Help - Search - Member List - Calendar
Full Version: Handy .bat Ftp Script
GovernmentSecurity.org > The Archives > General Network Security
kbnet
Sep 19 2004, 11:14 PM
Another script i put together which i put in the windows right click -> send To option is a script which will send files to FTP servers. The following script will log you in to the FTP, send the file then quit. One of my more useful ones ;-)

@echo off
SET TMP=tmp_ftp_script
SET URL=<url>
SET USR=<username>
SET PAS=<password>

echo open %URL%>%TMP%
echo %USR%>>%TMP%
echo %PAS%>>%TMP%
echo put %1>>%TMP%
echo quit>>%TMP%
ftp -s:%TMP%
rm %TMP%


Enjoy.

Obviously your username and password are plain text, cant really think of a way to encrypt / hide it at the moment. If anyone has any ideas let me know.

Cheers.
ComSec
Sep 19 2004, 11:24 PM
LOL could be chasing you around the forum for some of these...

Q:

why not write a paper on your methods and scripts in one ... would make a nice Sticky and members could add to it could turn into a nice topic customising your menu's... wink.gif
kbnet
Sep 19 2004, 11:29 PM
Will do. Writing a sweet one at the moment, little command line tool that will tell you if you have any Gmail. Will let you know how I get on.
Fuas
Sep 19 2004, 11:33 PM
Nice lil batch.

Can I recomend useing a setlocal and endlocal at the start and end of the bat file.

this will stop the variables like the user/pass being stored on the sytem.

(type set in cmd and it will show what you last used)
kbnet
Sep 19 2004, 11:39 PM
They wont be stored though, because the program terminates the console after the file has been sent. So they wont be saved. Good tip though, still going to put it in, add extra bit of security i suppose.

Cheers
WeeDMoNKeY
Sep 20 2004, 02:32 AM
heres a funny idea
make your password like "345odsus543hg98a7g476g36kjhs04752hgs0487534hgs45540w7ys5ug"

then ask some random nerd who will brute force anything to try and crack it, it works tongue.gif they eventually give up,

-but sometimes naming passwords all fucke dup makes a person whos looking at it think that its encrypted wink.gif
cool_one
Sep 21 2004, 03:47 AM
why not just del the .bat file so the y don't find it? not manually, like in the command line like "del %0" dels the currently running file in win
dmg
Sep 22 2004, 12:25 PM
QUOTE (cool_one @ Sep 21 2004, 03:47 AM)
why not just del the .bat file so the y don't find it? not manually, like in the command line like "del %0" dels the currently running file in win

That wouldn't be too handy now would it....

You could also do it in c:
CODE

#include <stdio.h>

int main(int argc, char *argv[])
{
char user[] = {'u','s','e','r','n','a','m','e','\0'};
char pass[] = {'p','a','s','s','w','o','r','d','\0'};
char host[] = "some.ftp.com";
FILE *ftpscr;

if(argc < 2)
{
 puts("This program requires one argument");
 exit(1);
}

ftpscr = fopen("ftpscr", "w");
if(ftpscr==NULL)
{
 puts("you don't have permission to create a file");
 exit(1);
}
 
fprintf(ftpscr, "open %s\n", host);
fprintf(ftpscr, "%s\n", user);
fprintf(ftpscr, "%s\n", pass);
fprintf(ftpscr, "put %s\n", argv[1]);
fprintf(ftpscr, "bye\n");
fclose(ftpscr);

system("ftp -s:ftpscr");
remove("ftpscr");
return(0);
}


I used char arrays for user/pass so the user/pass string don't show up in a hex editor. The temporary ftpscript is plaintext though (keep that in mind).
Chez
Sep 22 2004, 02:42 PM
You could build and run the script file in vbscript.

Using WScript.Shell.regRead() to extract a username and password you have hidden in the registry, then deleting the ftp script file when your done.

Far from bulletproof but a bit more secure atleast.
ConfigSys
Sep 22 2004, 04:38 PM
Tnx
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.