Archive Helmet Icon Archive A Reconstructed © MegaSecurity Database

I Feel Lucky I Feel Very Lucky

Telnet Backdoor 1.3

Released 21 years, 8 months ago. August 2004

Copyright © MegaSecurity

By heroin

Informations
Author heroin
Family Telnet Server
Category Remote Access
Version Telnet Backdoor 1.3
Released Date Aug 2004, 21 years, 8 months ago.
Additional Information
dropped file:
c:\WINDOWS\system32\svchost.exe 
size: 67.584 bytes
 
port: 1023 TCP

added to registry:
HKEY_CLASSES_ROOT\.exe 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NTLMSSP\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TLNTSVR\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NtLmSsp\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NTLMSSP\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TLNTSVR\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtLmSsp\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum

tested on Windows XP

Author Information / Description
### USAGE: ###

	cmd:\>Telnet 127.0.0.1 1023

	Login with: "iwam_user" 
	Password is: "mypass"


#### WHAT HAPPENS: ####

:: ADD USER WITH SUFFiCENT RiGHTS!
 add user "iwam_user" with password "mypass" to the administrators group this 
 will be the login and password.

:: SET DiENST! (service)
 set the telnet service to run as svchost.exe in the system account /you will not  
 notice it on the first view!

:: SET REGiSTRY!
 set our service to run on port 1023 instead 23, disable event & admin logs

:: SET LOGiN.CMD!
 set the login-screen.

:: RUN iT!
 as the name it says..


#### WHAT TO DO: ####

 the batchfile is configured to run in a german operating system if you want to use it 
 in an english-os just change in line: 11 the word "administratoren" to "administrators",
 thats all! 

heroin

This archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.