Xdoor Demo - Ajax-based Backdoor / Trojan Horse

Sign in or sign up now!
Alert icon
Upgrade to the latest Flash Player for improved playback performance. Upgrade now or more info.
3,871
Loading...
Alert icon
Sign in or sign up now!
Alert icon

Uploaded by on Jun 5, 2009

English:

The term Web 2.0 is a popular buzzword, most engineers can't hear anymore. Primarily because most project managers and users do not know what it is. The core component is Ajax (Asynchronous JavaScript and XML).

For some the the discussion rose if there is a possibility of creating an Ajax-based backdoor to compromise and hijack networking computers. Since 2008 we are working on an implementation with the project name Xdoor (XmlHTTP Backdoor). Those we use in our backdoor testing projects. The possibilities of Xdoor are:

* Interaction with the client (e.g. chats)
* Generation of new popups and dynamic html sites
* Access to and upload of files
* Launching new applications (ActiveX)
* Influences on mouse and keyboard (ActiveX)

For more details visit http://www.scip.ch/?labs.20090617 (german).

Deutsch:

Der Begriff Web 2.0 ist ein Buzzword, den die meisten Techniker nicht mehr hören können. Vorzugsweise deswegen, weil die meisten Projektleiter und Nutzer nicht wissen, was das überhaupt ist. Grundsätzlich versteht man darunter AJAX (Asynchronous JavaScript and XML).

Seit einiger Zeit wird diskutiert, ob und inwiefern sich damit Backdoors zur Kompromittierung und Fernsteuerung von Clients umsetzen lassen. Seit Anfang 2008 arbeiten wir an einer Implementierung mit dem Projektnamen Xdoor. Diese pflegen wir seit Mitte 2008 in unseren Backdoor Tests. Mit Xdoor als Trojanisches Pferd ist zur Zeit folgendes möglich:

* Interaktion mit dem Client (Chat)
* Generieren von Fenstern und dynamischen Seiteninhalten (html)
* Zugriffe und Uploads von Dateien
* Starten von Applikationen (ActiveX)
* Einfluss auf Maus und Tastatur (ActiveX)
* Portscanning, Banner-Grabbing, Vulnerability Scanning
* Kompromittierung über Browser-Exploit

Es muss erwähnt bleiben, dass es sich in der im Video gezeigten Version Xdoor 3.0 um eine ältere Implementierung vom 07.01.2009 handelt. Mittlerweile ist Xdoor 4.x im Einsatz, was ein Mehr an Modularität und dedizierte Payloads für browserspezifische Exploits unterstützt.

Für weitere Informationen, besuchen Sie http://www.scip.ch/?labs.20090617

  • likes, 0 dislikes

Link to this comment:

Share to:

Uploader Comments (mruef)

  • Where can xdoor be obtained?

    thecelt33 2 years ago

  • @thecelt33 As mentioned in my reply to @ttwthomas, Xdoor is not public yet due to the fact that it is a commercial project, sold as a service and not sold as a product.

    mruef 2 years ago

  • hi mruef ! i like your video and your tool

    were can i find it ?

    i wanna make a demo video of this tools in combination with other techniques

    ttwthomas 2 years ago

  • Hello,

    Thank you for your reply.

    The implementation of Xdoor is not public yet. However, I think about releasing some of the code in the future...

    Keep me posted if you have something to share!

    Regards,

    Marc

    mruef 2 years ago

see all

All Comments (5)

Sign In or Sign Up now to post a comment!

  • I liked your video as as your tools :)

    I'm thinking about mixin it with others techniques to make a demo video.

    As for web 2.0, its more about comunity and website interactivity with the user. IMO, ajax is not directly linked to web 2.0

    ttwthomas 2 years ago

  • Thank you for your kind words. If you have any information to publish or even the source code of your implementation, please let me know.

    mruef 2 years ago

Loading...

Alert icon
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more