יום שלישי, 23 במרץ 2010
יום שישי, 12 במרץ 2010
נוסטלגיה
שהייתי ילד אהבתי לשחק בכל מיני צעצועים אחד מהם היה SUB7,
כאשר SUB7 יצא לעולם היה לי צעצוע מאוד נחמד לשחק בו אך עם השנים הוא
נעלם וחזר לארגז המשחקים הסגור שלי.
אך היום יצא לי לראות שיצאה גירסא חדשה שלו, עוד לא יצא לי לבדוק אותה אבל חשבתי
שזה יכול לעניין כמה ממכם.
אחחחחחחחחחחח איזו נוסטלגיה
להלן חלק מהיכולות של הסוס הטרויאני:
כאשר SUB7 יצא לעולם היה לי צעצוע מאוד נחמד לשחק בו אך עם השנים הוא
נעלם וחזר לארגז המשחקים הסגור שלי.
אך היום יצא לי לראות שיצאה גירסא חדשה שלו, עוד לא יצא לי לבדוק אותה אבל חשבתי
שזה יכול לעניין כמה ממכם.
אחחחחחחחחחחח איזו נוסטלגיה
להלן חלק מהיכולות של הסוס הטרויאני:
SubSeven.exe (911KB)
Client:
- Transfer View (view upload/download details <-> from host)
- Window View (View active Windows on SubSeven)
Managers:
- File Manager (upload/download/run/delete/play files on host)
- Registry Manager (modify/add/remove registry entries on host)
- Service Manager (refresh services/install services/remove services/remote host management)
- Process Manager (view active/kill active processes to dll level)
- Fun Manager (general office pranks)
Spying:
- Desktop (view and click the remote host desktop)
- Webcam (view the webcam on the remote host)
- Audio (capture mic/line-in input no the remote host)
GIF - 2.4 kb
Network:
- TCP Tunnel (relay remote host ports to local PC)
- Traffic Viewer (lists active network connections on remote host)
- Network Browser (list shares on remote host, allows mapping)
System:
- Remote Shell (view the command prompt on the remote host as if it was local)
- Password (recover lost/forgotten passwords for various browsers, storage, mail clients and instant messengers)
- Installed Apps (list installed applications)
- Server Options (stop/start/remove server on remote host)
Built in Tools:
- Static IP Notification Client (SIN client) (a listening tool that allows your remote hosts to notify you when they are online)
- NO-IP account / IP auto update tool (allows you to enter your NO-IP account information to auto update the website of IP changes)
- Shortcut Panel (allows you to add your favorite utilities as shortcuts
- Hint and Active running status bar (gives you some helpful information)
EditServer.exe (254KB)
Server Status:
- Read (allows you to browse and then read the server settings)
- Server extensions (allows you to check which extension you want the server to use)
- Install directory (allows you where you would like the server to be installed)
- Protect server (allows you to password protect the server)
- Melt server (allows the server to disappear once executed)
- Wait for reboot (waits to execute upon next reboot)
- Run Visible (allows the host computer to know the server is running)
- Server name (what it says)
Fake Messages:
- Enable (actives the fake message option)
- Message icon (allows you to choose your icon for the message)
- Available buttons (select what options the host computer has to press)
- Message title (the title text for the message)
- Message text (the body text of the message)
- Test (allows you to test the message on your PC)
Startup methods:
- Registry Run (installs under registry run key)
- Registry RunServices (installs under registry runservices key)
- Registry RunOnce (installs under registry runonce key)
- ActiveX (installs in the activeX key path)
- Explorer (installs on execution of explorer shell)
- Winlogon (same as above for winlogon)
- Policies (executes upon windows policies startup)
- Key name (keyname for registry entries. For example Remote Host Server)
Notifications:
- S.I.N (specify your local network external IP address here, or for local testing 127.0.0.1)
- CGI/PHP (specify your website address, e.g http://www.host.com, generate the script and upload it to your php/cgi host)
Bind Files:
- Select a file to bind to the server. The binded file will execute along with the server - for example you may want to execute tinyvnc for full screen management)
Win Firewall:
- Disable Firewall (turns off the firewall providing UAC is off)
- Disable Win defender (turns off windows defender)
- Disable UAC (turns off UAC upon next reboot)
Exe Icon:
- Load .dll/exe (load up an exe or .dll file to extract icons and use them on your server)
- Browser (browse to .ico files)
Server.exe (58.5KB)
Client:
- Transfer View (view upload/download details <-> from host)
- Window View (View active Windows on SubSeven)
Managers:
- File Manager (upload/download/run/delete/play files on host)
- Registry Manager (modify/add/remove registry entries on host)
- Service Manager (refresh services/install services/remove services/remote host management)
- Process Manager (view active/kill active processes to dll level)
- Fun Manager (general office pranks)
Spying:
- Desktop (view and click the remote host desktop)
- Webcam (view the webcam on the remote host)
- Audio (capture mic/line-in input no the remote host)
GIF - 2.4 kb
Network:
- TCP Tunnel (relay remote host ports to local PC)
- Traffic Viewer (lists active network connections on remote host)
- Network Browser (list shares on remote host, allows mapping)
System:
- Remote Shell (view the command prompt on the remote host as if it was local)
- Password (recover lost/forgotten passwords for various browsers, storage, mail clients and instant messengers)
- Installed Apps (list installed applications)
- Server Options (stop/start/remove server on remote host)
Built in Tools:
- Static IP Notification Client (SIN client) (a listening tool that allows your remote hosts to notify you when they are online)
- NO-IP account / IP auto update tool (allows you to enter your NO-IP account information to auto update the website of IP changes)
- Shortcut Panel (allows you to add your favorite utilities as shortcuts
- Hint and Active running status bar (gives you some helpful information)
EditServer.exe (254KB)
Server Status:
- Read (allows you to browse and then read the server settings)
- Server extensions (allows you to check which extension you want the server to use)
- Install directory (allows you where you would like the server to be installed)
- Protect server (allows you to password protect the server)
- Melt server (allows the server to disappear once executed)
- Wait for reboot (waits to execute upon next reboot)
- Run Visible (allows the host computer to know the server is running)
- Server name (what it says)
Fake Messages:
- Enable (actives the fake message option)
- Message icon (allows you to choose your icon for the message)
- Available buttons (select what options the host computer has to press)
- Message title (the title text for the message)
- Message text (the body text of the message)
- Test (allows you to test the message on your PC)
Startup methods:
- Registry Run (installs under registry run key)
- Registry RunServices (installs under registry runservices key)
- Registry RunOnce (installs under registry runonce key)
- ActiveX (installs in the activeX key path)
- Explorer (installs on execution of explorer shell)
- Winlogon (same as above for winlogon)
- Policies (executes upon windows policies startup)
- Key name (keyname for registry entries. For example Remote Host Server)
Notifications:
- S.I.N (specify your local network external IP address here, or for local testing 127.0.0.1)
- CGI/PHP (specify your website address, e.g http://www.host.com, generate the script and upload it to your php/cgi host)
Bind Files:
- Select a file to bind to the server. The binded file will execute along with the server - for example you may want to execute tinyvnc for full screen management)
Win Firewall:
- Disable Firewall (turns off the firewall providing UAC is off)
- Disable Win defender (turns off windows defender)
- Disable UAC (turns off UAC upon next reboot)
Exe Icon:
- Load .dll/exe (load up an exe or .dll file to extract icons and use them on your server)
- Browser (browse to .ico files)
Server.exe (58.5KB)
MoocherHunter
פעמים רבות לקוחות מבקשים ממני לבדוק קיום של AP זדוני בתוך הרשת שלהם כדוגמת
מקרה בנק הדואר בו הושתל AP זדוני למטרת חדירה, פעילות האיתור מתבצעת בדרכים
שונות ומוכרות ולא בה אני רוצה להתרכז היום,אלא מה קורה מהרגע שאתרנו AP מה
עושים איך מאתרים את האדם המחובר לאותו AP זדוני ?!
נכון שאפשר להשתמש בכלים הסטנדרטים לבצע פעולה זו אבל בחיפושי באינטרנט נתקלתי בכלי הבא:
MoocherHunter™ identifies the location of an 802.11-based wireless moocher or hacker by the traffic they send across the network. If they want to mooch from you or use your wireless network for illegal purposes (e.g. warez downloading or illegal filesharing), then they have no choice but to reveal themselves by sending traffic across in order to accomplish their objectives. MoocherHunter™ enables the owner of the wireless network to detect traffic from this unauthorized wireless client (using either MoocherHunter™'s Passive or Active mode) and enables the owner, armed with a laptop and directional antenna, to isolate and track down the source.מקרה בנק הדואר בו הושתל AP זדוני למטרת חדירה, פעילות האיתור מתבצעת בדרכים
שונות ומוכרות ולא בה אני רוצה להתרכז היום,אלא מה קורה מהרגע שאתרנו AP מה
עושים איך מאתרים את האדם המחובר לאותו AP זדוני ?!
נכון שאפשר להשתמש בכלים הסטנדרטים לבצע פעולה זו אבל בחיפושי באינטרנט נתקלתי בכלי הבא:
Because it is not based on fixed or statically-positioned hardware, MoocherHunter™ allows the user to move freely and walk towards the actual geographical location of the moocher/hacker. And of course, as part of the free OSWA-Assistant™ wireless auditing LiveCD toolkit, MoocherHunter™ is also FREE for end-users to use on their existing laptops (so long as it is only run within the OSWA-Assistant™ environment) with off-the-shelf supported wireless cards
הערה: קיים סירטון מעניין באתר שלהם בו הם מדגמים את יכולת האיתור.
להורדת הכלי וצפייה בסירטון יש ללחוץ על הלינק הבא:
לינק להורדה
להורדת הכלי וצפייה בסירטון יש ללחוץ על הלינק הבא:
לינק להורדה
הירשם ל-
רשומות (Atom)
