Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] DOS Attack

From: Spy Fox <nebula_61 () HOTMAIL COM>
Date: Tue, 10 Oct 2000 15:47:35 EDT
Hack-A-Tack is a Trojan Horse program similar to BackOrifice and SubSeven.
It consists of a client and server application.  The server application is
named "expl32.exe" and is usually copied to the Windows subdirectory and
launched through the startup process.  Once installed, the malicious user
can take control of the infected PC and execute a wide variety of commands.

TCP ports 31785, 31787 and UDP ports 31789 and 31791 are the default
connection ports, although I believe the malicious user can modify this.

Removal of this program requires knowledge of the Windows registry and
REGEDIT.  Look for an entry under the
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" branch of
the Registry.

This program is usually delivered either through physical access to the PC,
or via open NetBios access with shares enabled.

Now the thing that confuses me about your post is the DOS attack on the IRIX
system.  Hack-A-Tack is designed for Windows 95/98 PCs, and to my knowledge
has not been ported to any other OS.

Best Regards -

Todd Eastman
www.spy-fox.com



From: "Craig T. Hancock" <craig () CHARLIE CNS IIT EDU>
Reply-To: Penetration Testers <PEN-TEST () SECURITYFOCUS COM>
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] DOS Attack
Date: Tue, 10 Oct 2000 09:42:09 -0500

Hello all I am doing some reasearch for a friend for a DOS attack on an
IRIX 6.5 the attack from what I was told can be ported to
an unix machine. So I am trying here this is the info that I have on the
attack. It is called Hack a Tick.



Hello all a machine that I administer has been involved in a DOS attack on
my subnet. THe networking monitor group as told me that
a person was connecting to my machine via prt 31789 which is a udp port
that cause a huge amount of overhead on the network.
The thing I don't understand is how is this attacked is cause also I don't
understand how the person could have gotten in.


<snipped for space>
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at
http://profiles.msn.com.
Previous By Date Next
Previous By Thread Next

Current thread: