Results 1 to 7 of 7

Thread: Alternative ro sbd?

  1. #1
    Junior Member
    Join Date
    May 2009
    Posts
    42

    Default Alternative ro sbd?

    Hi I have been looking for an encrypted version of netcat. Let me say straight off I am learning pentesting techniques on my own network and do not intend dong anything malicious. I would like to make real-world scenarios however, I looked at sbd but that is now detected by AVG and Norton (I've tested on those two probably known to others though) is there a more recent alternative or failing that can anyone suggest a good encryption program?
    Also if this post sounds like I have misunderstood the approach I should be taking can anyone set me straight? I have been reading Hacking Exposes v6 and was thinking about offsec 101 course, but I would like to get some experience first.
    thx

  2. #2
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    If you would use the search function, you'd most likely find the answer to your question.

    There are quite some ways to make tools not being detected by virus scanners.
    Tiocfaidh ár lá

  3. #3
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Check out this thread, I believe the discussion relates to what you want to achieve.

    http://forums.remote-exploit.org/showthread.php?t=22473

    A list of netcats is below. Its not comprehensive, but combined with the thread above it should give you a good idea what is out there.
    http://sectools.org/netcats.html

    Also encrypting netcat is the wrong approach to hide from AV if you also need to run netcat on that machine. Encrypting normally involves modifying a file so that its original contents cannot be retrieved without some sort of secret value like a key. Encrypting a file in the traditional manner (using something like TrueCrypt, PGP, ec) will stop it being detected as a virus, but it will also stop you from running that executable until the file is decrypted to its original form - in which case it will then be detected once more.

    Packing is a process of changing an executable so that it resists analysis and detection by malware tools. This may be an approach you could use, but Id check the thread linked above first.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  4. #4
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Yeah you provided the link to the thread I've been refering to.

    Even though that is really kind, let people learn to search. If they just ask here and get the results directly they will never learn to do proper searches. This one was not a really hard one.

    Ok, just my opinion, no offence meant by it in any way.
    Tiocfaidh ár lá

  5. #5
    Junior Member
    Join Date
    May 2009
    Posts
    42

    Default

    Thanks very much I read the threads then looked into packing progs, packed sbd twice with 2 different programs it now works undetected. I usually search for things before posting but I was lost on the approach to take + I invisaged any prog that could potentially be used as a back door being detected as soon as it became available. I also imagined avoiding AV software to be a much more complex task than that was. Is it common to make something UD that easily or was I just lucky?

  6. #6
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by KMDave View Post
    Yeah you provided the link to the thread I've been refering to.
    Yeah I normally wouldn't provide direct links for people, but in this case I had been pretty active on the thread in question myself, and I included a link because I had the link handy and a direct reference to the thread helped round out the other information I provided.

    Quote Originally Posted by Danboy View Post
    I also imagined avoiding AV software to be a much more complex task than that was. Is it common to make something UD that easily or was I just lucky?
    Its not really that hard. Ignoring more advanced techniques like heuristic scanning for the moment, the traditional and common "signature based" virus detection method just triggers based on a bit pattern in the file. If you change the bit pattern via recompiling, binary patching or packing, then signature based detection no longer works (at least until the signature is updated...).

    Kind of weakens your faith regarding the "protection" provided by virus scanners, doesn't it?

    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  7. #7
    Junior Member
    Join Date
    May 2009
    Posts
    42

    Default

    Yeah thanks for the advice, was a great help!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •