Leaktest information
|
Website : |
http://www.firewallleaktester.com |
Author : |
myself : Guillaume Kaddouch |
Dates : |
October 2004 (v4.0) |
Categories : |
launcher |
Download : |
WallBreaker.exe (View EULA) |
MD5 |
94C6FA13873F4A36485F5B2AAB459AD6 |
SHA-160 |
086CE19B97C95146FAE54BEDE8BE8AAE487D870A |
Operating System : |
Windows 9x/Millenium/NT4/2000/XP |
|
Leaktest description
|
First test : WallBreaker uses explorer.exe to launch iexplore.exe and then access the Internet, so,
it's a windows application which launch another one, and not WallBreaker. The current firewalls can see
applications trying to access directly the Internet, application launching another one to access the
Internet, but not Wall Breaker which launch an application which launch again another one...
Second test : it's a trivial joke, it simply launches Internet Explorer directly, but in a way
not handled by firewalls, whereas it should, it's the simpliest way to escape. Many firewalls
don't see it.
Third test : it's a variant of the first test, this time it launches cmd.exe before, which
then launch explorer.exe, and finally iexplore.exe :
Wallbreaker -> cmd -> explorer -> iexplore
(Win 2000/XP only)
Fourth test : it's an extension of the third test, Wallbreaker set a scheduled task by using
"AT.exe" which in turn will execute the task via "svchost" :
Wallbreaker -> AT -> svchost -> cmd -> explorer -> iexplore
This test creates a batch file (".bat" extension) with a random filename in his directory, it should be manually
deleted by the user at the end of the test.
In order for this test to work, the Windows Task Scheduler service must be started (keep in mind that a real
trojan could do it for you...)
(Win 2000/XP only)
|
Meaning
|
The source from my leaktests will no longer be available, starting from now, to avoid to help the kiddies
and malware authors.
However I do send the source to any firewall vendor wanting it, and those with who I am
in contact have been warned before the release two weeks ago.
|
(View EULA)
|
|