Copy the executable into <drive>:/winnt/system32/, and rename it to
setup.exe. Now you have the choice of waiting for the system to reboot (NT
have a history of doing this every now and again), or you could reboot the
machine remotely. How? With a tool called psshutdown.exe. You can find it at
http://www.sysinternals.com/psshutdown.htm. Note that you need administrator
rights to be able to a) copy the software into the winnt/system32directory
and b) reboot the box remotely. Make sure that your choice of executable is
well thought through - since you have NetBIOS access to the system you might
want to check if there is any anti-virus software installed - if so - do not
try to execute a Trojan such as Subseven/Netbus/BO- it will just screw up.
Stick with netcat(see later). There are other ways to execute something at
startup - with NetBIOS access you could also remotely edit the registry.
If you don't have administrator rights - read the next section - the same
applies here.
setup.exe. Now you have the choice of waiting for the system to reboot (NT
have a history of doing this every now and again), or you could reboot the
machine remotely. How? With a tool called psshutdown.exe. You can find it at
http://www.sysinternals.com/psshutdown.htm. Note that you need administrator
rights to be able to a) copy the software into the winnt/system32directory
and b) reboot the box remotely. Make sure that your choice of executable is
well thought through - since you have NetBIOS access to the system you might
want to check if there is any anti-virus software installed - if so - do not
try to execute a Trojan such as Subseven/Netbus/BO- it will just screw up.
Stick with netcat(see later). There are other ways to execute something at
startup - with NetBIOS access you could also remotely edit the registry.
If you don't have administrator rights - read the next section - the same
applies here.
No comments:
Post a Comment