Bypassing Anti-Virus Scanners like a Pro:
http://forum.intern0t.net/offensive-gui ... nners.html

That paper only shows how to bypass signature based scanners, but play enough with a detected executable file, and you'll eventually end up with a fully undetectable file and that's even WITHOUT encrypting, packing or encoding it.

Remember that simple ncx99.exe backdoor which spawns a netcat process listening on port 99? I made that completely undetectable once, even against heuristic scanners.

Not because I used it for anything, just for the research fun to see how long it would take. (Approximately 1½ evening after work.)
Last edited by MaXe on Mon Oct 31, 2011 6:30 pm, edited 1 time in total.
I'm an InterN0T'er
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Mon Oct 31, 2011 7:57 pm

Re: Looking for a windows trojan

I just want to say that all of you guys are awesome, and I can only hope to be on your level one day.
sectestanalysis.blogspot.com/‎
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Oct 31, 2011 8:16 pm

Re: Looking for a windows trojan

I have no doubt you will, SephStorm...

Time, effort, dedication, and that ever-present will to 'try harder'!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

White ghost

User avatar

Newbie
Newbie

Posts: 36

Joined: Sun Oct 30, 2011 11:21 am

Location: ASIA

Post Tue Nov 01, 2011 1:05 am

Re: Looking for a windows trojan

the new version of majic ps is not old but i think its a trojan
beginners did you used this with a cryptor program???
MCITP CCENT
<<

p0et

User avatar

Full Member
Full Member

Posts: 197

Joined: Thu Nov 02, 2006 4:38 pm

Location: Victoria, Canada

Post Wed Nov 02, 2011 1:40 pm

Re: Looking for a windows trojan

Speaking of Trojan's..  just in case you missed it, here's a good example of an old one (PoisonIvy) which was modified to get around modern defenses, it seems. 

http://www.ethicalhacker.net/component/ ... een,1/#new
GCIH, Security+, Network+, A+, MCP, DCSE
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Thu Nov 03, 2011 6:00 pm

Re: Looking for a windows trojan

MaXe wrote:Sub7, no. It's like 10 years old.


Wow, that's a name I haven't heard in a while. I'm surprised it's even still around. I remember the first time I played around with Sub7, back when I knew nothing about computers. :)

Now, this modified PoisonIvy has been causing quite a commotion, and I believe I read it could be deployed by attaching it to an Excel spreadsheet and emailing it. I'd love to try it out in a lab sometime, but I haven't had any spare time.

Good luck, let us know what you find, SephStorm. :)
Put that in your pipe and grep it!

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software