Bat File Question

ethicalHacker · September 4, 2010

How can i execute batch file in another pc? my both pc is running windows 7 and my wifi is connect to public network. so i cant access to file sharing folder. i want to execute the file in my another pc without any notification. Sorry if i ask at wrong section.

Sparda · September 4, 2010

Rubber ducky can do this... sort of.

ethicalHacker · September 4, 2010

Rubber ducky is need to plug it in to that pc first. but now i want to execute that file in PC2 using PC1 without touching that PC2. can i do this? or must use file sharing?

Sparda · September 4, 2010

You would need access to service that the PC provides in order to run it remotely.

ethicalHacker · September 4, 2010

it means if the pc have block file sharing and remote access then there is no way to doing thing i want. right?

Sparda · September 4, 2010

If all remote services have been disabled/blocked there is pretty much nothing you can do. The rubber ducky would still work, and you can do some browser autopwn.

ethicalHacker · September 4, 2010

because today i just learn about trojan. in class is local network so it works. i try at home when i close file sharing and remote access then it cant works anymore.

Mr-Protocol · September 4, 2010

Well if you are in a networking class you should be able to figure out why it doesn't work. Firewalls, wrong IP's, so on.

When I took my network forensics course we had to make our own scripts to remotely pull volatile data from any remote machine. We had to do this for XP and Vista/7. We created our own batch files and used sysinternals suite of tools to remotely get the data we wanted.

In order to access any remote system, Webserver/remote desktop/ftp/whatever, there needs to be a service running on the destination so you can talk to it.

It is like if you try to call a house on a land line and they have no phone plugged in at the house.

Edited September 4, 2010 by Mr-Protocol

ethicalHacker · September 5, 2010

if the pc have enable the firewall and disable the file sharing. do i hav any chance to write a script to disable the firewall and enable the file sharing?

digip · September 5, 2010

IF there are known vulnerabilities in the system, then you could use something like metasplot to spawn a reverse shell and execute services and programs remotely. There are also tools to help you trick a person at the remote machine into clicking or visiting a site that can exploit their browser and do the same thing. In some instances, just getting them to view a webpage will be all you need to execute commands on the remote machine, but that requires social engineering someone into clicking a link or opening a site in a vulnerable browser.

Edited September 5, 2010 by digip

Infiltrator · September 6, 2010

Try performing a Null Share Attack.

http://technofriends.in/2008/10/09/underst...ession-attacks/

digip · September 6, 2010

Try performing a Null Share Attack.
http://technofriends.in/2008/10/09/underst...ession-attacks/

I believe Null Sessions only worked on Windows 2000 and XP prior to SP1 (read and write access). In XP Sp2 and later, Server 2003, it only gave read access, and that has been patched against too I think. Depends on the OS and patch level.

Edited September 6, 2010 by digip

Infiltrator · September 6, 2010

I believe Null Sessions only worked on Windows 2000 and XP prior to SP1 (read and write access). In XP Sp2 and later, Server 2003, it only gave read access, and that has been patched against too I think. Depends on the OS and patch level.

Yes you are correct, but if you know the local administrator account details for that particular machine you are trying to attack, you could pretty much own the machine, using the method I mentioned. What do you think?

digip · September 7, 2010

Yes you are correct, but if you know the local administrator account details for that particular machine you are trying to attack, you could pretty much own the machine, using the method I mentioned. What do you think?

net use command with a null session if even works only gives you read access though. If you have the admin pass, then your pretty much going to be able to own the machine anyway and that wouldn't be a null session, that would be a real logged on session, depending on how you logged in, either via the domain or such if its on one, or RDP if its setup on the machine.

There was a bat script I created that if someone at a remote machine clicked and ran locally it would not only turn on Terminal Services and RDP services, but also added an admin user to the system with a password of my choosing, which in his case could do the trick but he would have to get someone with local admin rights on a machine to run it. At one point I had it working in an Internet Explorer exploit as well, but that required 1, a system not patched against the exploit, and 2, for the user to view the page in a vulnerable version of Internet Explorer which would execute upon viewing the page.

Social engineering someone will probably be more effective than any physical attack unless you really know everything there is about your target network, OS's and vulns they have.

Edited September 7, 2010 by digip

Sign In

Bat File Question

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Recently Browsing 0 members