Search the Community
Showing results for tags 'ddoor:'.
-
cross-platform backdoor using dns txt records What is ddor? ddor is a cross-platform lightweight backdoor that uses txt records to execute commands on infected machines. Features Allows a single txt record to have seperate commands for both Linux and Windows machines List of around 10 public DNS servers that it randomly chooses from Unpredictable call back times Encrypts txt record using xor with custom password Linux Features: Anti-Debugging, if ptrace is detected as being attached to the process it will exit. Process Name/Thread names are cloaked, a fake name overwrites all of the system arguments and file name to make it seem like a legitimate program. Automatically Daemonizes Tries to set GUID/UID to 0 (root) Windows Features: Hides Console Window Stub Size of around 20kb [hide][Hidden Content]]