Sign in to follow this  
Followers 0
TheAMG

Problem with sending to a cmd-window

5 posts in this topic

Hi guyz...first of all I wanna give my credits to autoit...I tried 2 code some with delphi and c++ --> slow progress....but then I found autoit and man I love it :)

I started to build a RAT(Remote Administration Tool)

One of the contents is a remote CMD, something like netcat or telnet but I got stuck with a problem.

1st lets look at this code...

#include <GUIConstants.au3>
Opt("GUIOnEventMode", 1)
$Form1 = GUICreate("AForm1", 655, 388, 190, 117)
GUISetOnEvent($GUI_EVENT_CLOSE, "SpecialEvents")
GUISetOnEvent($GUI_EVENT_MINIMIZE, "SpecialEvents")
GUISetOnEvent($GUI_EVENT_MAXIMIZE, "SpecialEvents")

$CmdExecuteButton = GUICtrlCreateButton("Execute", 584, 8, 57, 25, 1)
GUICtrlSetOnEvent($CmdExecuteButton, "ExecuteFunctie")
$CmdInvulVak = GUICtrlCreateInput("", 8, 8, 561, 21)

$CmdWindow = GUICtrlCreateEdit("", 8, 40, 633, 337)
GUICtrlSetState ( $CmdInvulVak, $GUI_FOCUS)
GUISetState(@SW_SHOW)

while 1
    sleep(100)
WEnd

Func ExecuteFunctie()
    
    GUICtrlDelete($CmdWindow)
    $IngevuldeCommand = GUICtrlRead($CmdInvulVak)
    RunWait(@comspec & ' /c ' & $IngevuldeCommand & ' > c:\file.tmp', "", @SW_HIDE)
    $line = FileRead('c:\file.tmp')
    FileDelete('c:\file.tmp')
    $CmdWindow = GUICtrlCreateEdit("", 8, 40, 633, 337)
    GUICtrlSetData ( $CmdWindow, $line , default )
    GUICtrlSetState ( $CmdInvulVak, $GUI_FOCUS)
EndFunc

Func SpecialEvents()
    Select
        Case @GUI_CtrlId = $GUI_EVENT_CLOSE
            Exit
        Case @GUI_CtrlId = $GUI_EVENT_MINIMIZE
    
        Case @GUI_CtrlId = $GUI_EVENT_RESTORE

    EndSelect
EndFuncoÝ÷ Øp¢¹,)iÈZ®l"¶¨²×(f§vÆîµú+{¦¦W®q©ír§çb­·jëØ"½ëiÈ¢iÛâj«¨¶»§ªê-±ê^­«eÊ)趫Âݲ+`÷¬¶¢iÛ-¡§b}÷«z{jºkº{²È¨«¨´h¥ë®×«²Ö§wZ´î²ÛÛ(®¼¢¹²¦+zx%ÈH¶¸vÚaÊk¡¹^¼¨¥éâÜ"Ú0jwn±à¨Úè'§vÚ,zwmç(f§vËh¶Û­ç§êÞjÇ+jr^¶^춶­y©Ý­ëÞj[azènW¦jëh×6
#include <GUIConstants.au3>
Opt("GUIOnEventMode", 1)
$Form1 = GUICreate("AForm1", 116, 80, 193, 115)
$Button1 = GUICtrlCreateButton("AButton1", 32, 24, 57, 33, 0)
GUICtrlSetOnEvent($Button1, "ShellFunctie1")
GUISetState(@SW_SHOW)

While 1
    Sleep(100)
WEnd

Func ShellFunctie1()
    Run(@ComSpec & " /k TITLE HideCmd","",@SW_SHOW) ;not hidden 2 reveal the prob
    WinWait('HideCmd') 
    Sleep(250)
    ControlSend('HideCmd', "", "", "net start > c:\file.tmp{Enter}")
EndFunc

If u executed this code then you saw that it doesnt type "net start > c:\file.tmp"....instead it typed: net start . c;\file.tmp :geek: so there is a "shift"problem or something....I know I can fix this prob for this script but how do I fixt it when I wanna apply this to the 1st script(with a inputbox)...how is it gonna recognize when someone uses shift or maybe I need to search for my answer in a different direction?

I hope u can help :lmao:

PS: Till I fixed this prob I'll use netcat but thats not the idea...I want my RAT to be 100% autoit like it should be :ph34r:

Greetzzz...TheAMG

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Interesting... seems like a bug.

With ControlSend(), I tried

"net start > c:\file.tmp"

and

"net start > c{shiftdown};{shiftup}\file.tmp"

and

"net start > c+;\file.tmp"

and none worked. All outputted ; and not :.

Send() worked fine, though, with all of the above.

edit - Using the above and ControlSend() to notepad works as it should. So maybe bug isn't the right word?

Edited by xcal

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

Send() worked fine, though, with all of the above.

I dont wanna use Send() cuz I wanna send the commands a user inputs to a hidden cmd window when I apply this code to my RAT.

-== Edit ==-

A friend (nick: s0m3b0di3)gave me the answer I was looking for :lmao: I managed 2 work around my problem by building a lil filter that converts the special chars to ascii b4 I send it to the cmd-window :ph34r: It works like a charm :geek:

Edited by TheAMG

Share this post


Link to post
Share on other sites

ok....the filter works nice accept for 1 character :lmao:

$FilteredCommand = StringReplace($Command, ":", "{ASC 58}")

that does the trick for all chars accept for this 1 --> "

how am I gonna filter that 1 ?

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

Crap!

the script doesnt continue becuz the cmd-screen is still opened :| I need it 2 stay open

Edited by TheAMG

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0