(for Windows 2000 / XP Pre SP2)
AckCmd is a backdoor client/server combination that lets you open a remote Command Prompt to another system (running the server part of AckCmd). It communicates using only TCP ACK segments. This way the client component is able to directly contact the server component through a firewall in some cases (static packet filters). More information can be found in the ACK Tunneling Trojans
Download the zip file and extract the client component (ackcmdc.exe) and the server component (ackcmds.dat). Rename the server component from .dat to .exe. The server component has to be executed on the target system. Then run the client component from an ordinary Command Prompt with the target IP supplied as an argument. Now you have a remote Command Prompt.
Running the AckCmd server part will create a backdoor into your computer! You should not use this tool for remote administration since it doesn't support neither authentication nor encryption.
Q: Where can I find a paper that describes how this works?
A: Take a look here
Q: Why doesn't this work through firewall "X"?
A: Perhaps the firewall applies its rule set on ACK segments too, or perhaps there is some other reason. Read the ACK Tunneling Trojans
paper and try to figure it out. If you come to some kind of amazing conclusion, please let me know. :)
Q: How do I fix my FW-1 to stop this thing?
A: Turn off FastPath / FastMode.
Q: How do I fix my Cisco router to stop this thing?
A: Use reflexive access lists instead of ordinary access lists.
Q: Why do I get the message "More..." sometimes?
A: It means that there was more data, but it wasn't sent to the client. This program only demonstrates the concept and is far from perfect. One of the limitations is a finite amount of bytes in the reply.
Q: When I double-click on the client file a window comes up and disappears immediately. What's wrong?
A: You must run the file from a Command Prompt.
Q: I can't get AckCmd to work even though I'm sure that it really should work. What should I do now?
A: Make sure that you don't have SocketLock installed as it will prevent AckCmd from working. Please note that SocketLock can easily be circumvented even though I haven't done that in AckCmd, so it is not a good protection!
Q: Which commands can I use?
A: The server part lets the regular Command Prompt execute your commands, so you can use any command that you can run in the regular Command Prompt. Try the "help" command to get a list.
Q: How do I uninstall this tool?
A: Since it doesn't install itself when you run it, all you have to do is kill the process from the Task Manager or reboot your computer.
Q: I have a question that is not covered here. Where can I get help?
A: Send me
your question. I can't promise that I will have time to answer, but I'll do my best.