Good day!
Today Im gonna share with you my new CLI tool which is a network tool that helps you for easy command-line remote control. wincat can be configured to listen on a certain port and launch an executable when a remote system connects to that port. By triggering a wincat listener to launch a Windows command shell, this shell can be popped back to a remote system. The syntax for launching wincat in a stealth listening mode is shown below:
The -p specifies the port to listen on and -e specifies the program to launch(in this case, cmd.exe, the Windows command interpreter.). Finally the -a is an optional argument to save the state of the wincat and tries to deploy itself on windows startup.
I have setup this on my local environment for testing. The host ip is 192.168.1.2 and I will use my android tablet to connect into it with the local ip 192.168.1.4. Below I launch the wincat for demonstration:
In the next sequence, I will show you the details in the host system and
check to see if it is up and running. Take note, if you are having
problem with the firewall blocking and you have rights to change it, you
can play around with netsh command on windows. Below is the details:
I use netstat command on windows to check if my port is currently listening for incoming connections and check my local ip for the client to connect to.
Next, I will be trying to connect into it with my client machine (in my case I use my android tablet) to the listening port on the machine shown earlier (IP address 192.168.1.2) and receive a remote command shell. Below is my android client that connects to the remote machine using telnet.
As you can see, remote client or user can now execute command and launch files. They are limited only by how creative you can get with the Windows console ;)
wincat works well when you need a custom port over which to work, but if you have access to smb(TCP 139 or 445) the best tool is psexec or if you want to scan for windows samba shares over a network you can use my tool in this Article(winshare.exe)
Download and extract the binary application here:
Index-wincat.zip | SHA1: e9fc94bf7cf5572e11c651b990d2a1de48bb5808
Well that's it for today, hope this helps you :-)
Have a great day!
FIN!
0 comments:
Post a Comment