Re: Reverse-Shell application for WinNT/2000?

• Previous message: H D Moore: "Re: ASP Files"
• In reply to: Nick Jacobsen: "Reverse-Shell application for WinNT/2000?"
• Next in thread: nad@somethinginteresting.org: "Re: Reverse-Shell application for WinNT/2000?"
• Reply: nad@somethinginteresting.org: "Re: Reverse-Shell application for WinNT/2000?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: H D Moore <sflist@digitaloffense.net>
To: "Nick Jacobsen" <nick@ethicsdesign.com>, <pen-test@securityfocus.com>
Date: Tue, 10 Dec 2002 12:48:28 -0600

You can always grab the netcat source and hardcode a set of command line
options into it (ala ncx99.exe). If you want something a bit smaller, try
HSJ's reverse-connect shellcode, it works on NT/2K/XP, is service pack
independent, and is ~400 bytes. Drop a tiny little C|ASM wrapper on it
and you have a nice super-small anti-virus-friendly backdoor ;)

 http://hsj.shadowpenguin.org/misc/iis5htr_exp.txt

-HD

On Friday 06 December 2002 10:18 pm, Nick Jacobsen wrote:
> Has anyone seen/built a reverse shell application for windows NT? I
> can usually use pipes with netcat, but it is cumbersome and does not
> work very well... I would like to find something that simply sends a
> command shell to X listening port on machine X.X.X.X. Any suggestions
> would be welcome.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Gene: "Re: Firewall Load Testing"
• Previous message: H D Moore: "Re: ASP Files"
• In reply to: Nick Jacobsen: "Reverse-Shell application for WinNT/2000?"
• Next in thread: nad@somethinginteresting.org: "Re: Reverse-Shell application for WinNT/2000?"
• Reply: nad@somethinginteresting.org: "Re: Reverse-Shell application for WinNT/2000?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Command line network sniffing tools on NT/W2K ... Command line network sniffing tools on NT/W2K ... why not install WinVNC...you can install it and ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Command line network sniffing tools on NT/W2K ... command line is available on an exploited dual homed NT or W2K box. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) htp.print in pen-test ... When i insert the htp.print in the browser command line. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: Accessing registry through command line ... Accessing registry through command line ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) getting a double quote by the xp_cmdshell ... The NT TYPE command works if I enclose the whole ... quotes around this - inside the above xp_cmdshell ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test)