What do you think of hackers and the phenomenon of hacking? Admiration? Disdain? Or fear? Today I will introduce you to some of the most dangerous hacking tools ever created which were commonly used by Chinese hacker bases. The idea here is not to teach you how to use these hacking tools, but rather to help you understand the core concepts of hacking and what vulnerabilities hackers use to exploit your system.
I should note that these hacking tools have long been replaced by more complex hacking programs and in the eyes of real hackers, they are very rudimentary. Nonetheless, these are lethal hacking tools to us ordinary folks, so I thought it’d be cool to do a post about them.
Glacier was one of the best domestic and most used Trojan horse programs. In a nutshell, Glacier was a remote control software that allowed hackers to control your PC.
Both the server-side (controlled side) and the client-side (control side) of Glacier are executable files. The icon on the client-side is a Swiss army knife. The server side looks like a trivial program without a big deal. But this program performs enough manipulations on your computer to make it available to the hacker.
You May Also Like: How to Crack Passwords using the Victim’s Email Address
After a computer executes the server-side software, the 7626 port (default) of the computer is opened to the outside world. If you enter the IP address of this computer on the client-side, you can fully control the computer. Since the IP address of a personal computer is randomly assigned every time when surfing the Internet, the client software has an “auto search” function, which can automatically scan for an infected computer in a certain IP segment. Once found, this computer is all in the hands of hackers.
Because the glacier program is widely spread, under normal circumstances, a victim infected with the trojan can be found within a few minutes. Most antivirus programs can detect Glacier on an infected machine, but then again, the program has many variations, some of which can’t be detected easily.
Wnuke uses the vulnerability of the Windows system to send a piece of information to the remote machine through the TCP/IP protocol, causing an OOB error and crashing it.
A white text message on a blue background appears on the computer screen: “The system has encountered an abnormal error.” After pressing the ESC key, it returns to the original state or crashes. It was mostly used to attack WIN9X, WINNT, WIN2000, and other systems, and could freely set the size and number of packets, and cause the other party to crash through continuous attacks.
Shed targets Windows systems based on NetBIOS. NetBIOS (Network Basic Input Output System, Network Basic Input Output System) is an application program interface (API) that adds special functions to the local area network (LAN).
Almost all local area network computers work on the basis of NetBIOS. In Windows 95, 99, or Me, NetBIOS was bundled with TCP/IP, which made it very vulnerable to Shed. When you install the TCP/IP protocol, NetBIOS and its file and print sharing are by default The functions are also installed into the system together.
When NetBIOS is running, your backdoor opens: because NetBIOS not only allows users on the LAN to access your hard drive resources but also hackers on the Internet! Shed takes advantage of this.
ExeBind can bind the designated hacker program to any widely spread popular software so that when the host program is executed, the parasitic program (hacker program) is also executed in the background. When you go online again, the hacker remains in control.
This file bundling is quite scary. Multiple bundling is also supported which is achieved by dividing the file multiple times and calling the child process from the parent process multiple times.
Sometimes, it helps to know the file size of some commonly used software. If you ever download a popular program from a torrent or forum, and the file size is suspiciously big, there’s a good chance that the program has been bundled with ExeBind!
This is the work of Chinese Xiao Rong. It can detect various vulnerabilities on POP3, FTP, HTTP, PROXY, FORM, SQL, SMTP, IPC$, and design different vulnerabilities for various vulnerabilities. The cracking scheme can easily obtain the detected user password on a vulnerable system.
Streamer was used to detect vulnerabilities on WIN9X, WINNT, and WIN2000, making it one of the indispensable tools in the hands of many senior hackers.
Su Xue was also the work of Xiao Rong. The software uses ASP and CGI to crack passwords for free mailboxes, forums, and chat rooms. Password detection is mainly realized by guessing the birthday, and the success rate can reach 60%-70%. Apparently, people are too lazy to create strong passwords!
The operating principle of Su Xue is to extract the ASP and CGI page forms, search for the error signs after the form is run, and then hang the dictionary file to crack the mailbox password after the error signs are found. Because many people use simpler methods such as their birthday or common English words to set the password, this left a lot of room for Su Xue.
Defensive measures against Modern Hacking
As I mentioned earlier, these hacking tools have long been replaced by more complex hacking programs. But the core concepts still remain the same – find a vulnerability, then find ways to exploit it.
While operating systems release patches and updates every week, hackers still continue to find new ways of cracking into user machines. And in most cases, the user is usually to blame. Here are some simple but helpful defensive measures you can take to protect yourself from modern hackers
Use Complex Passwords
This is very cliche, but your password is essentially a door. If the lock on that door is weak, anyone can break-in. When creating your password, use a combination of uppercase, lowercase, special characters, and numbers. If you can, go for a phrase rather than a single word.
Avoid reusing the same password everywhere
Most of us tend to use the same passwords on all our profiles. It’s just easier to remember, right? Well, it also makes you predictable. All a hacker needs to do is get the password from one account and voila! They can mess with literally all your other accounts.
Reusing the same password also increases the chances of that password landing in a wordlist or hacker’s dictionary. Here is a great tool to check if any of your passwords have already been compromised.
Avoid clicking on links shared on forums and chat rooms
It is likely that the links embedded behind the text are malicious and can detect your IP address (Iphunter can do this). Instead, use WordPad or other texting editing tools to create a text file.
Never run software of unknown origin easily.
I’ll say this again – Never run software of unknown origin easily. Torrents and nulled programs are often bundled with Trojan Horses waiting to execute on your computer.