Sub7 is there a fake server?

[bofhandpfy]

before i get flamed, i've been looking for a while, and I can't seen to find the piece of software I require. (I guess I might have to write it)

Does anyone know of any product that opens up the sub7 ports, and logs requests (Platform = Windoze 98se).

It'd be a real bonus if it'd act like sub7 to keep the kiddies interested long enough to get some good evidence. ( a sub7 honey pot if you will)

Obviously I don't want to have my CDROM drive opening and closing all the time so I can't use the real thing.

If i'm onto a loser feel free to tell me.

Regards

[silentstalker]

Please stop posting this.. this... this ****! Your a lamer, I dont mean to flame, but you really are. Being a hacker has nothing to do with sub7.

1337-1337= you. Sorry bout this, but you'd have better luck at this link:

www.google.com

[bofhandpfy]

Sorry, I'd better clarify.

I don't want to install sub7 on a machine.

All i want is a machine to sit and log sub7 requests, and maybe respond back (not action the requests), as if it was a sub7 server. (Without being sub7)

my reasoning ....

I administer a mid size network that has the hardware provided by a 3rd party.

The 3rd party is hell to get routing logs etc from.

Recently we've noticed that some of our machines have had sub7 server placed on them, and there is someone using it.

All i want to do, is catch the person and at the same time gather enough evidence for a disiplinary.

There's major kudos in this if i catch the person without calling in an outside agency.

As I said .. If i'm onto a loser, please tell me, hell if there's a better way tell me.

Berlieve me, i've tried google.com (amongst others)

[silentstalker]

Ok, sorry for the misunderstanding. Well, what I would do is run Norton Anti Virus on the system. When it detects sub-seven, you can view the logs. When it detects someone using it, meaning a new connection with a questionable file or the such, to a netstat-n on your system to see all the connections from different servers and systems.

Oh, now I get it! You want a server that acts like one that is being influenced under sub7! I get it now! Anyway, what I think you should do is, maybe, open a direct connection with an IP address and send commands. For example, if your ip address was 1.1.1.1 you would go:

Sub7 user: connect
Then you: Connection to 1.1.1.2.

Since you're already connected to his computer because he's using sub7 on you, there won't be a need to clarify IP addresses. You can run different commands on him, get a lot of system information, like HostName and IP address. Hope this helps.

[Tedob1]

http://packetstormsecurity.org/trojans/00Sub7_20.zip

00[Sub]7 - The Ultimate SubSeven Logging Tool. Sets up a fake sub7 server on the default port which can send all sorts of false information to the client.

theres a couple good ones at this site, that do some pretty funny **** like send a graphic of an fbi badge with the words 'your busted' on it, when the client requests a screen shot

[silentstalker]

Thats an easier way.. use Tedob's way. I was just going technical.. obviously a little too technical and hands on... that seems funny, an FBI badge LoL

[syedtanvirhuda]

This is a AntiHacking site ... therefore better if you don't talk about trojans...

[System_Overload]

What a stupid ****en question to ask..... Your a ****en wanker bofhandpfy... Why would you even want to ask a question about a dick sucking trojan? Im so ****en sick you little newbie lamers!!!

System_0verload

[PhirePhreak]

Hmm...
In my MOST humble opinion, there is nothing wrong with this thread except for the few people *cough* System_Overload *cough* who can't seem to understand what is trying to be asked. bofhandpfy is obviously looking for a honeypot for Sub7. That is not the trojan itself. It simply mimics the trojan and makes the kiddiot on the other end think that the trojan is working fine until *BAM* it blows up in their face. Again, there is nothing wrong with asking this question. I would understand why you lost your cool, System_Overload, if bofhandpfy had been asking for help using Sub7, but since he's not, go eat a cucumber or something.

*sigh* Immaturity abounds. What a pity.
God bless,
--PhirePhreak

[Tedob1]

there seems to be quit a few people comming in here, thinking this is an anti-hacking site. unless something has changed im not aware of, it is not.

this is a pro security site. many of the folks here are involved in security/administration and some practice what they like to call "white-hat hacking".

good hacking skills have always been respected here.

its important that trojans and exploits be discussed inorder to make people aware of them. but as i said before, many are involved in security, and activly hate script kiddies. so if somebody comes here acting like one, their gonna get flammed, big time.

if someone asks how kiddies get these things onto your system, how they work, how to detect them and protect against them, they'er going to get some helpful answers.

on the other hand if somebody asks how do i put sub7 on my friends computer, let just say, it would be better if they didn't.