Telnet,bios + some stuff..

[projectx]

Telnet - A Tutorial to Telnet and Hacking

Now you may be looking at this going, "What the hell is Telnet?". If you are, don't worry, I'll explain everything. First of all, Telnet is software that allows you to connect to another Telnet Host.In windows systems Telnet is usually called Telnet32.exe or Telnet.exe. In newer versions of windows it is Telnet32.exe.
*** Note to Windows XP users: Don't go and get the old version of Telnet, because you have a DOS-Based one. I'll give commands along this guide so you can enjoy it too. You have to either run "Telnet" or "cmd" and then "Telnet".

Telnet is not illegal and is used by thousands of remote computers to interchange data, share connections, and do many other things that would be impossible without it.The default port for Telnet is port 23. When I say for instance, 'Connect to the sys' I am referring to connecting on the system's default port for Telnet. Sometimes you can't determine a port so you will have to port scan a sys to find the Telnet Ports.
Port 25 is the 'Sendmail Protocol' port. We will be dealing with this port as well.

Telnet Security
Because there are so many problems with Telnet today involving cyber crime and hacking, SysAdmins often restrict anonymous use of their sys's Telnet Proxies. This is cheap and can be bypassed easily.Most SysAdmins are amatures at what they do and make me laugh.They restrict the Telnet proxies on port 23 and think that we can't telnet to other ports such as 81 and 25 because we can't use the Telnet Proxy. Well they are wrong. We can easily do it and we will. Let me point out a system that has this and was not effective. I will star out the IP for privacy.

Welcome to Microsoft Telnet. Telnet32.exe.
o
<to> 202.232.**.**
connecting to 202.232.**.** 23 (The port number)
Connected.
Connection to host lost (unauthorized use of Telnet Proxy(ies).
o
<to> 202.232.**.** 25
Connecting to 202.232.**.** 25 (Watch this..)
Welcome to ********.net Sendmail Program. Welcome to all staff.
vrfy bin
..550 <bin@********.net>
vrfy sys
..550 <sys@********.net>
vrfy root
..550 <root********.net>
vrfy admin
..550 <admin@********.net>
vrfy games
..550 <games@********.net>
vrfy uucp
..550 <uucp@********.net>
q
..550 <command not recognized>
c
Connection to host lost on command.

Ok people is there a problem there? How many addys did I get? Am I supposed to have those? Do I care? No. I am just demonstrating how sh1tty Unix-System security is and how easy it is to use the Telnet Proxy to your advantage. Here, I wil list some commands for all of you running under DOS.

C - Close the Current Connection
D - Display the sys's operating paremeters
O - Connect to a host name (on default port 23) [port]
q - Quit (Exit Telnet).
Set- Set Options
Send - Send data/strings to server

Telnet, as you know so far, is a very useful tool for hackers. Hell, if you can't connect to a computer, you can't hack it. Its that simple.Now the best thing about Telnet is that virtually every Windows computer has it, comes with it, and is able to run it.
Things going wrong on hacking or telnet
I have a Windows 98 computer and I am running Telnet. It gives me a lot more options when connecting to a computer, and these commands don't go anywhere! What do I do? I get the hostname part and all that, just what does Term-Type mean?

Ok people, so many people have asked me this I'm ready to start getting an auto-flame response on my e-mail box LoL. Anyway, here goes:

Term Type means Terminal Type. It is the version of the Telnet Terminal that the host or server is running. You have to specify this, Telnet is not hacker-friendly.

In Windows 98/95/ME you are not running a DOS-Based version of Telnet. You get a client program, somewhat considered shit for me. I like the DOS based one and frankly, I find it a lot easier to use.
I can't connect to the host!
Well, the host either doesn't exist, does not support Telnet Packets or Connections, or is currently restricting proxy access or usage from your addy or all addresses. I went further than you because I thought I knew what I was doing! I got this message saying my hacking attempt was logged! Am I going to go to jail!?!?!

Don't worry, as long as its not with the extension .log or .hlog or .hacklog you're fine, as 95 percent of these messages are BS and lies.

IF THEY'RE LIES, how come they knew I was hacking them?

They don't. They simply search for incoming connections not recognized by the server. If the SysAdmins didn't modify the message, you would have gotten this:

"Error 229292: Data not recognized 8191: Distinct Remote Service Lost or Corrupt."

They just modified it. Breath in, breath out, relax.
My dad or mom found out I was hacking, and my dad's an expert on computers! He made it so I can't view anything on AOL. What the hell's going on! Give me a trick to evade this!

Sure thing. Connect to AOL, ping the site you're trying to view, and type in the IP address. You will get to the homepage, but this isn't that good a trick because you can't ping sub-addys and you're going to get text for the sub-urls. This might or might now work.
I was screwing around with my friends computer. I think I left my information somewhere, but where?

Usually, you have a critical system log. If you delete a system file (which unless you're 133t you'd NEVER EVER do) the computer's going to boot and give you a log of what happened before the deletion of the file so you know what went wrong. If you did happen to delete it, it will list something like "deletion from x.x.x.x. (your IP)". If it does, damn, you're busted. But there are ways of getting rid of this "hacker-knock out". First off, get a WAN-Controller, or any sort of program that lets you input screen or Hardware input by the output. This means you can control their computer with yours. But you can't boot this computer, because it will break the connection.

Access the log files usually in system or system32 (both system files located in C:/Windows or C:/). There, you will see encrypted sh1t. CTRL+A will select it all and delete it all. If you do delete this file, (after you do), try recovering the system file. WHATEVER YOU DO DON'T DO A SYSTEM RESTORE, YOU HAVE BEEN WARNED.
Some hacker has my IP and hacks it every time I log on. It's static, which means it doesn't change. How do I make him stop? I don't know what his IP is, either!

Go to start, run, "netstat -a". Hacking is almost equivalent to connecting, if he's hacking you your connected to him and he's connected to you. Netstat -a is a command that allows you to see all your connections to hosts and servers, associated with TCP/IP. If you see a hostname that you don't recognize, log it. In fact, click Print Screen, go to paint, CTRL+V, Crop the image of the DOS window for Netstat, and save it. That should be quite easy.

[projectx]

1. Hardware and Firmware

1a. The BIOS
The BIOS, short for Basic Input/Output Services, is the control program of the PC. It is responsible for starting up your computer, transferring control of the system to your operating system, and for handling other low-level functions, such as disk access.
NOTE that the BIOS is not a software program, insofar as it is not purged from memory when you turn off the computer. It's
firmware, which is basically software on a chip.

A convenient little feature that most BIOS manufacturers include is a startup password. This prevents access to the system until you enter the correct password.
If you can get access to the system after the password has been entered, then there are numerous software-based BIOS password extractors available from your local H/P/A/V site.


NETBIOS/NBTSTAT - What does it do?

2. NETBIOS, also known as NBTSTAT is a program run on the Windows system and is used for identifying a remote network or computer for file sharing enabled. We can expoit systems using this method. It may be old but on home pc's sometimes it still works great. You can use it on your friend at home or something. I don't care what you do, but remember, that you are reading this document because you want to learn. So I am going to teach you. Ok. So, you ask, "How do i get to NBTSTAT?" Well, there are two ways, but one's faster.

Method 1:Start>Programs>MSDOS PROMPT>Type NBTSTAT
Method 2:Start>Run>Type Command>Type NBTSTAT
(Note: Please, help your poor soul if that isn't like feeding you with a baby spoon.)

Ok! Now since you're in the DOS command under NBTSTAT, you're probably wondering what all that crap is that's on your screen. These are the commands you may use. I'm only going to give you what you need to know since you are striving to be l33t. Your screen should look like the following:

NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n]
[-r] [-R] [-RR] [-s] [-S] [interval] ]

-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its IP address.
-c (cache) Lists NBT's cache of remote [machine] names and their IP addresses
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS
-R (Reload) Purges and reloads the remote cache name table
-S (Sessions) Lists sessions table with the destination IP addresses
-s (sessions) Lists sessions table converting destination IP addresses to computer NETBIOS names.
-RR (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refresh

RemoteName Remote host machine name.
IP address Dotted decimal representation of the IP address.
interval Redisplays selected statistics, pausing interval seconds between each display. Press Ctrl+C to stop redisplaying
statistics.

C:\WINDOWS\DESKTOP>

The only two commands that are going to be used and here they are:

-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its IP address.

Host Names

3. Now, the -a means that you will type in the HOST NAME of the person's computer that you are trying to access. Just in case you don't have any idea what a Host Name looks like here's an example.

123-fgh-ppp.internet.com

there are many variations of these adresses. For each different address you see there is a new ISP assigned to that computer. look at the difference.

abc-123.internet.com
ghj-789.newnet.com

these are differnet host names as you can see, and, by identifying the last couple words you will be able to tell that these are two computers on two different ISPs. Now, here are two host names on the same ISP but a different located server.

123-fgh-ppp.internet.com
567-cde-ppp.internet.com

IP Addresses

4. You can resolce these host names if you want to the IP address (Internet Protocol)
IP addresses range in different numbers. An IP looks like this:

201.123.101.123

Most times you can tell if a computer is running on a cable connection because of the IP address's numbers. On faster connections, usually the first two numbers are low. here's a cable connection IP.

24.18.18.10

on dialup connections IP's are higher, like this:

208.148.255.255

notice the 208 is higher than the 24 which is the cable connection.

REMEMBER THOUGH, NOT ALL IP ADDRESSES WILL BE LIKE THIS.
Some companies make IP addresses like this to fool the hacker into believing it's a dialup, as a hacker would expect something big, like a T3 or an OC-18. Anyway This gives you an idea on IP addresses which you will be using on the nbtstat command.

Getting The IP Through DC (Direct Connection)

5. First. You're going to need to find his IP or host name. Either will work. If you are on mIRC You can get it by typing /whois (nick) ...where (nick) is the persons nickname without parenthesis. you will either get a host name or an IP. copy it down. If you do not get it or you are not using mIRC then you must direct connect to their computer or you may use a sniffer to figure out his IP or host name. It's actually better to do it without the sniffer because most sniffers do not work now-a-days. So you want to establish a direct connection to their computer. OK, what is a direct connection? When you are:

Sending a file to their computer you are directly connected.
AOL INSTANT MESSENGER allows a Direct Connection to the user if accepted.
ICQ when sending a file or a chat request acception allows a direct connection.
Any time you are sending a file. You are directly connected. (Assuming you know the user is not using a proxy server.)
Voice Chatting on Yahoo establishes a direct connection.

If you have none of these programs, either i suggest you get one, get a sniffer, or read this next statement.

If you have any way of sending thema link to your site that enables site traffic statistics, and you can log in, send a link to your site, then check the stats and get the IP of the last visitor. It's a simple and easy method i use. It even fool some smarter hackers, because it catches them off guard. Anyway, once you are directly connected use either of the two methods i showed you earlier and get into DOS. Type NETSTAT -n. NETSTAT is a program that's name is short for NET STATISTICS. It will show you all computers connected to yours. (This is also helpful if you think you are being hacked by a trojan horse and is on a port that you know such as Sub Seven: 27374.) Your screen should look like this showing the connections to your computer:

------------------------------------------------------------------------------------------------

C:\WINDOWS\DESKTOP>netstat -n

Active Connections

Proto Local Address Foreign Address State
TCP 172.255.255.82:1027 205.188.68.46:13784 ESTABLISHED
TCP 172.255.255.82:1036 205.188.44.3:5190 ESTABLISHED
TCP 172.255.255.82:1621 24.131.30.75:66 CLOSE_WAIT
TCP 172.255.255.82:1413 205.188.8.7:26778 ESTABLISHED
TCP 172.255.255.82:1483 64.4.13.209:1863 ESTABLISHED

C:\WINDOWS\DESKTOP>

------------------------------------------------------------------------------------------------

The first line indicated the Protocol (language) that is being used by the two computers.
TCP (Transfer Control Protocol) is being used in this and is most widely used.

Local address shows your IP address, or the IP address of the system you on.

Foreign address shows the address of the computer connected to yours.

State tells you what kind of connection is being made ESTABLISHED - means it will stay connected to you as long as you are on the program or as long as the computer is allowing or is needing the other computers connection to it. CLOSE_WAIT means the connection closes at times and waits until it is needed or you resume connection to be made again. One that isn't on the list is TIME_WAIT which means it is timed. Most Ads that run on AOL are using TIME_WAIT states.

the way you know the person is directly connected to your computer is because of this:

------------------------------------------------------------------------------------------------

C:\WINDOWS\DESKTOP>netstat -n

Active Connections

Proto Local Address Foreign Address State
TCP 172.255.255.82:1027 205.188.68.46:13784 ESTABLISHED
TCP 172.255.255.82:1036 205.188.44.3:5190 ESTABLISHED
TCP 172.255.255.82:1621 24.131.30.75:66 CLOSE_WAIT
TCP 172.255.255.82:1413 abc-123-ppp.webnet.com ESTABLISHED
TCP 172.255.255.82:1483 64.4.13.209:1863 ESTABLISHED

C:\WINDOWS\DESKTOP>

------------------------------------------------------------------------------------------------

Notice the host name is included in the fourth line instead of the IP address on all. This is almost ALWAYS, the other computer that is connected to you. So here, now, you have the host name:

abc-123-ppp.webnet.com

If the host name is not listed and the IP is then it NO PROBLEM because either one works exactly the same. I am using abc-123-ppp.webnet.com host name as an example. Ok so now you have the IP and/or host name of the remote system you want to connect to. Time to hack!

Open up your DOS command. Open up NBTSTAT by typing NBTSTAT. Ok, there's the crap again. Well, now time to try out what you have leanred from this document by testing it on the IP and/or host name of the remote system. Here's the only thing you'll need to know.

IMPORTANT, READ NOW!!!

-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its IP address.

Remember this?
Time to use it.

-a will be the host name
-A will be the IP

How do i know this?
Read the Statements following the -a -A commands. It tells you there what each command takes.

So have you found which one you have to use?

GOOD!
Time to start.

Using it to your advantage

6. Type this if you have the host name only.
NBTSTAT -a (In here put in hostname without parenthesis)

Type this is you have the IP address only.
NBTSTAT -A (In here put in IP address without parenthesis)

Now, hit enter and wait. Now Either one of two things came up
1. Host not found
2. Something that looks like this:

--------------------------------------------

NetBIOS Local Name Table

Name Type Status
---------------------------------------------
GMVPS01 <00> UNIQUE Registered
WORKGROUP <00> GROUP Registered
GMVPS01 <03> UNIQUE Registered
GMVPS01 <20> UNIQUE Registered
WORKGROUP <1E> GROUP Registered

---------------------------------------------

If the computer responded "Host not found" Then either one of two things are the case:

1. You screwed up the host name.
2. The host is not hackable.
If number one is the case you're in great luck. If two, This system isn't hackable using the NBTSTAT command. So try another system.

If you got the table as above to come up, look at it carefully as i describe to you each part and its purpose.

Name - states the share name of that certain part of the computer

<00>, <03>, <20>, <1E> - Are the Hexidecimal codes giving you the services available on that share name.

Type - Is self-explanatory. It's either turned on, or activated by you, or always on.

Status - Simply states that the share name is working and is activated.

Look above and look for the following line:

GMVPS01 <20> UNIQUE Registered

See it?
GOOD! Now this is important so listen up. The Hexidecimanl code of <20> means that file sharing is enabled on the share name that is on that line with the hex number. So that means GMVPS01 has file sharing enabled. So now you want to hack this. Here's How to do it. (This is the hard part)

LMHOST File

7. There is a file in all Windows systems called LMHOST.sam. We need to simply add the IP into the LMHOST file because LMHOST basically acts as a network, automatically logging you on to it. So go to Start, Find, FIles or Folders. Type in LMHOST and hit enter. when it comes up open it using a text program such as wordpad, but make sure you do not leave the checkmark to "always open files with this extension" on that. Simply go through the LMHOST file until you see the part:



# This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts
# files and offers the following extensions:
#
# #PRE
# #DOM:
# #INCLUDE
# #BEGIN_ALTERNATE
# #END_ALTERNATE
# \0xnn (non-printing character support)
#
# Following any entry in the file with the characters "#PRE" will cause
# the entry to be preloaded into the name cache. By default, entries are
# not preloaded, but are parsed only after dynamic name resolution fails.
#
# Following an entry with the "#DOM:" tag will associate the
# entry with the domain specified by . This affects how the
# browser and logon services behave in TCP/IP environments. To preload
# the host name associated with #DOM entry, it is necessary to also add a
# #PRE to the line. The is always preloaded although it will not
# be shown when the name cache is viewed.
#
# Specifying "#INCLUDE " will force the RFC NetBIOS (NBT)
# software to seek the specified and parse it as if it were
# local. is generally a UNC-based name, allowing a
# centralized lmhosts file to be maintained on a server.
# It is ALWAYS necessary to provide a mapping for the IP address of the
# server prior to the #INCLUDE. This mapping must use the #PRE directive.
# In addtion the share "public" in the example below must be in the
# LanManServer list of "NullSessionShares" in order for client machines to
# be able to read the lmhosts file successfully. This key is under
# \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares
# in the registry. Simply add "public" to the list found there.
#
# The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
# statements to be grouped together. Any single successful include
# will cause the group to succeed.
#
# Finally, non-printing characters can be embedded in mappings by
# first surrounding the NetBIOS name in quotations, then using the
# \0xnn notation to specify a hex value for a non-printing character.

Read this over and over until you understand the way you want your connection to be set. Here's an example of how to add an IP the way I would do it:

#PRE #DOM:255.102.255.102 #INCLUDE

Pre will preload the connection as soon as you log on to the net. DOM is the domain or IP address of the host you are connecting to. INCLUDE will automaticall set you to that file path. In this case as soon as I log on to the net I will get access to 255.102.255.102 on the C:/ drive. The only problem with this is that by doin the NETSTAT command while you are connected, and get the IP of your machine. That's why it only works on simple PC machines. Because people in these days are computer illiterate and have no idea of what these commands can do. They have no idea what NETSTAT is, so you can use that to your advantage. Most PC systems are kind of hard to hack using this method now because they are more secure and can tell when another system is trying to gain access. Also, besure that you (somehow) know whether they are running a firewall or not because it will block the connection to their computer. Most home systems aren't running a firewall, and to make it better, they don't know how operate the firewall, therefore, leaving the hole in the system. To help you out some, it would be a great idea to pick up on some programming languages to show you how the computer reads information and learn some things on TCP/IP (Transfer Control Protocol/Internet Protocol) If you want to find out whether they are running a firewall, simply hop on a Proxy and do a port scan on their IP. You will notice if they are running a firewall because most ports are closed. Either way, you still have a better chance of hacking a home system than hacking Microsoft.

Gaining Access
7. Once you have added this to you LMHOST file. You are basically done. All you need to do is go to:

Start
Find
Computer

Once you get there you simply type the IP address or the host name of the system. When it comes up, simply double click it, and boom! There's a GUI for you so you don't have to use DOS anymore. You can use DOS to do it, but it's more simple and fun this way, so that's the only way i put it. When you open the system you can edit, delete, rename, do anything to any file you wish. I would also delete the command file in C:/ because they may use it if they think someone is in their computer. Or simply delete the shortcut to it. Then here's when the programming comes in handy. Instead of using the NBTSTAT method all the time, you can then program you own trojan on your OWN port number and upload it to the system. Then you will have easier access and you will also have a better GUI, with more features. DO NOT allow more than one connection to the system unless they are on a faster connection. If you are downloading something from their computer and they don't know it and their connection is being slow, they may check their NETSTAT to see what is connected, which will show your IP and make them suspicious. Thats it. All there is to it. Now go out and scan a network or something and find a computer with port 21 or something open.

[projectx]

HOTMAIL

#1:Keylogger
A keylogger copies all the buttons pressed by the victim in a .txt file,all you need is access to the victims PC with a trojan or even go there with a disc ,this is one of the best ways to get his user-password and log in his account and many more things!

#2:Trojan
Some trojans have an option that gets the victims passwords and usernames by pressin a button ,all you have to do is infect him ... (not all of the victims will have the auto-coplete on so this will wont work 100%)

#3:HoaX Toolbox v1.1
This is a PHP script that creates a website with an admin area that allows the user to choose between fake login pages of MSN Messenger, Hotmail, Yahoo and Google Mail, once you set up the script on a server that has PHP and SQL you will be able to log in the administration page and choose the fake login page to display to the main site, when the victim tries to log-in their mail/messenger, the website keeps the user/pass information in a log file that you can view anytime from the admin area, if the victim is not stupid enough to add their real log-in because they read the URL of your server instead of reading hotmail.com or yahoo.com in the URL bar then remember you can pop-up the main page of the site and disable the URL bar on the explorer, so when the user clicks on your real site the link "Yahoo Mail" an explorer without URL bar pops up, if you dont know how to pop up customized browsers search google
Click here for more about HoaX Toolbox

Way #4:Brute Forcer
Called brute forcers , some programs made to send multiple password or user/password request to a server, untill they get the right password for the username!This way might take long or might not work at all with Hotmail now but who knows?There are other e-mail providers too...

[projectx]

Detailed Trojans Port List, Protocol/Port/Trojan/Version

TCP 1 Breach.2001, SocketsDeTroie.230, SocketsDeTroie.250
TCP 28 Amanda.200
TCP 31 MastersParadise.920
TCP 68 Subseven.100
TCP 142 NetTaxi.180
TCP 146 Infector.141, Intruder.100, Intruder.100
TCP 171 ATrojan.200
TCP 285 WCTrojan.100
TCP 286 WCTrojan.100
TCP 334 Backage.310
TCP 370 NeuroticKat.120, NeuroticKat.130
TCP 413 Coma.109
TCP 420 Breach.450
TCP 555 Id2001.100, PhaseZero.100, StealthSpy.100
TCP 623 Rtb666.160
TCP 660 Zaratustra.100
TCP 661 Noknok.800, Noknok.820
TCP 666 BackConstruction.210, BackConstruction.250, Bla.100, Bla.200, Bla.400, Bla.503, Cain.150, Dimbus.100, Noknok.820, Ripper.100, SatansBackdoor.100, SatansBackdoor.101, SatansBackdoor.102, Unicorn.100, Unicorn.101, Unicorn.110
TCP 667 SniperNet.210, Snipernet.220
TCP 668 Unicorn.101, Unicorn.110
TCP 680 Rtb666.160
TCP 777 Tiny.100, Undetected.230, Undetected.300, Undetected.310, Undetected.320, Undetected.330, Undetected.331, Undetected.332
TCP 785 NetworkTerrorist.100
TCP 800 NeuroticKitten.010
TCP 831 NeuroticKat.100, NeuroticKat.120, NeuroticKat.130
TCP 901 NetDevil.130, NetDevil.140
TCP 1000 DerSpaeher.200
TCP 1001 Silencer.100
TCP 1008 AutoSpy.100
TCP 1010 DerSpaeher.200
TCP 1015 Doly.150
TCP 1111 TPort.100
TCP 1130 Noknok.800, Noknok.820
TCP 1207 SoftWAR.100
TCP 1243 Subseven.100, SubSeven.110, SubSeven.180, SubSeven.190, Subseven.200
TCP 1245 VoodooDoll.006
TCP 1269 Matrix.130
TCP 1480 RemoteHack.130
TCP 1568 RemoteHack.100, RemoteHack.110
TCP 1600 DirectConnection.100
TCP 1601 DirectConnection.100
TCP 1602 DirectConnection.100
TCP 1634 NetCrack.100
TCP 1784 Snid.120, Snid.212
TCP 1999 TransmissionScout.100, TransmissionScout.110
TCP 2000 ATrojan.200, InsaneNetwork.400
TCP 2001 DIRT.220, TrojanCow.100
TCP 2003 TransmissionScout.100, TransmissionScout.110
TCP 2023 RipperPro.100
TCP 2040 InfernoUploader.100
TCP 2115 Bugs.100
TCP 2140 DeepThroat.100, DeepThroat.200, DeepThroat.310
TCP 2332 SilentSpy.202
TCP 2589 Dagger.140
TCP 2600 DigitalRootbeer.100
TCP 2989 Rat.200
TCP 3128 MastersParadise.970
TCP 3129 MastersParadise.920, MastersParadise.970
TCP 3150 DeepThroat.100, DeepThroat.200, DeepThroat.310, MiniBacklash.110
TCP 3215 BlackStar.100, Ghost.230
TCP 3333 Daodan.123
TCP 3410 OptixPro.100, OptixPro.110
TCP 3456 Force.155, TerrorTrojan.100
TCP 3505 AutoSpy.130, AutoSpy.140
TCP 3586 Snid.120, Snid.212
TCP 3700 PortalOfDoom.100
TCP 3723 Mantis.100
TCP 3800 Eclypse.100
TCP 3996 RemoteAnything.364
TCP 4000 SkyDance.220, SkyDance.229
TCP 4201 Wartrojan.160, Wartrojan.200
TCP 4225 SilentSpy.202
TCP 4321 Bobo.100
TCP 4444 AlexTrojan.200, Crackdown.100
TCP 4488 EventHorizon.100
TCP 4523 Celine.100
TCP 4545 InternalRevise.100, RemoteRevise.150
TCP 4567 FileNail.100
TCP 4666 Mneah.100
TCP 4950 ICQTrojan.100
TCP 5005 Aladino.060
TCP 5025 Keylogger.WMRemote.100
TCP 5031 NetMetro.104
TCP 5032 NetMetro.104
TCP 5033 NetMetro.104
TCP 5050 RoxRat.100
TCP 5151 OptixLite.020, OptixLite.030, OptixLite.040
TCP 5190 MBomber.100
TCP 5277 WinShell.400
TCP 5343 WCRat.100
TCP 5400 BackConstruction.120, BackConstruction.150, BladeRunner.080, DeepThroat.300
TCP 5401 BackConstruction.120, BackConstruction.150, BackConstruction.210, BackConstruction.250, BladeRunner.080, DeepThroat.300, Mneah.100
TCP 5402 BackConstruction.210, BackConstruction.250, BladeRunner.080, DeepThroat.300, Mneah.100
TCP 5534 TheFlu.100
TCP 5550 XTCP.200, XTCP.201
TCP 5555 Noxcape.100, Noxcape.200
TCP 5695 Assassin.100
TCP 5714 WinCrash.100
TCP 5741 WinCrash.100
TCP 5742 WinCrash.103
TCP 5802 Y3KRat.160
TCP 5810 Y3KRat.160
TCP 5838 Y3KRat.170
TCP 5858 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5880 Y3KRat.140
TCP 5881 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5882 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
TCP 5883 Y3KRat.110, Y3KRat.140
TCP 5884 Y3KRat.140, Y3KRat.150
TCP 5885 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5886 Y3KRat.120, Y3KRat.140
TCP 5887 Y3KRat.110, Y3KRat.120, Y3KRat.140
TCP 5888 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
TCP 5889 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
TCP 5890 Y3KRat.140
TCP 6400 Thething.100, Thething.150
TCP 6556 AutoSpy.120, AutoSpy.122
TCP 6655 Aqua.020
TCP 6660 LameSpy.095
TCP 6666 LameRemote.100, ProjectMayhem.100
TCP 6669 Vampire.100
TCP 6670 DeepThroat.200, DeepThroat.210
TCP 6671 DeepThroat.310
TCP 6699 HostControl.101
TCP 6711 DeepThroat.300, Noknok.820, SubSeven.180, SubSeven.190
TCP 6712 Subseven.100
TCP 6713 Subseven.100
TCP 6767 NTRC.120
TCP 6776 SubSeven.180, SubSeven.190, Subseven.200
TCP 6789 Doly.200
TCP 6796 SubSeven.214
TCP 6912 ShitHeep.100
TCP 6939 Indoctrination.100
TCP 6953 Lithium.100
TCP 6969 2000Cracks.100, Bigorna.100, Danton.110, Danton.210, Danton.220, Danton.310, Danton.320, Danton.330, GateCrasher.110, NetController.108, Sparta.110, VagrNocker.120
TCP 6970 Danton.330
TCP 7001 Freak88.100
TCP 7119 Massaker.100
TCP 7200 Massaker.110
TCP 7300 Coced.221
TCP 7301 Coced.221
TCP 7306 NetSpy.200, NetSpy.200
TCP 7410 Phoenix.190, Phoenix.200
TCP 7511 Genue.100
TCP 7609 Snid.120, Snid.212
TCP 7614 Wollf.130
TCP 7648 BlackStar.100, Ghost.230
TCP 7788 Last.2000, Matrix.200
TCP 7826 MiniOblivion.010, Oblivion.010
TCP 7887 SmallFun.110
TCP 7891 Revenger.100
TCP 7979 VagrNocker.200
TCP 7997 VagrNocker.200
TCP 8000 XConsole.100
TCP 8011 Way.240
TCP 8012 Ptakks.215, Ptakks.217
TCP 8110 LoseLove.100
TCP 8111 LoseLove.100
TCP 8301 LoseLove.100
TCP 8302 LoseLove.100
TCP 8372 NetBoy.100
TCP 8720 Connection.130
TCP 8734 AutoSpy.110
TCP 8811 Force.155
TCP 8899 Last.2000
TCP 9000 Aristotles.100
TCP 9301 LoseLove.100
TCP 9400 InCommand.100, InCommand.110, InCommand.120, InCommand.130, InCommand.140, InCommand.150, InCommand.153, InCommand.160, InCommand.167, InCommand.170
TCP 9401 InCommand.100, InCommand.110, InCommand.170
TCP 9402 InCommand.100, InCommand.110
TCP 9561 CRatPro.110
TCP 9563 CRatPro.110
TCP 9580 TheefLE.100
TCP 9696 Danton.210, Ghost.230
TCP 9697 Danton.320, Danton.330, Ghost.230
TCP 9870 R3C.100
TCP 9872 PortalOfDoom.100
TCP 9873 PortalOfDoom.100
TCP 9874 PortalOfDoom.100
TCP 9875 PortalOfDoom.100
TCP 9876 Rux.100, SheepGoat.100
TCP 9877 SmallBigBrother.020
TCP 9878 SmallBigBrother.020, TransmissionScout.100, TransmissionScout.110, TransmissionScout.120
TCP 9879 SmallBigBrother.020
TCP 9999 ForcedEntry.100, Infra.100, Prayer.120, Prayer.130, TakeOver.200, TakeOver.300
TCP 10001 DTr.130, DTr.140
TCP 10013 Amanda.200
TCP 10067 PortalOfDoom.100
TCP 10100 Gift.240
TCP 10101 NewSilencer.100
TCP 10167 PortalOfDoom.100
TCP 10528 HostControl.100, HostControl.260
TCP 10607 Coma.109
TCP 10666 Ambush.100
TCP 11011 Amanda.200
TCP 11050 HostControl.101
TCP 11051 HostControl.100, HostControl.260
TCP 11223 AntiNuke.100, Progenic.100, Progenic.110
TCP 11225 Cyn.100, Cyn.103, Cyn.120
TCP 11306 Noknok.800, Noknok.820
TCP 11831 Katux.200, Latinus.140, Latinus.150, Pest.100, Pest.400
TCP 11991 PitfallSurprise.100
TCP 12043 Frenzy.2000
TCP 12345 Fade.100, Netbus.160, Netbus.170, VagrNocker.400
TCP 12346 Netbus.160, Netbus.170
TCP 12348 Bionet.210, Bionet.261, Bionet.280, Bionet.302, Bionet.305, Bionet.311, Bionet.313, Bionet.316, Bionet.317
TCP 12349 Bionet.084, Bionet.261, Bionet.280, Bionet.302, Bionet.305, Bionet.311, Bionet.313, Bionet.314, Bionet.316, Bionet.317, Bionet.401, Bionet.402
TCP 12389 KheSanh.210
TCP 12478 Bionet.210
TCP 12623 Buttman.090, Buttman.100
TCP 12624 Buttman.090, Buttman.100
TCP 12625 Buttman.100
TCP 12904 Akropolis.100, Rocks.100
TCP 13473 Chupacabra.100
TCP 13753 AFTP.010
TCP 14100 Eurosol.100
TCP 14194 CyberSpy.840
TCP 14286 HellDriver.100
TCP 14500 PCInvader.050, PCInvader.060, PCInvader.070
TCP 14501 PCInvader.060, PCInvader.070
TCP 14502 PCInvader.050, PCInvader.060, PCInvader.070
TCP 14503 PCInvader.050, PCInvader.060, PCInvader.070
TCP 14504 PCInvader.050, PCInvader.060
TCP 15092 HostControl.100, HostControl.260
TCP 15382 SubZero.100
TCP 15432 Cyn.210
TCP 15555 ICMIBC.100
TCP 16322 LastDoor.100
TCP 16484 MoSucker.110
TCP 16661 Dfch.010
TCP 16969 Progenic.100
TCP 16982 AcidShiver.100
TCP 17300 Kuang.200
TCP 17499 CrazzyNet.370, CrazzyNet.375, CrazzyNet.521
TCP 17500 CrazzyNet.370, CrazzyNet.375, CrazzyNet.521
TCP 17569 Infector.141, Infector.160, Infector.170, Infector.180, Infector.190, Infector.200, Intruder.100, Intruder.100
TCP 17593 AudioDoor.120
TCP 19191 BlueFire.035, BlueFire.041
TCP 19604 Metal.270
TCP 19605 Metal.270
TCP 19991 Dfch.010
TCP 20000 Millenium.100
TCP 20001 Millenium.100, PshychoFiles.180
TCP 20002 AcidKor.100, PshychoFiles.180
TCP 20005 MoSucker.200, MoSucker.210, MoSucker.220
TCP 21212 Schwindler.182
TCP 21554 Exploiter.100, Exploiter.110, Girlfriend.130, GirlFriend.135
TCP 21579 Breach.2001
TCP 21584 Breach.2001
TCP 21684 Intruse.134
TCP 22068 AcidShiver.110
TCP 22115 Cyn.120
TCP 22222 Prosiak.047, Ruler.141, Rux.300, Rux.400, Rux.500, Rux.600
TCP 22223 Rux.400, Rux.500, Rux.600
TCP 22456 Bla.200, Bla.503
TCP 22457 AcidShiver.120, Bla.200, Bla.503
TCP 22784 Intruzzo.110
TCP 22845 Breach.450
TCP 22847 Breach.450
TCP 23005 Infinaeon.110, NetTrash.100, Oxon.110, WinRat.100
TCP 23006 Infinaeon.110, NetTrash.100, Oxon.110, WinRat.100
TCP 23032 Amanda.200
TCP 23432 Asylum.010, Asylum.012, Asylum.013, Asylum.014, MiniAsylum.110
TCP 23456 EvilFTP.100, VagrNocker.400
TCP 23476 DonaldDick.153, DonaldDick.154, DonaldDick.155
TCP 23477 DonaldDick.153
TCP 24000 Infector.170
TCP 24307 Wildek.020
TCP 25386 MoonPie.220
TCP 25486 MoonPie.220
TCP 25555 FreddyK.100, FreddyK.200
TCP 25556 FreddyK.100
TCP 25685 MoonPie.010, MoonPie.012, MoonPie.130, MoonPie.220, MoonPie.240, MoonPie.400
TCP 25686 MoonPie.135, MoonPie.200, MoonPie.400
TCP 25982 MoonPie.135, MoonPie.200
TCP 26274 Delta.050
TCP 27160 MoonPie.135, MoonPie.200
TCP 27184 Alvgus.100, Alvgus.800
TCP 27374 Muerte.110, Subseven.210, SubSeven.213
TCP 28429 Hack'a'Tack.2000
TCP 28430 Hack'a'Tack.2000
TCP 28431 Hack'a'Tack.2000
TCP 28432 Hack'a'Tack.2000
TCP 28433 Hack'a'Tack.2000
TCP 28434 Hack'a'Tack.2000
TCP 28435 Hack'a'Tack.2000
TCP 28436 Hack'a'Tack.2000
TCP 29559 DuckToy.100, DuckToy.101, Katux.200, Latinus.140, Latinus.150, Pest.100, Pest.400
TCP 29891 Unexplained.100
TCP 30000 Infector.170
TCP 30001 Error32.100
TCP 30003 LamersDeath.100
TCP 30029 AOLTrojan.110
TCP 30100 NetSphere.127, NetSphere.130, NetSphere.131
TCP 30101 NetSphere.127, NetSphere.130, NetSphere.131
TCP 30102 NetSphere.127, NetSphere.130, NetSphere.131
TCP 30103 NetSphere.131
TCP 30947 Intruse.134
TCP 31320 LittleWitch.400, LittleWitch.420
TCP 31337 BackOrifice.120, Khaled.100, OPC.200
TCP 31415 Lithium.101
TCP 31416 Lithium.100, Lithium.101
TCP 31557 Xanadu.110
TCP 31631 CleptoManicos.100
TCP 31745 Buschtrommel.100, Buschtrommel.122
TCP 31785 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31787 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31789 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31791 Hack'a'Tack.100, Hack'a'Tack.112
TCP 31887 BDDT.100
TCP 31889 BDDT.100
TCP 32100 ProjectNext.053
TCP 32418 AcidBattery.100
TCP 32791 Akropolis.100, Rocks.100
TCP 33291 RemoteHak.001
TCP 33333 Blackharaz.100, Prosiak.047, SubSeven.214
TCP 33577 SonOfPsychward.020
TCP 34324 TelnetServer.100
TCP 34763 Infector.180, Infector.190, Infector.200
TCP 35000 Infector.190, Infector.200
TCP 35600 Subsari.140
TCP 36794 BugBear.100
TCP 37237 Mantis.020
TCP 37651 YAT.210
TCP 37653 YAT.310
TCP 40308 Subsari.140
TCP 40412 TheSpy.100
TCP 40421 MastersParadise.970
TCP 40422 MastersParadise.970
TCP 40999 DiemsMutter.110, DiemsMutter.140
TCP 41626 Shah.100
TCP 44444 Prosiak.070
TCP 45673 Akropolis.100, Rocks.100
TCP 47262 Delta.050
TCP 48006 Fragglerock.200
TCP 49683 HolzPferd.210
TCP 50000 Infector.180
TCP 50130 Enterprise.100
TCP 50766 Fore.100
TCP 51234 Cyn.210
TCP 51966 Cafeini.080, Cafeini.110
TCP 54321 PCInvader.010
TCP 57341 NetRaider.100
TCP 57922 Bionet.084
TCP 58008 Tron.100
TCP 58009 Tron.100
TCP 59090 AcidReign.200
TCP 59211 DuckToy.100, DuckToy.101
TCP 59345 NewFuture.100
TCP 60000 DeepThroat.300, MiniBacklash.100, MiniBacklash.101, MiniBacklash.101
TCP 60411 Connection.100, Connection.130
TCP 60412 Connection.130
TCP 60552 RoxRat.100
TCP 63536 InsaneNetwork.500
TCP 63878 AphexFTP.100
TCP 63879 AphexFTP.100
TCP 64969 Lithium.100
TCP 65000 Socket.100
UDP 1 SocketsDeTroie.250
UDP 666 Bla.200, Bla.400, Bla.503, Noknok.820
UDP 1130 Noknok.800, Noknok.820
UDP 2140 DeepThroat.100, DeepThroat.200, DeepThroat.310
UDP 2989 Rat.200
UDP 3128 MastersParadise.970
UDP 3129 MastersParadise.920, MastersParadise.970
UDP 3150 DeepThroat.100, DeepThroat.200, DeepThroat.310, MiniBacklash.110
UDP 3333 Daodan.123
UDP 3800 Eclypse.100
UDP 3996 RemoteAnything.364
UDP 4000 RemoteAnything.364
UDP 5555 Daodan.123
UDP 5881 Y3KRat.110, Y3KRat.140
UDP 5882 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.140, Y3KRat.150
UDP 5883 Y3KRat.110, Y3KRat.140
UDP 5884 Y3KRat.140, Y3KRat.150
UDP 5885 Y3KRat.110, Y3KRat.120, Y3KRat.140
UDP 5886 Y3KRat.120, Y3KRat.140
UDP 5887 Y3KRat.110, Y3KRat.120, Y3KRat.140
UDP 5888 Y3KRat.100, Y3KRat.110, Y3KRat.120, Y3KRat.150
UDP 6953 Lithium.100
UDP 8012 Ptakks.217
UDP 10067 PortalOfDoom.100
UDP 10167 PortalOfDoom.100
UDP 10666 Ambush.100
UDP 11225 Cyn.100, Cyn.103, Cyn.120
UDP 11306 Noknok.800, Noknok.820
UDP 12389 KheSanh.210
UDP 12623 Buttman.090, Buttman.100
UDP 12625 Buttman.100
UDP 14100 Eurosol.100
UDP 23476 DonaldDick.155
UDP 26274 Delta.050
UDP 27184 Alvgus.100
UDP 28431 Hack'a'Tack.2000
UDP 28432 Hack'a'Tack.2000
UDP 28433 Hack'a'Tack.2000
UDP 28434 Hack'a'Tack.2000
UDP 28435 Hack'a'Tack.2000
UDP 28436 Hack'a'Tack.2000
UDP 29891 Unexplained.100
UDP 30103 NetSphere.131
UDP 31320 LittleWitch.400, LittleWitch.420
UDP 31337 BackOrifice.120, OPC.200
UDP 31416 Lithium.100, Lithium.101
UDP 31789 Hack'a'Tack.100, Hack'a'Tack.112
UDP 31791 Hack'a'Tack.100, Hack'a'Tack.112
UDP 33333 Blackharaz.100
UDP 47262 Delta.050
UDP 49683 HolzPferd.210
UDP 60000 MiniBacklash.100

[projectx]

What are viruses.
Viruses are "programs" that modify other programs on a computer, inserting copies of themselves. Viruses are not distinct programs - they cannot run on their own, and need to have some host program, of which they are a part, executed to activate them.

Varieties.

Stealth Virus:A stealth virus has code in it that seeks to conceal itself from discovery or defends itself against attempts to analyze or remove it. The stealth virus adds itself to a file or boot sector but, when you examine, it appears normal and unchanged. The stealth virus performs this trickery by staying in memory after it is executed. From there, it monitors and intercepts your system calls. When the system seeks to open an infected file, the stealth virus displays the uninfected version, thus hiding itself.
Macro viruses:Macro languages are (often) equal in power to ordinary programming languages such as C. A program written in a macro language is interpreted by the application. Macro languages are conceptually no different from so-called scripting languages. Gnu Emacs uses Lisp, most Microsoft applications use Visual Basic Script as macro languages. The typical use of a macro in applications, such as MS Word, is to extend the features of the application. Some of these macros, known as auto-execute macros, are executed in response to some event, such as opening a file, closing a file, starting an application, and even pressing a certain key. A macro virus is a piece of self-replicating code inserted into an auto-execute macro. Once a macro is running, it copies itself to other documents, delete files, etc. Another type of hazardous macro is one named for an existing command of the application. For example, if a macro named FileSave exists in the "normal.dot" template of MS Word, that macro is executed whenever you choose the Save command on the File menu. Unfortunately, there is often no way to disable such features.

Linux/Unix:The most famous of the security incidents in the last decade was the Internet Worm incident which began from a Unix system. But Unix systems were considered virus-immune -- not so. Several Linux viruses have been discovered. The Staog virus first appeared in 1996 and was written in assembly language by the VLAD virus writing group, the same group responsible for creating the first Windows 95 virus called Boza.

Like the Boza virus, the Staog virus is a proof-of-concept virus to demonstrate the potential of Linux virus writing without actually causing any real damage. Still, with the Staog assembly language source code floating around the Internet, other virus writers are likely to study and modify the code to create new strains of Linux viruses in the future.

The second known Linux virus is called the Bliss virus. Unlike the Staog virus, the Bliss virus can not only spread in the wild, but also possesses a potentially dangerous payload that could wipe out data.

While neither virus is a serious threat to Linux systems, Linux and other Unix systems will not remain virus-free. Fortunately, Linux virus writing is more difficult than macro virus writing for Windows, so the greatest virus threat still remains with Windows.
Signs of virus infection.

* You get confirmations for e-mails you did not send.
* Your system seems unusually slow or certain programs will not run.
* You have hardware problems such as stuck keys that repeat the same character over and over, keyboard locking in CAPS mode, black rectangles appearing on the screen at random, system lock-ups, etc.
* You have software problems such as program lockups for no reason, menu items react strangely, mode indicators like "CAPS LOCK" stop working, etc.
* Error messages like "Incompatible file error" or "Not enough memory," appear for no apparent reason.
* You get unusual messages on your monitor, such as "Hacked by Chinese".

Actions if you are infected.

* Turn off your computer. DO NOT click Start>Shut Down>Shut Down the Computer. That takes too long. Simply push the power button and hold it until the computer shuts off. This will prevent continued spread of the virus.
* Inform your IT department immediately and let them handle the problem. Do not panic or interrupt other users.
* What if your company does not have its own IT department? What if you are infected with a virus on your home PC? What should you do?
* The first thing to do when you realize you are infected is to disconnect your computer from your Internet connection. This will limit the spread of the virus. If you have an "always on" connection, such as a network, cable modem, or DSL, physically unplug the connection from your PC.
* If your virus definitions are up to date and you simply neglected to scan an attachment, scan it now to determine which virus has infected your computer.
* If you need to update your definitions in order to scan for the virus, try to download the definitions using another computer and transfer them to your PC using diskettes or a CD.
* Once you have determined the name of the virus, find the removal instructions on the website of your anti-virus software (again, using another computer), and follow them step-by-step. It is very important to follow the instruction precisely. If you skip a step, you can exacerbate the problem. Be very careful when making changes to the registry and other system files. You can inadvertently do more damage than the virus if you delete the wrong file.

[Sprint]

Lol, you have been copypasting a bit

[projectx]

Yahhhhhhhh i copy them out of my notepads

[Sprint]

whatever...

[Kiruku]

how long u wrote? (if u wrote self)

[Sentinel]

Sorry for bump, might as well throw a DDoS tutorial up there too... LOL