|
.:--==--==--==--==-->> Windows 95/98/NT Backdoor by Marc Satur9 <<==--==--==:. :: :: :: Windows 95/98/NT appears to be full of undocumented extras (efg). While :: :: running my BSD box on a windows' network, i noticed that all the remote :: :: administration was coming from a "user" called ADMIN$. :: :: :: :: I then experimented a little and found that sharing any folder as ADMIN$ :: :: is the equivalent of enabling remote administration, only it's not that :: :: easy to find out if the box is "infected". You can share any folder, the :: :: best results usually come from a subfolder deep within the "windows" :: :: directory, one that they won't look in. The only way the user is likely :: :: to detect he is "infected" is to run Netwatcher at the same time that you:: :: are accessing his box. >Editors Comments: Or by using the netstat program:: :: in his Windows Directory< :: :: :: :: The only way he can "clean" it off is to enable and then disable remote :: :: administration. If you hide the shared folder well enough, you should :: :: not get caught at all - The shared folder will also not show as a share :: :: in Netwatcher if it is named ADMIN$ and somewhere within the Windows :: :: directory. :: :: :: :: >Editors Comments: If there is any demand for it, the SoS would be happy :: :: to write a program to install this backdoor on a host. Of course, we :: :: won't bother if nobody asks< :: :: :: `:==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==:'