|
· Overview ·
|
Overview |
|
Summary: |
Features: Connect/Disconnect Contact About Exit File Manager Refresh File Manager Make Directory Upload / Download file Show Picture Play Sound (*.wav) Delete file(s) AOL Passwords ICQ Passwords AIM Passwords Recorded Passwords Delete Users Passwords Read Latest News Save List Clear List Save Passwords / File List Send Customized Message Open URL Open/Close Cd-Rom Hide/Show TaskBar Hide/Show Taskbar icons Turn Moniter off / on turn syste speaker off / on Disable / enable Alt-tab Disable / Enable Alt-tab Change Wallpaper Send lots and lots of messages Num lock off/on caps lock off/on scroll lock off/on hide/show startbutton Shutdown force shutdown restart in dos restart logoff power off get time get serial number rename recycle bin change default start page Hang up modem Get ICQ numbers Time Editor Date Editor Kill Server Custom command Server information (windows key etc) Test Server (ping) set new port Version update from url icq notification email notifacation update from local file update from ftp Swap mouse buttons when you move your mouse theres moves the same show/hide mouse change mouse posistion. |
Vendor Notes: |
from the doc: Exploiter 1.1 Delta - Gatecrasher Edition - Designed by ap0calaps Default Port = 1703 Complaints, Compliments, bugs ( There are a few known ) etc Email ap0calaps@ap0calaps.com or ap0calaps@hotmail.com ICQ 61953894 Functions Connect/Disconnect Show Passwords (Recorded) Send customized message File Manager Shutdown Reboot Logoff Power off Restart in dos Force Shutdown Kill Server Version Name user Server name Open URL Play sound Ping Show Pic Time Moniter on/off System tray on/off Taskbar on/off Start button on/off Hide/Show clock Hide/show desktop Turn of / Turn on Mouse System Speaker on/off Alt Tab on/off Ctrl-Alt-Del on/off Caps lock on/off Number lock on/off Open/Close Cd-Rom Have fun 1.2 will have more options - I have already half made it should come out in a month ( Still quite a few bugs) ap0calaps Exploiter 1.3 Beta ( This is only a beta release and not much of anything will work so just wait for the full version ) For Gatecrasher Designed by ap0calaps Default Port = 21554 Complaints, Compliments, bugs ( There are a few known ) etc Email ap0calaps@ap0calaps.com or ap0calaps@hotmail.com ICQ 61953894 Features and Things in Client I havn't given a detailed Features list yet so I thought I would.... This could take a while [-- Main Page --] Enter Port + IP -- Lists previously used ip's and port's Connect -- Connect to your victim Ping Server -- Check for a connection ListBox -- Lists all the commands that you have entered SaveList -- Save the contents of the Listbox as Log.txt ClearList -- Clear all items in the Listbox Mini Browser -- Surf the net while using exploiter ( Handy for switching over ) About -- About Exploiter 1.3 Contact -- How to contact me [-- IP Tools --] Lookup hostname -- Lookup an address e.g www.ap0calaps.com = 127.389.345 Local IP -- Get your own ip Reverse Lookup -- Reverse the look up of a host e.g 127.389.345 = www.ap0calaps.com [-- File Manager --] Refresh File Manager -- Refresh files Make Directory -- Make a directory on the victims computer Upload / Download -- Upload and Download files from the victims computer Show Picture -- Show a picture on the victims screen Play Sound -- Play a sound on the victims computer Run File -- Execute a file type Print File -- Print a file on the victims computer [-- Application Manager --] Get Applications -- Get running applications Kill Application -- Kill a running application [-- Fun Options --] Send Message -- Send a customized windows message on the victims computer Open URL -- Open a url on the victims computer Change Wallpaper -- Change victims wallpaper Messages -- Displays 5 messages over and over until you stop it Open / Close CD-Rom -- Open and Close the victims cd-rom Hide / Show Task Bar -- Hide or Show the victims taskbar Moniter Off / On -- Turnt the moniter on and off Beep On / Off -- Turn beeping on or off - Enter key must be pressed in order to activate Disable / Enable Alt Tab -- Disable and Enable Alt-Tab Disable / Enable C-A-D -- Disable and Enable Ctrl Alt Delete Turn Num lock On / Off -- Turn Number lock On / Off Turn Caps lock On / Off -- Turn Caps lock On / Off Hide / Show Start Button -- Hide or show the windows start button Swap Mouse -- Swap the mouse buttons Same Mouse -- Victims mouse moves the same way as your mouse Hide / Show Mouse Cursor -- Hide or Show the mouse cursor Change mouse posistion -- Change the mouse posistion [-- More Options --] Get Recorded Passwords -- Get recorded passwords e.g dialup passwords or hotmail passwords Icq Passwords -- Get recorded icq passwords ( Only works with older versions like 98 ) AIM Passwords -- Doesnt always work but anyway gets you Aol Instant Messenger Passwords Delete Passwords -- Deletes users recorded passwords [-- More Options + FTP Client --] Connection Options -- Host, User, Pass, Port Connect / Disconnect -- Connect to selected FTP server Proxy Options -- Connect through a proxy server Change Dir -- Change directory Delete File -- Delete files File / Dir List -- List files and dirs Download / Upload -- Download and Upload files through the FTP Server Create / Remove Dir -- Create and Remove Directorys [-- More Options --] FTP On / Off -- Start an FTP Server on victims computer Remote Pager -- Send remote icq pagers through victims computer Remote Email -- Send remote emails through victims computer Crash Comp -- Crash victims computer Crazy Computer -- Runs all the options in the fun manager over and over Stop Crazy -- Stop the computer going crazy Chat -- A simple chat program ( hardly ever works - I'll fix it in 1.4 ) Kill Modem -- Hang up the victims modem ShutDown -- Shutdown the victims computer Force -- Forces the victims computer to shut down immediatley Restart -- Restarts the computer Restart DOS -- Restart the computer in Dos Log Off -- Logsoff the victims computer Power Off -- Turns of the computers power Get time -- Get the victims time Set time 00-00 -- Sets the victims time to 00-00-00 Serial Number -- Gets the computers serial number Version -- Gets the server version Rename Rec-Bin -- Rename the recycle bin to your choice Default start page -- Change the default start page for Ie Download URL -- Download files computer from a url and send icq pager when done [-- Display --] Get Display -- Get display modes Change Display -- Change the display mode of the computer e.g 1080x1278 Capture Screen -- Capture the victims screen [-- Timer Manager --] Click on the help and commands button for more info [-- Server Options --] Kill Server -- Stops the server from running Command -- Senda manual command Server Info -- Get Server information e.g Windows Key Update Http -- Update the server from a http Update Local -- Update the server from a local file Update FTP -- Update the server from a FTP Server Icq notification -- Icq notification when victim is online Email Notification -- Send email notification when victim is online Thats all for now. The next version of exploiter will have even more functions including EditServer ( Finnaly ) Irc Bot and skins plus more. Have fun using Exploiter 1.3. ap0calaps ap0calaps |
Alias: |
Backdoor.Exploiter.10.a, Backdoor.Exploiter.10.b, Backdoor.Exploiter.11, Backdoor.Exploiter.14 |
Category: |
RAT: A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a ""client"" in the attacker's machine, and a ""server"" in the victim's machine. Examples include Back Orifice, NetBus, SubSeven, and Hack'a'tack. What happens when a server is installed in a victim's machine depends on the capabilities of the trojan, the interests of the attacker, and whether or not control of the server is ever gained by another attacker -- who might have entirely different interests. Infections by remote administration Trojans on Windows machines are becoming as frequent as viruses. One common vector is through File and Print Sharing, when home users inadvertently open up their system to the rest of the world. If an attacker has access to the hard-drive, he/she can place the trojan in the startup folder. This will run the trojan the next time the user logs in. Another common vector is when the attacker simply e-mails the trojan to the user along with a social engineering hack that convinces the user to run it against their better judgment. Password Capture: A variant of the Key Logger that captures passwords as they are entered or transmitted. Some password capture trojans impersonate the login prompt, asking the user to provide their password. |
Variants: |
|
Similar Pests: |
RAT · Password Capture |
Origins |
|
Author: |
Ap0calaps |
EMail: |
ap0calaps@hotmail.com |
Programming Language: |
Delphi. Server compressed with UPX. |
Date of Origin: |
Variants from August, 2000 to February, 2001 |
Operation |
|
Platform: |
Windows 9x. |
Default Port: |
28678 More info about ports. |
Storage Required: |
|
Restart: |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Windll.exe" Autostarting Pests |
ScreenShot: |
|
Exploiter 1.4
Exploiter 1.3D
Exploiter 1.3b
Exploiter 1.1 D
Exploiter 1.0b
Exploiter 1.0
Risks |
|
Detection Issues: |
Difficult to detect by design. May hide from process list. May install with variable names in variable locations. |
Detection and Removal |
|
Automatic Removal: |
|
Manual Removal: |
Follow these steps to remove Exploiter from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake. |
| Stop Running Processes: Kill these running processes with Task Manager: | |
| Remove Files: Remove these files (if present) with Windows Explorer: | |
Research |
|
File Analyses: |
|
More Info: |
|
Research By: |
|
Last Revised: |
July 28, 2004 |
PestPatrol detects this.