Remote CD Ejection

Printable View

June 10th, 2002, 02:48 AM
geepod

Remote CD Ejection

A friend of mine is able to eject cd rom drives from across his network that has a mix of Linux (suse), NT,Win2K and Win98 machines. he can do it on any of them as long as he knows the IP address. I find it hard to believe that it is that simple although i have seen it happen although he wont tell me the command or commands. Does anyone know of it or come across it or any ideas how he could be doing and maybe just lying about the command to do it ! i have seen him to do it from a DOS machine that is on the netowrk and ejects the CD on the linux box
June 10th, 2002, 04:47 AM
TechieChick

I found this while doing a simple google search.
It's a free proggy and works on multiple platforms...sounds like it fits the bill to me.

TC
June 10th, 2002, 04:59 AM
Hazarawood

There is no such command which can do that . but you are infacted with some kind of virus like bo and other server controller scan your computer for virus then see if it works. thanks
June 10th, 2002, 05:07 AM
PhirePhreak

Hazarawood sounds like he's on the right track. Smells suspiciously like a Trojan Horse to me. Maybe you should get him to show you the other fun things that Sub7 can do! Like inverting the screen, deleting/renaming files, and getting you frowned upon by all in the security community, getting you busted, etc...

--PhirePhreak
June 10th, 2002, 05:11 AM
TechieChick

Guys..he said his friend can do it over "his" network..not on geepod's computer...unless I am the one that misunderstood...

Geepod? Clarification please?
June 10th, 2002, 05:17 AM
Hazarawood

so those programs can also work no network these programs just need victim with virus and their ip address
June 10th, 2002, 08:30 AM
STeRoiD

Yeah i can do that too over my network, I just go upstairs to my other computer and press the little button near the CD Rom.
Works great for me
June 10th, 2002, 09:02 AM
8*B@LL

erm, guys...i dont think some of you are thinking this all the way through. he spefically stated that "his network that has a mix of Linux (suse), NT,Win2K and Win98". now you name me a single trojan that works on all those systems...or even just a Linux trojan(i dont know of any, thats for sure).

my money is on a legit RAT* like VNC.

*RAT = Remote Administration Tool.
June 10th, 2002, 09:09 AM
Matty_Cross

Re: Remote CD Ejection

Quote:

Originally posted here by geepod
i have seen him to do it from a DOS machine that is on the network and ejects the CD on the linux box

Like 8*B@LL, I don't believe most of you thought it through, other than TC, as he also said he can do it from a DOS machine....

Now, it could be a RAT or VNC like TechieChick stated... or it could be remote execution of a simple program which ejects the CD-ROM Drive.... Windows supports commands being executed remotely (whether intentionally or not), and most likely, Linux does too...
June 10th, 2002, 11:02 AM
Moodyz81

A multi trojan system with IPX/IPS Protocol will do the same :)

Its all about remote computer a backdoor an open port might do more .
June 10th, 2002, 12:52 PM
fiend

Just by experience, trojans aren't terribly hard to make. If he's got any programming knowledge, he probably could have built his own trojan that does that for LINUX and another for Win(Whatever). Then, since he made it, he probably made it to accept any certain signal, maybe some dos command. Therefore, he puts it on each computer and can cause each to pop its CD drive open at any time. Since he made it, the only function was probably the CD-eject.
June 10th, 2002, 03:23 PM
souleman

There are lots of options. VNC will work on any of the os's.. Cool Remote Control http://www.rocketdownload.com/Details/Inte/7341.htm will work on all the windows boxes. Or like MC said, it could be just excuting a remote program. Can't remember the command in Windows, but he may be using rsh in linux. If he has cygwin insalled on all the machines, he could use rsh on all of them.
June 11th, 2002, 09:05 AM
fiend

*Windows can use REXEC, RSH and RCD as well... sorry, forgot about that.
June 11th, 2002, 02:30 PM
gold eagle

might be vnc or a homebrew. Could also be a tag to WAL program.
June 11th, 2002, 02:49 PM
Lady HaxX0r

But did you check TechieChick's link? That seems most probable given the information stated, my vote of approval goes to her! Would the guy be that keen to bung a virus on his own network anyway even if it was just to show off? It's not likely to be a trojan I wouldn't have thought

XXX
June 11th, 2002, 04:28 PM
totallycurious

I guess TC is right.
June 11th, 2002, 04:41 PM
Palemoon

This could easly be done using a login script, any network loads network drive paths etc.. on a multi-platform network master login scripts. I'd say depending on the OS and login scripts for each one. One can do lots of things across a network via the server login script.
June 11th, 2002, 07:02 PM
geepod

hi all, been away for a day so couldnt clarify earlier for techiechick (sorry). Yes it was on my friends network which has a mix of oc, however when he cam to mine he did the same on my network which also has a mix os setup including novell. I know there is no login scripts, he had no method of placing a trojan etc I want him to do it again so i can implement a keystroke logger but i cant get him round here and he just smiles when i ask how he does it. So no trojans,login scripts or any other proggies to his rescue so i am stumped
June 11th, 2002, 07:14 PM
SSJVegeta-Sei

Ok, first...
That's generally a favourite trick in Sub7. I've seen it 10,000,000,000,000 times when the local kiddiot sends first-years screaming from the school library.
Second:
Some of these posts here are being randomly negged since the "balance thing"... I just want to say that I don't think that Hazarawood and STeRoiD deserve to be negged to hell for their comments - Hazarawood didn't say ANYTHING wrong, just that it will work over the internet in general (although he needs some English skillz ;) ) and STeRoiD was just trying to make a joke. Don't hurt the poor newbies, they don't know that they've done anything wrong ;)
Just my two cents.

::EDIT::

Just had a thought... if I recall from my Kiddiot days (long gone!), the SubSeven trojan could be bound to an executable file. Has this guy ever given you ANY program at all? Even something burned on a CD can carry the trojan.

SSJVegeta-Sei
June 11th, 2002, 08:15 PM
8*B@LL

well what user was logged on to the pc he did it from at your place? was it a domain admin or similar? if it was it wouldnt surprise me if it was just some basic dos commands done by the right user.
June 11th, 2002, 08:22 PM
KublaiKhan

Yeesh, you people.....IMHO, you're reading far too much into this......for Linux, you could just ssh in, and use the "eject" command.....and if you share drives over a network for windows, you can make it eject, also.....not everything's a virus, y'know.....

*puts on his asbestos underwear*
June 12th, 2002, 03:20 AM
8*B@LL

kub, the only time you can eject a drive over the network is if it is shared AND YOU HAVE RIGHTS TO; hence my question about which user was logged on...
June 13th, 2002, 12:03 AM
geepod

when he did it on my network he logged in via nt with guest account and used the command prompt to eject the drives on all my machines some logged on and some not ,all he wanted from me was the ip addresses. believe me this has really phased me, i am a MCSE +I, MCT, CCNA,A+,Net+ so i am not ignorant but god it blows me away cos is circumvents all security by being logged in under guest and just uses tcp/ip commands, i really cant figure it out. it has to be somit stupid and if i ever find out from him i wil let you know.
June 13th, 2002, 12:04 AM
geepod

oh and by the way 2 of the drives he ejected werent even shared