August 29th, 2002, 06:36 PM
Awesome software i found...
Hey ppl, i found an awesome trojan a few weeks ago. I have reviewed it over a long period of time, it's bug-free, and amazingly small for the amount of features it has.
The Server Size is only 38.1kb, and that's UNCOMPRESSED! Considering how many features it has that is an amazingly small filesize.
The client is elegantly designed with an easily understandable navigation system, it's even customizable by it's own scripting language. I was amazed when i found out that you could create your own scripts through it's own scripting language. It even has variables for the Windows & System directories, along with many more.
And now the features: It has all the basics, Upload and Download, File Manager, and Task manager. But thats just the start, it also has Registry Editor, Remote Dos Console, Built-in keylogger, Shell Execute, File Search, Registry Explorer, support for multiple simultaneous downloads/uploads (multi-threaded), and support for multiple users to be connected at one time!
The best thing about this trojan is that it works 95% of the time! I have tried others such as NetDevil and SubSeven and many others that rarely work in the situations i require them in. With there bulky size and not quite as many features as the one i found make them extremely inferior.
Overall this is the BEST trojan i have EVER discovered and used. It's called "LithiumRAT", as you may already know, "RAT" stands for "Remote Administartion Tool". If you are interested in grabbing this one, visit the offical site at http://www.lithiumrat.org , they even got a forum if you need to ask a question, and the IRC channel is also quite helpful (usually).
I would personally reccomend this trojan to everyone to try, as i have not had many bad experiences with it. If you have found a better trojan than LithiumRAT or have comments\complaints about it, please post a reply. I would love to hear your opinions.
The Dreadlock Dogg
August 29th, 2002, 06:39 PM
Why would you endorse a trojan at a security website? Did you just completely ignore the FAQ?
Edit : I've read and reread the post to see if you were just on to some new security administrative tools, and I really am not seeing how this is what is really wanted on this site.. Recommendations : delete the post OR provide details on how one can prevent this trojan from entering and infecting their network. If you don't, this thread is going to kill itself from the number of negs you're about to recieve.
\"I believe that you can reach the point where there is no longer any difference between developing the habit of pretending to believe and developing the habit of believing.\"
August 29th, 2002, 06:46 PM
assuming you havent read the faq or the little line under the big purple header.. hackers know the weaknesses... shouldnt you? the whole idea is that since WE are not hackers, WE are antih4xor (at least the black hat variety - going out to to jcadmin). what you just did is comparable to bin laden telling us exactly what he is going to use against us. now please... i know this is your first post... please read the faq.
just like water off a duck\'s back... I AM HERE.
for CMOS help, check out my CMOS tut
August 29th, 2002, 06:49 PM
Tru dat, chefer. This is not the place to boast what a trojan does. But thanks for telling us about it, so we can look it up and learn how to detect and get rid of it. In fact, I am going to test it right now and see how it works and tell all you guys how to detect it.
And if you wanna discuss your little kiddie tools, go elsewhere. Otherwise, shape up and read the FAQ!
Okay, here's how to remove it for DEFAULT settings:
The server listens on port 31415 tcp. Can perfom in UDP, but the SiN tool will not work. Next, it loads itself in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run as "shell32"
shell32 is also dropped in the windows directory.
When the server is executed, the default message is:
"Unable to load SHELL16.DLL, exiting." but that can be changed.
also the server can be password protected and have guest accounts.
reading more, there is a bug for NT users and will be noticable when the attacker tries to get a screenshot:
So you might get freezes. I am also going to tell AV and The Cleaner about this, so it will be detected in future products.
- Capturing screen causes a split second freeze of
computer on server side under NT-based operating
systems - this is really a Windows bug
- Hide cursor does not work properly