Re: [PEN-TEST] Hidden NT batch file/command line execution

[Meredith Shaebanyan <merediths () PWAOR COM>]

That seems a bit overkill. Your problem is you are launching it as a normal
application. I'm not a VB programmer, but what you're probably doing is the
equivlent of a C system() call. What you want to do is open the a pipe to
the application. You can open a pipe for either input or output. When you
open a pipe, it connects the standard input (or output, depending on how
it's opened) to the calling process...and you can read to it/write to it
like you would a normal file.
The prototype of the C function in FILE* popen(char* string, char*mode);.
Try consulting the MSDN for the visual basic version of this function.

Opening a pipe won't hide the process from taskmanger/pview or simialer
utilities...it will merely prevent it from interacting with the desktop,
however you won't have to uniquely generate the code for every process you
use as a batch, merely use the popen (VB equiv) to call the process rather
whatever you're using.



________________________
Meredith Shaebany
MIS Specialist
Pacific West
714-245-5560
merediths () nospam pwaor com

-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of Brentlinger, Mike (ISS eServices)
Sent: Wednesday, October 04, 2000 9:49 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Hidden NT batch file/command line execution


Ive used a nice little app called elitewrap which will possibly do what you
want (it offers an option something like "execute hidden").

However just a litte 411; if you 'wrap' something up the end result will be
detected as a virus/trojan by most virus scanners.

Mike Brentlinger
ISS Chicago



-----Original Message-----
From: Mike Ahern
To: PEN-TEST () SECURITYFOCUS COM
Sent: 10/4/00 12:20 PM
Subject: Hidden NT batch file/command line execution

I am experiencing a problem that someone on this list
might be able to answer quickly. I would think the
answers might also be of interest to most any
Penetration Tester on the list who would want to
occasionally run shell code on a box without raising
awareness of NT server operators/admins on the
console.

I am currently working with a security app that runs
as an NT service, however at frequent intervals it
executes an NT batch process in a command window
(cmd.exe). The net effect is very distracting for
anyone who has to work on the server console, as it
appears like some giant black strobe, blinking in a
way that is more much annoying than blinking HTML
text.

I know from running stealth keyloggers and certain
trojans (BO/BO2K) and program wrappers that programs
can be executed without popping up any window, without
anything on the toolbar, or in the Task Manager, and
that VB offers this capablility.

Are there any cute, clean, "down and dirty", wrapper
apps (VB scripts, etc) that will execute command line
stuff, batch files, etc., without popping anything up,
or will be pretty unobtrusive to the console operator?
Or are the only solutions really hiding the execution
in VB or other lower level code that we would have to
generate uniquely for each process we need to run
currently as a batch process??? I have to think that
someone has written something to do this already, but
a quick search hasn't revealed anything as of yet.

Any ideas?
Thanks in advance for any assistance you might be able
to proffer.


-mch







__________________________________________________
Do You Yahoo!?
Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free!
http://photos.yahoo.com/