
##### ATTACK REPLICATOR 1.0
##### Copyright  2001 by A. Madeira
##### REAL FREEWARE


- Install
Run SETUP.EXE


- Uninstall
Go to Start/Programs/Attack Replicator and hit Uninstall.


- Overview
While you are surfing on the Internet, thousands of worm infected Internet servers look actively for other Internet servers to infect. Without your knowledge, some of these attackers knock on your computer port 80 to see if there is a server to infect. With ATTACK REPLICATOR you can observe in detail these actions while they happen and send back to the attackers the same code they sent to you.

ATTACK REPLICATOR is a live WTSIWTG (What They Send Is What They Get) application server but you can turn off the WTSIWTG feature in order to filter the most known commands sent back to the attacker. ATTACK REPLICATOR will cause no damage in the attacking servers because they are already infected. Use it for fun, study and justice.


- Requirements
Windows (tm) 9*/NT. Not tested under 2K or XP but it should work.
Port 80 available. If you are not running a web server and a firewall is not defending it there should be any problem.
Connection to the Internet. You must be connected to the net so that the attackers can find your computer.


- Usage
After you start AR, open your web browser and go to surf the Internet. It is very important that you keep your connection alive for a while so that the attackers can discover you.

Turn ON or OFF the WTSIWTG display (1) clicking the related button (6). This is OFF by default. When OFF, dangerous commands are replaced by asterisks before they are sent back to the attacker. When ON, AR sends back everything it gets.

See what's going on looking at the ATTACKS display (2) and the horizontal listbox (4). Use the up/down arrows to scroll the list.

A better way of seeing what AR is sending to the attackers is to Telnet to AR directly. Run Telnet (go to Start/Run, write telnet and press OK) and set the Remote System like this:

Host: localhost
Port: 80
Term Type: let is as vt100

AR will report you as an Attacker (no problem) and will send back to your telnet program everything you type. Try to write 'GET /default.ida?' (Code Red standard) and hit the Enter key. Do it with WTSIWTG turned ON and OFF to see the difference. Meanwhile, if you keep your telnet connection alive and a real attack comes in, you'll see in the telnet window what AR is sending to the attacker. Funny, isn't it?

Every time an attacker connection is closed, AR will save the listbox content to its log file (AttackRep_DATE.log). Open it and see what exactly the attackers have sent to your Port 80.

To minimize AR click its icon on the taskbar.


- Notes
You can telnet to AR from the Internet or in a LAN if you know the IP of the computer where AR is running. Anyway I don't recommend that you let it running alone for a long time.

Please note that AR is not an hacking program, it only sends what it receives and you can do exactly the same with your internet browser.

Image Legend:

1 - WTSIWTG (display: ON or OFF)
2 - ATTACKS (display: current/total attacks)

3 - LAST ATTACK (display: last attack time)
4 - LISTBOX (scrolling panel where you see the action in course)
5 - HELP (button: this help)
6 - WTSIWTG ON-OF (button: ON or OFF)
7 - EXIT (button: closes application and socket connection)


USAGE OF THIS PROGRAM IS ENTIRELY AT YOUR OWN RISK. THERE ARE NO WARRANTIES, EITHER EXPRESS OR IMPLIED.

Attack Replicator is real freeware and can be freely used and distributed by any means.

Copyright  2001 by A. Madeira (Portugal)

