Penetration Testing mailing list archives
Re: [PEN-TEST] Hidden NT batch file/command line execution
From: Russel Smith <carlos () ARKPACIFIC COM>
Date: Thu, 5 Oct 2000 14:25:25 +1000
As I remember elitewrap'ed files are detected as viruses because elitewrap adds a signature to the files, the signature being something like "Elite Wrap 1.1.x" get rid of that signature and it should not be detected as a virus At 12:48 PM 10/4/00 -0400, you wrote:
Ive used a nice little app called elitewrap which will possibly do what you want (it offers an option something like "execute hidden"). However just a litte 411; if you 'wrap' something up the end result will be detected as a virus/trojan by most virus scanners. Mike Brentlinger ISS Chicago -----Original Message----- From: Mike Ahern To: PEN-TEST () SECURITYFOCUS COM Sent: 10/4/00 12:20 PM Subject: Hidden NT batch file/command line execution I am experiencing a problem that someone on this list might be able to answer quickly. I would think the answers might also be of interest to most any Penetration Tester on the list who would want to occasionally run shell code on a box without raising awareness of NT server operators/admins on the console. I am currently working with a security app that runs as an NT service, however at frequent intervals it executes an NT batch process in a command window (cmd.exe). The net effect is very distracting for anyone who has to work on the server console, as it appears like some giant black strobe, blinking in a way that is more much annoying than blinking HTML text. I know from running stealth keyloggers and certain trojans (BO/BO2K) and program wrappers that programs can be executed without popping up any window, without anything on the toolbar, or in the Task Manager, and that VB offers this capablility. Are there any cute, clean, "down and dirty", wrapper apps (VB scripts, etc) that will execute command line stuff, batch files, etc., without popping anything up, or will be pretty unobtrusive to the console operator? Or are the only solutions really hiding the execution in VB or other lower level code that we would have to generate uniquely for each process we need to run currently as a batch process??? I have to think that someone has written something to do this already, but a quick search hasn't revealed anything as of yet. Any ideas? Thanks in advance for any assistance you might be able to proffer. -mch __________________________________________________ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/
Current thread:
- [PEN-TEST] Hidden NT batch file/command line execution Mike Ahern (Oct 04)
- Re: [PEN-TEST] Hidden NT batch file/command line execution Deus, Attonbitus (Oct 04)
- <Possible follow-ups>
- Re: [PEN-TEST] Hidden NT batch file/command line execution Brentlinger, Mike (ISS eServices) (Oct 04)
- Re: [PEN-TEST] Hidden NT batch file/command line execution Meredith Shaebanyan (Oct 04)
- Re: [PEN-TEST] Hidden NT batch file/command line execution Russel Smith (Oct 04)
- Re: [PEN-TEST] Hidden NT batch file/command line execution Lindley, Jim (ISSAtlanta) (Oct 04)
- Re: [PEN-TEST] Hidden NT batch file/command line execution Jeff Deitz (Oct 04)
- Re: [PEN-TEST] Hidden NT batch file/command line execution Steve Cody (Oct 04)
- Re: [PEN-TEST] Hidden NT batch file/command line execution Ruso, Anthony (Oct 04)
- Re: [PEN-TEST] Hidden NT batch file/command line execution Christensen, Dave (Oct 04)
- Re: [PEN-TEST] Hidden NT batch file/command line execution Mike Ahern (Oct 05)