TOOLS
that nobody ever cared to code!
That backdoor.zip
is a small w9x remote control tool, under 3kb in size, coded with the help
of uNdErX. Support upload, download, run, delete, process list and delete,
directory listing and self-uninstall. You can use TELNET to control it, but
DoxtorL coded a nice GUI client, with SOCKS4 proxy
support. I coded a w32 console client (somewhat
buggy), and uNdErX did a PHP client interface, to conmmand the backdoor right
from the www
There's a socks4 proxy
server for w32. Altought it dont support fully the RFC specifications, it
work fine with IRC, FTP and all other appz that support socks4. A linux
version also exist.
Much peoples use socks4 proxies to enter in irc
channels, hiding his IP. The careful irc operator, or the proxy stealer
can check who enter the channel for these proxies with that tool.
It use DDE to communicate the result of the proxy scans to the mIRC IRC client.
Hideproc.zip hide processes,
under w98, by patching the return values of APIs. The hook code stay in memory
in the slack space formed by the memory alignment of the kernel32.dll sections.
A classic.
Eyes watch Dom Quixote, as he walk
for a dark forest...
The internal format of OLE2 documents is a well
keep secret. Altought documents describing their binary format exists, they
arent of easy use. By using OLE32.DLL APIs, was possible to write that generic
dumper for this content. Documents for WinWord, Excel, Acess, CorelDraw
and all others in OLE2 format can be dumped in its storages and streams
easily with that tool.
Local outbreaks of my virus W95/Doc.Fabi2 (named
after my girlfriend), in the test stage, forced me to code a small cleaner
for it, in the PE form. Altought I dont support virus killing, that tool,
for DOS, was a fast way to free the machine from that bug. Peoples with his
DOC files infected arent so lucky, tought...
Some peoples would like to recognize duplicate
files by its CRC 16/32/48. This tool, made using
Zenghxi crc-reversing code, proof to these fools as easy is compute a choosen
CRC value. With it, you can make all files in current directory share a common
CRC, by adding 6 bytes at end(to correct the value to the user choosen one)
Using some new w98 APIs from the TMAPI.DLL,
is possible to list several applications that where runned/installed in the
system. That info i believe is related to /win/applog, that contain more information
about there runned/installed files.
This example of hand-made
PE file show own contruct a very small windows executable, using NASM
to control in a more accurate way the output generated.
A small w9x sample of self-deleting
file. It use FreeLibrary() API call to free its own memory image, and
then delete the file from where it runned with DeleteFileA(). Rumors say that
the same is possible, under NT, by using UnmapFile() API.
This very simple tool
fill a gap in the patchers world. It allow you to insert a binary file inside
other, at a determinate offset. Altought a very common fact in hacking code,
i wasnt able to found a tool as this before. Useful for RE and like.
This ircbot connect to
irc servers (using a socks4 proxy), and try to protect ANCE* nickname. It
reverse deops and bans, op ANCE* in /joins, and kick kickers. A minimal version
(win32/linux), that does nothing, also exists.
This port scanner allow fast scan of subnets
and single IPs for a open port. Accept wildcards all the way, allowing
the scan of whole internet (*.*.*.*)
This useful apispy program log all API usage, together with its parameters,
allowing a fast and easy knowledge of the inner working of other programs.
This sample program show the use of self-checking executable, using CRC32.
Easy to beat, but still interesing.
