server monitoring


+ Reply to Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 27

Thread: how to create a detectable trojan undetectable?

  1. #1
    Join Date
    Sep 2005
    Posts
    19

    how to create a detectable trojan undetectable?

    can some one help me i want to make a detectable trojan undetectable how do i go about doing it. if someone could help me plzzz.

  2. #2
    Join Date
    Sep 2005
    Location
    UK
    Posts
    2,054

    Undetectable

    Quote Originally Posted by humza
    can some one help me i want to make a detectable trojan undetectable how do i go about doing it. if someone could help me plzzz.
    To make a trojan undetectable to the antivirus, you need to know assembly code. The way you would make it undetectable would be:

    1. Somehow find the strings of code, or "signatures" included in all antivirus programs to detect viruses and trojans.
    2. Find the signature of the trojan you wish to make undetectable,
    3. Try to find this string of code inside your trojan by splitting it.
    4. Then disassemble it and insert a few extra bits of code that would not affect the program, but would change the detectable part of code enough to make it unrecognisable to the AV.

    Now, the trojan would be undetectable, because you have modified it enough for it not to be recognised by the antivirus. Of course, this is an extremely complex thing to attempt, and I don't even know any assembly or machine code, so there are definitely more things you would have to do than I have described, I am just not experienced enough to know about this. So I doubt you would be able to make a trojan undetectable, to do that you have to know machine code and assembly, which is much harder than normal programming languages like c++ because machine code is directly interpreted by the processor, you have to know about how antivirus programs work, and you have to have the right tools to use, like disassemblers etc. So basically, it's not as simple as "here, download this program and it will make all your trojans undetectable", you have to have a lot of knowledge and experience to be able to modify binary programs. If you really wanted to know, you could probably ask some of the admins and moderators of this forum, they might know, although they wouldnt help you if you said you were doing this to a trojan.

  3. #3
    Join Date
    Jan 2006
    Location
    Graveyard
    Posts
    121

    Thumbs up -

    i read a post by carlo and this is actualy his and the title was "Make your trojans undetactable by Hexing Malware" find that post. maybe that will help you.
    WAFFLES?!?!? OMFG WHERE?!!?

  4. #4
    Join Date
    Sep 2005
    Location
    UK
    Posts
    2,054

    Undetectable

    Quote Originally Posted by Alucard
    i read a post by carlo and this is actualy his and the title was "Make your trojans undetactable by Hexing Malware" find that post. maybe that will help you.
    Also, if you wanted to make any program like trojan, keylogger etc. undetectable to all antivirus programs, then you could make your own packer from this tutorial:

    [url]http://dasomnetwork.com/~leedw/pub/writing_your_own_packer.html[/url]

    If you haven't got a good knowledge of programming yet then you have no chance following this tutorial, a packer is quite a complex program. But if you could follow it through, the packer you would make would have the ability to make any program at all undetectable to all antiviruses, unless you shared it with people and got it added to the detections. Also, you could follow carlo's post about "hexing your malware", which is probably simple enough for any n00b with a hex editor to follow. His post is here:

    [url]http://www.all-nettools.com/forum/showthread.php?t=2221[/url]

    or the original post he took it from is here:

    [url]http://www.governmentsecurity.org/archive/t14669.html[/url]

  5. #5
    Join Date
    Jan 2006
    Posts
    153
    thinking outside the box for a moment, why not program something that configures windows remote desktop for your access needs? Given this idea is OS dependant, but antivirus shouldnt pick up a program that simply calls on part of the built in programming of the operating system. Think of Remote Desktop as a windows built in trojan.

    Going with that route or one similar I think you'll find it easy not to set off too many alarms.

    Hope that helps.
    [url]www.informationleak.com[/url]

  6. #6
    Join Date
    Jan 2006
    Location
    Silicon Void, Canada
    Posts
    9
    not entirly linked to making the trojan undetectable but...

    if you got into the computer initally (telnet or whatever you choose) then dropping a virus that would then disable or kill the antivirus then going about your original plan without needing to know ASM or having to make your own packer (given you dont have the programming experience or time).

    But if you do have the time...take the other guys's advice of making your own creation...since its nicer to have your own creation instead of piggy backing off of someone elses work :P
    Solus fines finium , es fines finium vos partum
    The only limits, are the ones you create

  7. #7
    Join Date
    Sep 2005
    Location
    UK
    Posts
    2,054

    Trojan

    Quote Originally Posted by kOdE_krEEp
    not entirly linked to making the trojan undetectable but...

    if you got into the computer initally (telnet or whatever you choose) then dropping a virus that would then disable or kill the antivirus then going about your original plan without needing to know ASM or having to make your own packer (given you dont have the programming experience or time).

    But if you do have the time...take the other guys's advice of making your own creation...since its nicer to have your own creation instead of piggy backing off of someone elses work :P
    Yes, it's always better to create your own stuff, it will not be detected, you can trust it to do what you programmed it to do, etc. Before people start asking stuff like "how do I telnet to someone's computer", you can only telnet to a computer with a telnet server running, or some other server that will allow you to connect, you can't randomly telnet to someone and expect to get in, most people do not run servers. If you did a port scan and found an exposed port that would allow you to connect, then you could telnet in and drop a virus or trojan in.

  8. #8
    Join Date
    Jan 2006
    Location
    Silicon Void, Canada
    Posts
    9
    true, but i guess i am missing that alot of people dont know most entry methods into a computer and i may have misused the example of Telnet. :P
    Solus fines finium , es fines finium vos partum
    The only limits, are the ones you create

  9. #9
    fabioejp Guest

    Angry ok

    The only ways to turn detectables into undetectables is:
    (This is not shitty stuff)
    Get HEX editor and start hexing, the guy that talk about asm simply shut up over there.

    Get several packers and try to combine them.

  10. #10
    Join Date
    Jul 2005
    Posts
    11
    hex editing is to hard to do, i give up.

  11. #11
    Join Date
    Jan 2006
    Location
    Graveyard
    Posts
    121

    Talking

    well wat did u except its no just a step. hexing is not hard you just think that hexing is hard
    WAFFLES?!?!? OMFG WHERE?!!?

  12. #12
    Join Date
    Sep 2005
    Location
    UK
    Posts
    2,054

    Trojan

    Quote Originally Posted by fabioejp
    The only ways to turn detectables into undetectables is:
    (This is not shitty stuff)
    Get HEX editor and start hexing, the guy that talk about asm simply shut up over there.

    Get several packers and try to combine them.

    I can't really understand who you are talking to, but

    "the guy that talk about asm simply shut up over there"

    Simply shut up about ASM? ASM (well actually machine code) is what makes up every binary program on computers and IS what you are hex editing, so you can't just ignore it and tell him to shut up. Actually I can't understand much of what you wrote, so I could have totally misinterpreted that. BTW, what you said about using two packers, well antivirus programs include packed and unpaced versions of the viruses/trojans in their detections, so this would only work if you uses a small, unknown packer or made your own.

  13. #13
    carlo Guest

    mike101

    Hi again mike.

    Although as you may notice im quite good at this kind of thing but you mentioned that you can drop trojans through telnet if they have an open port that you can telnet. Would you by anychance know how to do this?

    Thanks

    Carlo

  14. #14
    Join Date
    Sep 2005
    Location
    UK
    Posts
    2,054

    Telnet

    Quote Originally Posted by carlo
    Hi again mike.

    Although as you may notice im quite good at this kind of thing but you mentioned that you can drop trojans through telnet if they have an open port that you can telnet. Would you by anychance know how to do this?

    Thanks

    Carlo
    If they are running a telnet server (or some sort of server that will handle your connection correctly), then you telnet to the port it is listening on, issue the correct commands to transfer a file accross, then depending on how much access you have, enter a command to run the file on their computer or put it in a directory included in startup. I think I may have worded my post "drop a trojan in through an open port", they have to have a server running as with anything like this, and not many people do.

  15. #15
    Join Date
    Jan 2006
    Posts
    1
    wwwwwwwwwwwwwwaaaaaaaaaaaaaaaarrrrrrrrrrrrrrrr

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts