Penetration Testing mailing list archives
Re: [PEN-TEST] Hidden NT batch file/command line execution
From: Meredith Shaebanyan <merediths () PWAOR COM>
Date: Wed, 4 Oct 2000 10:41:31 -0700
That seems a bit overkill. Your problem is you are launching it as a normal application. I'm not a VB programmer, but what you're probably doing is the equivlent of a C system() call. What you want to do is open the a pipe to the application. You can open a pipe for either input or output. When you open a pipe, it connects the standard input (or output, depending on how it's opened) to the calling process...and you can read to it/write to it like you would a normal file. The prototype of the C function in FILE* popen(char* string, char*mode);. Try consulting the MSDN for the visual basic version of this function. Opening a pipe won't hide the process from taskmanger/pview or simialer utilities...it will merely prevent it from interacting with the desktop, however you won't have to uniquely generate the code for every process you use as a batch, merely use the popen (VB equiv) to call the process rather whatever you're using. ________________________ Meredith Shaebany MIS Specialist Pacific West 714-245-5560 merediths () nospam pwaor com -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Brentlinger, Mike (ISS eServices) Sent: Wednesday, October 04, 2000 9:49 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Hidden NT batch file/command line execution Ive used a nice little app called elitewrap which will possibly do what you want (it offers an option something like "execute hidden"). However just a litte 411; if you 'wrap' something up the end result will be detected as a virus/trojan by most virus scanners. Mike Brentlinger ISS Chicago -----Original Message----- From: Mike Ahern To: PEN-TEST () SECURITYFOCUS COM Sent: 10/4/00 12:20 PM Subject: Hidden NT batch file/command line execution I am experiencing a problem that someone on this list might be able to answer quickly. I would think the answers might also be of interest to most any Penetration Tester on the list who would want to occasionally run shell code on a box without raising awareness of NT server operators/admins on the console. I am currently working with a security app that runs as an NT service, however at frequent intervals it executes an NT batch process in a command window (cmd.exe). The net effect is very distracting for anyone who has to work on the server console, as it appears like some giant black strobe, blinking in a way that is more much annoying than blinking HTML text. I know from running stealth keyloggers and certain trojans (BO/BO2K) and program wrappers that programs can be executed without popping up any window, without anything on the toolbar, or in the Task Manager, and that VB offers this capablility. Are there any cute, clean, "down and dirty", wrapper apps (VB scripts, etc) that will execute command line stuff, batch files, etc., without popping anything up, or will be pretty unobtrusive to the console operator? Or are the only solutions really hiding the execution in VB or other lower level code that we would have to generate uniquely for each process we need to run currently as a batch process??? I have to think that someone has written something to do this already, but a quick search hasn't revealed anything as of yet. Any ideas? Thanks in advance for any assistance you might be able to proffer. -mch __________________________________________________ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/
Current thread:
- [PEN-TEST] Hidden NT batch file/command line execution Mike Ahern (Oct 04)
- Re: [PEN-TEST] Hidden NT batch file/command line execution Deus, Attonbitus (Oct 04)
- <Possible follow-ups>
- Re: [PEN-TEST] Hidden NT batch file/command line execution Brentlinger, Mike (ISS eServices) (Oct 04)
- Re: [PEN-TEST] Hidden NT batch file/command line execution Meredith Shaebanyan (Oct 04)
- Re: [PEN-TEST] Hidden NT batch file/command line execution Russel Smith (Oct 04)
- Re: [PEN-TEST] Hidden NT batch file/command line execution Lindley, Jim (ISSAtlanta) (Oct 04)
- Re: [PEN-TEST] Hidden NT batch file/command line execution Jeff Deitz (Oct 04)
- Re: [PEN-TEST] Hidden NT batch file/command line execution Steve Cody (Oct 04)
- Re: [PEN-TEST] Hidden NT batch file/command line execution Ruso, Anthony (Oct 04)
- Re: [PEN-TEST] Hidden NT batch file/command line execution Christensen, Dave (Oct 04)
- Re: [PEN-TEST] Hidden NT batch file/command line execution Mike Ahern (Oct 05)