New Hacktool Found on my Honeypot "nt"


A script kiddy dropped off a new hack tool on my honeypot today.

Today's guest hails from 77.28.151.190 which is in Macedonia, The Former Yugoslav Republic of(MK) in Eastern Europe.



The file dropped off "rdp.tgz" is a Linux hack tool for remotely cracking Windows FTP and NT file shares.

I was somewhat disappointed that the hack tool isn't more complex, however, since it is still a new hack tool which isn't detected by an antivirus software, I figured it was worth mentioning.

I've uploaded a full analysis at:
http://code.google.com/p/caffsec-malware-analysis/source/browse/trunk/nt