 | |
| |||||||
| Home | Register | Projects | Blogs | FAQ | Calendar | Search | Today's Posts | Mark Forums Read | Free Directory | Free DNSReport | Tags |
| Notices |
| Hacking Discuss the art of hacking, your experiences, etc... |
1 port - 2 "sockets"This is a discussion on "1 port - 2 "sockets"" within the Hacking part of the Computer Security: Discussions section; Did you guys have allready done or have codes for this function. The goal is to have a backd00r working on the same port as another allready running process, ie. IIS... Thanks and regards... |
 |
| | LinkBack | Thread Tools | Display Modes |
26-10-05
| |||
| |||
 1 port - 2 "sockets" Did you guys have allready done or have codes for this function. The goal is to have a backd00r working on the same port as another allready running process, ie. IIS... Thanks and regards  |
| Sponsor | ||
| ||
| |
|
26-10-05
| |||
| |||
| Not sure I'm not sure but if I'm not wrong, it is not possible to make a process using the same port already in use by another process....maybe if the first one is on TCP and the other one is in UDP but again I'm not sure about it. Forgive me if I just said some bullshit.  Yog |
|
27-10-05
| |||
| |||
| well, we can also see this like that: the backdoor hook the traffic destined to a port used by an application just like a MITM attack and keep the packets for it if it's backdoor commands or just redirects the traffic to the normal application |
|
27-10-05
| |||
| |||
| From a pure tcp/ip perspective you may only have one TCP and one UDP service listening on a particular port. It might be possible to rewrite the service and install a new service so when it gets a particular packet is starts a new process listening on a different port but again this is just an idea. hooking i know nothing of. |
|
28-10-05
| |||
| |||
| Quote:
Quote:
You have to change port on the original program to something else i guess(if the port is hardcoded you can make a patch), then set up your backdoor listening on the original port, make this backdoor forward the packets to the new port of the original program. Example: sshserver(port22) <-> Internet With backdoor: sshserver(port666) <-> Backdoor(port22) <-> internet This should work i guess post your source when u get it done, can be intresting ;-) Good luck. |
|
18-05-06
| |||
| |||
| you can build up con socket, on port, then after you get connection, you random port, bind him to other socket, send him that port, and close connection, then the client connect on that port. did it long time ago when i built some server  |
|
31-05-06
| |||
| |||
| well, it's possible to write backdoor act like a firewall and have a look to data coming to a specific port (and filter it's client data) maybe it's also possible to do a process injection. in this case backdoor and the service has a same PID. Hooking API functions of reciving data is another way. |
|
24-06-06
| |||
| |||
| Well in theory you could write up a dll and load it into IIS, where the dll works like a hook for the incomming data, if the data is HTTP based (GET / HEAD and so on) you make sure IIS does the rest. But if the remote user sends Password / HTTP/1.0, which is obviously no HTTP, you could activate a backdoor and open up a port somewhere else or whatever you want to do. Anyway this is just what you could do in theory, you will need to debug IIS. The reason why people have not done this yet is because its just too much effort, it's easier to write up a new rootkit for the OS instead of writing some sort of "rootkit" for an existing program running on some OS. Just my 2 cents. |
| Sponsor | ||
| ||
| |
|
| | |
| port, quotsocketsquot | |
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| VNC_bypauth: linux & windows scanner | class101 | 0day | 94 | 04-10-08 03:40 |
| M0ded Sdbot w pnp on it :D:D | danix | Hacktools, Bots & Virus | 24 | 05-05-08 19:11 |
| Single Port Scanner in perl | rscience | Private | 5 | 04-02-07 23:44 |
| MS05-051 - msdtc exploit | 9 Below Zero | Private | 3 | 20-03-06 12:01 |
