My good friend Justin and I recently won the Derbycon Capture The Flag competition. A few people mentioned that they’d be interested to see a write up from us. It seemed that more people were interested in our methodology than anything else so I will discuss our strategy and tactics and if anyone is interested […]

The point should be obvious. Deploy a stealthy box/laptop (linux based toaster?) at a target’s site. Have it call home on a ubiquitous/innocuous port, bypassing any firewall rules and voila you are inside the candy shell. Install Linux (depending on situation you might want FDE) install security tools (nmap, build-essential, nc, etc) vi /etc/default/acpi-support Disable […]

As promised below is a link to the netcat like callback program.  It’s sole purpose is to send back cmd.exe to the IP and port of your choosing.  Default is on port 1025.  These can be redefined in main.c.  There is no window on the client so it is relatively stealthy.  Just start your […]

Threw this together real quick.  Basically just calls the netcat command every 10 seconds to callback to our server and open a shell.  It’s use is limited since it doesn’t hide the cmd window that it generates.  However I can see a few cases where this would be acceptable and it’s a good POC if […]

Someone asked me about a virus on a machine that altered the registry to execute itself every time another executable was opened. I explained that this was relatively trivial to do and thought I should back it up with some source code. First piece is how do we tell windows to launch an exe before […] Wrote this program back in 2004 and had posted it using a pseudonym. I cleaned it up a tiny bit, and it is fully functional. The backdoor puts the interface in promiscuous mode and does not open a listen()ing socket until it sees 5 packets on port 5000 within a 60 second period. At […]

As an easy reference, here’s 3 ways to generate an IP address list for use with other scripts using three common scripting methods. 1. Windows For command Command: FOR /L %variable IN (start,step,end) DO command [command-parameters] Example: for /L %I (1,1,255) DO echo 192.168.1.%I >> IPs.txt 2. Bash Shell Example: for (( i=1; i<=5; i++)); […]