Not to mention the complete lack of mention of client side exploits, like ye ol' ani header overflow.
First this is far from good backdoor. I wrote that i disable firewall with Carlos perez script you can get this script here: Security and Networking - Meterpreter Scripts . My backdoor will not work without disabling firewall.
You can also get reverse shell or bind shell with some exploit, then upload with tftp nc.exe and with dos operation "at" open nc to listen on port every day at specific time.
Not to mention the complete lack of mention of client side exploits, like ye ol' ani header overflow.
Still not underestimating the power...
There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.
Thanks for the link,Most people don't even know they can control the networking services from the command line.
, i was one of them . But after i read Ed Skoudis Command Line Kung Fu every thing become clear for me .
blog = Command Line Kung Fu
also there is Pdf version .onto the thrid page and my note books full.
Vote to get it sticked
ok this is a well known... secret? about how to disable/enable things from command line.
For example:
You can enable the Windows Firewall from an elevated Command Prompt (in Vista)
C:\> Netsh firewall set opmode enable
or Disabling:
C:\> Netsh firewall set opmode disable
But... even Microsoft recommends the following (works on Vista, Win Server '08 )
C:\> netsh advfirewall set currentprofile state on
C:\> netsh advfirewall set currentprofile state off
for .... forward compatibility.
Yes, i see this. But, again, there is no clue of how to use it to accomplish your goal. ok... you disable firewall using this... very script. But how?Originally Posted by Handsome-geek
You give a nice explanation (indeed) about how to use metasploit framework to get an active connection but there is no explanation at all (except for a simple link to some code fragment) on how you disable the firewall in order to get this active connection.
To be honest, I didn't find such tutorial even when trying... google.
I am really open to... well disagreements.
PS: Please note that my comment is because by sharing you experience you may help other people to better understand and to get the knowledge of the whole procedure.
I may well be wrong (if I am I have NFI what script is being referenced), but using stuff like the killav ruby script (and getcountermeasures) are magnitudes of awesome better than doing that sort of thing by hand and implement much of the same basic functionality - when coupled with a meterpreter.
I don't agree with using them to learn with though, if you come to rely on them they might eventually miss something, or you will not learn what you need to do properly, so your (that is, PeterPunk's) method is far more appropriate, especially for someone who is operating on their first backdoor.
Still not underestimating the power...
There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.
ok ths was my first backdoor,
get a versions on netcat that is undetectable,
make a batch script named start.bat to
copy nc.exe and run.bat from ./ to C:\windows
\system32, kill firewall, add regkey to startup,
make another call'd run.bat to
run nc -l -p 4444
use windows iexpress to pack all three files and set 1 to run at exe, also its a good idea to run hidden from view,
I would rather be hated for what i am,
Then loved for what i am not.
Posting Permissions