Penetration Testing mailing list archives
Re: bd - Win2k backdoor
From: Andreas Junestam <andreas () atstake com>
Date: Mon, 13 May 2002 17:18:06 +0100
Hi Parth, Whoa, Im surprised to see that people actually are using it! :) Cool bd has moved on and become bd2, with some new features: * Injects itself as a dll under services.exe * New, "stealthy" reboot protection * Kernel driver to hide the backdoor files from userspace The rest is still done the same way as before... But, this hasn't been worked on for 4-5 months, so Im no 100% about the current build state. Drop me an e-mail if you want a copy of it, since it is not currently posted to any web-space. Will be posted on darklab.org sometime in the future (read: when I finaly have some spare time for it.. :) ) Regards Andreas Parth Galen wrote:
Does anyone know where I can get a copy of bd? It was at labs.defcom.com/releases/bd/ but is no longer there. I am wanting to use this rather than nc in a pentest to prove the point that local portscanning as an intrusion detection method is not enough. Cheers, Parth ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- bd - Win2k backdoor Parth Galen (May 13)
- Re: bd - Win2k backdoor Andreas Junestam (May 14)