On Wednesday 20 August 2003 11:20 am, Barry Irwin wrote: > >creates a backdoor listening on TCP/707 or some other randomly chosen port > > between TCP/666 and >TCP/765 [2] > > Telnetting to this port seems to disconnected after 1-5 characters have > been entered? This doesn't look like TFTP (port 65/tcp&UDP), and the > windows tftp client doesn't seem to offer any means of specifying a port to > connect to? > > Is this some kind of password protected backdoor ?
No, it's a reverse shell. Telnet to the port and enter the following 2 lines to see how it works: Microsoft Windows system32> -Joe -- Joe Stewart, GCIH Senior Security Researcher LURHQ Corporation http://www.lurhq.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html