Term: freexploit
Author: allyesno
Date: 2005-5-8
Similar to the bat chicken manager of the VB meat manager of kevin1986
Kevin is a very interesting tool. I am interested in calling the mstsc file directly. The following methods can be used:
1. VB has a ready-made terminal connection control and can be directly added and used.
2. Capture the mstsc window and then read the information from the MDB to add
3. A command line is sent to call
If you want to write the bat version chicken manager, you can only use the third method.
First, the mstsc 123.45.67.8 mom failed to create a blank mstsc window. Let's use echo to pass the parameter.
Echo 123.45.67.8 | the mstsc dad failed again. At this time, I don't think I can use black box testing to do this.
What if mstsc does not have a command line call method? Let's take a look at the help of mstsc. No help file, maybe
I installed pirated files.
I sent an email to Bill Gates asking him to tell me what mstsc was like.
A very rigorous person quickly replied to me.
Mstsc-V: server name/F-Console
Mstsc is the executable file for Remote Desktop Connection.-V specifies the server to be connected and/F specifies full screen mode,
-Console is the command to connect to the console session.
He kindly told me that the Help file was actually in mstsc. I tried it and vomited blood.
I disassemble the meat manager and found that Kevin uses the mstsc/V parameter. Well, it should be the third method of calling.
(I'm not sure. Even if the final method is mstsc/V, VB cannot be excluded from calling the control, and
Call mstsc/V)
00403b74 5c006d00730074007300 + Unicode '/mstsc.exe/V', 0000 h
In this way, you can use the command line to compile the chicken manager.
Because bat is quite troublesome in database operation management, I am just a demo code with weak functions. If you want to manage bots
Kevin's meat manager is still the best (later I thought it would work very well if I used some of the bat code currently being studied
I just don't want to announce it so soon. I will talk about it later)
The following is the Demo code
Codz:
@ Echo off CLS Echo. Rem bulid by allyesno; team freexploit Set COUNT = 0 Set stepskip = 0 If "% 1" = "" Goto help If "% 1" = "? "Goto help If/I "% 1" = "H" Goto help If/I "% 1" = "T" if "% 3" = ""( Mstsc/v% 2: 3389 ) Else ( If/I "% 1" = "T" mstsc/V % 2: % 3 & goto help ) & Goto help If/I "% 1" = "add" Goto update If not exist jj.data.txt echo you have not created a chicken database, use JJ add to create a chicken database & goto end For/F % I in (jj.data.txt) do set/A count + = 1 If/I "% 1" = "N" if "% 2" gtr "% count %" Echo: The number you entered is greater than your total number of bots & goto help If/I "% 1" = "N" if "% 2" LSS "1" Echo chicken number must be greater than or equal to 1 & goto help If/I "% 1" = "N" if "% 2" = "1" for/F "tokens = 2-3" % I in (jj.data.txt) do mstsc/V % I: % J & goto help If/I "% 1" = "N" set/A stepskip = % 2-1 & goto setgoon : Setgoon If/I "% 1" = "v" (if exist jj.data.txt type jj.data.txt | more & goto end) else (if not exist jj.data.txt echo you have not created a chicken database, use JJ add to create a chicken database & goto end) @ Echo off CLS Echo. Rem bulid by allyesno; team freexploit Set COUNT = 0 Set stepskip = 0 If "% 1" = "" Goto help If "% 1" = "? "Goto help If/I "% 1" = "H" Goto help If/I "% 1" = "T" if "% 3" = ""( Mstsc/v% 2: 3389 ) Else ( If/I "% 1" = "T" mstsc/V % 2: % 3 & goto help ) & Goto help If/I "% 1" = "add" Goto update If not exist jj.data.txt echo you have not created a chicken database, use JJ add to create a chicken database & goto end For/F % I in (jj.data.txt) do set/A count + = 1 If/I "% 1" = "N" if "% 2" gtr "% count %" Echo: The number you entered is greater than your total number of bots & goto help If/I "% 1" = "N" if "% 2" LSS "1" Echo chicken number must be greater than or equal to 1 & goto help If/I "% 1" = "N" if "% 2" = "1" for/F "tokens = 2-3" % I in (jj.data.txt) do mstsc/V % I: % J & goto help If/I "% 1" = "N" set/A stepskip = % 2-1 & goto setgoon : Setgoon If/I "% 1" = "v" (if exist jj.data.txt type jj.data.txt | more & goto end) else (if not exist jj.data.txt echo you have not created a chicken database, use JJ add to create a chicken database & goto end) For/F "tokens = 2-3 skip = % stepskip %" % I in (jj.data.txt) Do mstsc/V % I: % J & goto help Goto help : Update If not exist jj.data.txt goto first For/F % I in (jj.data.txt) do set/A count + = 1 Set/a Count = count + 1 Echo. | set/P update = % count %> jj.data.txt Goto Second : First Echo. | set/P update = 1> jj.data.txt : Second Input chicken length (IP) for ECHO) Set/P update = Echo. | set/P update = % update %> jj.data.txt Echo, enter the chicken hole (port) Set/P update = Echo. | set/P update = % update %> jj.data.txt Input username for ECHO) Set/P update = Echo. | set/P update = % update %> jj.data.txt Echo, enter the password) Set/P update = Echo. | set/P update = % update %> jj.data.txt Echo performance index (1-100) Set/P update = Echo. | set/P update = % update %> jj.data.txt Echo what you want to say about this chicken Set/P update = Echo. | set/P update = % update %> jj.data.txt Echo.> jj.data.txt Goto end : Help Echo view chicken information JJ v Echo directly connects the chicken JJ t 127.0.0.1 3389. [if you do not specify a port, the default port is 3389] Echo uses the serial number to connect the chicken JJ n? 【? The value range is the number of bots you have added] Echo add chicken information JJ add Echo help JJ? Or JJ H : Elastic Load If "% upload Load %" = "1" Goto end CMD/k Set slave load = 1
|
Run the command line and enter JJ to view the help information.
View chicken information JJ v
Directly connect to the chicken JJ t 127.0.0.1 3389. [if you do not specify a port, the default port is 3389]
Connect the chicken JJ n? 【? The value range is the number of bots you have added]
Add chicken information JJ add
View help JJ? Or JJ H
PS: This program can add its own zombie, but I did not write the code for deleting the zombie. For bat, updating the database still has the disadvantages of being slow.
I will write a better version if I find a quick solution later.
Later, I found an example of using VB to write a terminal connection on msdn. You can find it and analyze the structure of the RDP file.
You can create an Automatic Logon account by yourself. By the way, the encryption method for RDP to save the password is long password hash.
However, no related articles were found in the specific encryption process. I guess it is the same as that on the SQL server.
If I have learned the compilation in the future, I may be able to disassemble it to see the encryption process.
Reference tools and documents:
Kevin1986 meat Manager
Http://hididi.net/public/kevin/blogview.asp? Logid = 233
How to use the Windows Server 2003 terminal service to connect to and hide console sessions
Http://support.microsoft.com/default.aspx? SCID = KB; ZH-CN; 278845
Down
Http://www.eviloctal.com/forum/job.php? Action = download & pid = TPC & tid = 10433 & Aid = 994
Http://www.ph4nt0m.org/bbs/attachment.php? S = & postid = 56958.
Https://www.xfocus.net/bbs/index.php? Act = attach & amp; type = Post & amp; id = 206778