Articles

Metasploit Framework Windows Tutorial
Remote Desktop Connection
Windows Processes That May Be Dangerous
How-To use NetCat a Tutorial
Common Linux Commands
Common Ports
Netcat Commands
HTTP Response Codes
War-Google Hack Terms
Wardriving
Avoiding Social Engineering and Phishing Attacks
Intrusion Detection on Linux
Linux Intrusion Detection
Penetration Testing Guide
Penetration Testing Tools
Social Engineering Fundamentals, Part I: Hacker Tactics
Social engineering (computer security)
The Psychology of Social Engineering

The Archives

General GSO
GovernmentSecurity.org News & Suggestions
In The News
Open Topic
General Security Information
Trash Can
Exploit & Vulnerability Mailing List Archives
Trial Member Forum
Product and Program Reviews GSO Tutorials
System Security
Windows Systems
Beginners Section
Linux & Unix Systems
File Downloads
Exploit Research & Discussion Trojan & Virus Errata
Networking Security / Firewall / IDS / VPN / Routers
System Hardening
E-Mail Security
Wifi Security
Trial Member Uploads
Upload discovered Trojans & Mal ware
GSO Programming Section
C , C++ , VC++
Visual Basic.NET
Perl /CGI
Java/Javascript
PHP/XML/ASP/HTML
Assembly + Other
The Cork Board
Network Security Consultant Directory
Network Security Jobs
The Archives
Encryption Information
General Network Security
Internet Anonymity
HTTP Protocol Security
Linux Security
MS IIS Information
Exploit Articles
Programming / Tool Design
GSO Software Projects
Public Downloads
Microsoft Security Questions and Papers
Help - Search - Member List - Calendar
GovernmentSecurity.org > GSO Programming Section > C , C++ , VC++
tweakz20
Jul 20 2005, 07:16 AM
So basically what I want to do is create a new program in cpp. This is what I want it to do pretty much (all via command line)

-Open/Close Ports (with a port # I can set)
-Kill an Active Connection (that I can decide on)
-Create a Password Protected Port (for myself to NC to)
-Become Installable/Uninstallable via command line (ie. Press 1 to Install and 2 to Uninstall)
-hide files/services/processes

It's not really a backdoor, but something I figured that isn't very popular and I'd like to kind of create just because stuff like this has always intrigued me. If anyone can hand me some refrences or good reading material. Any help would be appreciated.

Thanks guys smile.gif

*as posted in advanced smile.gif*
da_cash
Jul 20 2005, 07:59 AM
basically this looks like extended rootkit to me (port/service hiding etc)...for tutorials about hide files/services/processes just look on www.rootkit.com or get the ntillusion rootkit and read the documentation included.. also i saw some nice articles by holy_father on http://www.codebreakers-journal.com/...
jead99
Jul 20 2005, 11:58 AM
Interesting project you got there. You might find some info at rootkit.com
fandango
Jul 20 2005, 03:24 PM
Lol, bit funny. All you wanna do is pretty easy to code - just the hiding stuff is exactly the opposite - very hard smile.gif

As already mentioned, for these hiding tasks you shud read a lot of other open source rootkits.

For a start, also FU's sourcecode should help a lot as its pretty well written

Good Luck :-)
tweakz20
Jul 20 2005, 07:43 PM
thanks guys, appreciate the info smile.gif

not as interested in hiding proc/serv though. I'm more concerned with being able to manipulate the network connections and ports. That is priority number one smile.gif
jead99
Jul 20 2005, 07:49 PM
QUOTE(fandango @ Jul 20 2005, 03:24 PM)
Lol, bit funny. All you wanna do is pretty easy to code - just the hiding stuff is exactly the opposite - very hard smile.gif

As already mentioned, for these hiding tasks you shud read a lot of other open source rootkits.

For a start, also FU's sourcecode should help a lot as its pretty well written

Good Luck :-)
*



If its so easy to code why not post some code or hints to get him or other members started ?
vnet576
Jul 20 2005, 09:02 PM
take a look at open source firewalls for that. Can't think of a better example of network manipulation than a firewall.
tweakz20
Jul 21 2005, 01:14 PM
makes lot's of sense vnet smile.gif thanks for the tip as well. I really should have thought about looking at firewall's code ;p.
cowsonfire
Jul 31 2005, 07:21 PM
here is a example to close a connection

CODE
#include <windows.h>
#include <stdio.h>
#include <iphlpapi.h>
#pragma comment(lib,"iphlpapi.lib")
#pragma comment(lib,"ws2_32.lib")

int main(int argc, char *argv[])
{
DWORD dwRetVal, dwSize=0;;
PMIB_TCPTABLE pTcpTable;

pTcpTable = (MIB_TCPTABLE*)malloc(sizeof(MIB_TCPTABLE));

if (GetTcpTable(pTcpTable, &dwSize, TRUE) == ERROR_INSUFFICIENT_BUFFER)
{
 GlobalFree(pTcpTable);
 pTcpTable = (MIB_TCPTABLE*)malloc((UINT)dwSize);
}

if ((dwRetVal = GetTcpTable(pTcpTable, &dwSize, TRUE)) == NO_ERROR)
{
 for (DWORD i=0; i<pTcpTable->dwNumEntries; i++)
 {
  if (htons((USHORT)pTcpTable->table[i].dwRemotePort) == 5190)
  {
   MIB_TCPROW TcpRow;
   TcpRow.dwLocalAddr = pTcpTable->table[i].dwLocalAddr;
   TcpRow.dwLocalPort = pTcpTable->table[i].dwLocalPort;
   TcpRow.dwRemoteAddr = pTcpTable->table[i].dwRemoteAddr;
   TcpRow.dwRemotePort = pTcpTable->table[i].dwRemotePort;
   TcpRow.dwState = MIB_TCP_STATE_DELETE_TCB;
   if (SetTcpEntry(&TcpRow) != NO_ERROR)
   {
    printf("Failed to remove connection...\n");
   }
   else
   {
    printf("Removed connection...\n");
   }
  }
 }
}
else
{
 printf("GetTcpTable failed.\n");
}
return 0;
}

more info:
http://msdn.microsoft.com/library/default....gettcptable.asp
http://msdn.microsoft.com/library/default....settcpentry.asp
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2005 Invision Power Services, Inc.