from the doc: 'Aladino Server 0.6 &
Aladino Client 0.41 (c) 2001 Topo[LB] & Ethdra
http://int80h.dhs.org Aladino is a
client/server application that allows remote
machine controlling and runs on any Windows
version (w95,w98,wMe,NT y 2000). The Aladino
server is a 38KB executable file which after
executing, copies itself to the Windows' system
directory and adds a registry entry to guarantee
its execution for the next time the computer is
switched on (logged on in NT or 2000). It opens de
5005 TCP port for listening to client connections.
The client-server communication is cyphered with
the XTEA algorithm and a random 64 bits password
that changes on each connection. At the beginning
of each connection, the client validates the
identification with which both client and server
will authenticate each other, and establishes the
password that will be used to cypher the
connection. The server provides 4 functionalities
implemented as separated processes: * BOUNCER:
multiuser bouncer service that listens to in a
certain port and redirects the connection to the
specified destination host and port. This is done
transparently so that there is no validation of
the identification or connection cypher. * TELNET
SERVER: multiuser shell service that listens to in
a certain port and opens a shell redirected to
that port. * MINI FTP: file transfer multiuser
service that allows sending and receiving binary
files from or to the machine. * KEYLOGGER: process
that logs keystrokes in the remote machine to the
specified file. Also, there are other 14
additional functions witch are listed below: *
Message sending as a popup window * Machine
rebooting * Logon session closing * General system
info requesting * Remote screen capturing * BMP
viewing * Process listing * Process killing *
Extern program executing * Keystroke pushing *
Visible window list * Registry entry deleting *
Registry entry restoring * Aladino server death If
the server is run with "actualize" parameter will
be a delay of 20 secs after wich aladino will
force its copy to the system directory
(overwritting an old version) and start offering
the services normally. This function has been
included for making easier the remote server
update, the only thing that is had to be done is
to upload by FTP the new version of the aladino
server, run it with the "actualize" parameter and
send the order of death to the actual server.
After 30 secs, the new server will overwrite the
old one and the update will be complete. The
client is like a text-mode shell. It has different
parameters for each service of the server it wants
to connect to: usage: aclient [/ntsh |
/ftp ] Examples: aclient 10.0.0.1 This will
connect the user to the control console of the
aladino server at host 10.0.0.1 aclient 10.0.0.1
/ntsh 6000 This will connect the user to the
telnet service that listens for incoming
connections at port 6000 of the host 10.0.0.1
aclient 10.0.0.1 /ftp 7000 This will connect the
user to the miniFTP service that listens for
incoming connections at port 7000 of the host
10.0.0.1 The HELP command provides a listing of
all available command's syntax. If you need a
detailed info about a command you can use HELP
. It's necessary to keep in mind that
must be duplicated while especifing paths and that
followed by a space avoids using that space as
parameter separator. Examples: SCREEN_CAPTURE
c:\temp\myscreen.bmp MESSAGE this is the
title This is the text For a detailed info
about the 35 client commands, examples of use, faq
and that kind of things, we suggest the "Aladino
manual for dummies". Both client and server are at
beta stage.
Alias:
Backdoor.Aladino.a
Backdoor.Aladino.a
[Kaspersky]
Backdoor/Aladino [Computer
Associates]
Backdoor/Aladino.0_6.Server [Computer
Associates]
BackDoor-NL [McAfee]
Bck/Aladino
[Panda]
security risk or a "backdoor" program
[F-Prot]
Win32/Aladino trojan [Eset]
