CRSStealth 0.3
(not-a-virus:RemoteAdmin.Win32.CRShell.03)

by XpyXt

Written in Microsoft Visual C++

Released in

more versions


Version 0.3

- Path file with spaces
Paths with blanks must be between quotes.
First path must be between quotes, in the second one it isnt necessary.
#copy "c:\file sux\as.as" c:\or\aasj.as
or
#copy "c:\file sux\as.as" c:\or asd\aasj.as

Use it with every paths which contain blanks

- Jump to another disk drive
#cd d:\

- execute .exe files
You can execute .exe files with the "exec" command
#exec ipconfig.exe
or
#exec "nc -l -vv -p 431"

- Transfer files
You can send files with the command:
#/put <local file> 
Local file of cliente

#/put <local file>
Local file of server


- Uninstall Server

You input command uninstall in to console.


[C:\WINDOWS\system32]#uninstall
Uninstall CRShell Stealth Server
If you can uninstall put command: uninstall now

[C:\WINDOWS\system32]#uninstall now
Procediendo a la desinstalacion...
Uninstall complete.
 You must reboot system now.

[C:\WINDOWS\system32]#

- Commands list:

CRShell Stealt - Help
dir      List directory
cd       Enter in directory
md       Create forlder
rm       Delete folder
copy     Copy file
del      Delete file
move     Move file
exec     Run command or exe
ps       List process
kill     Kill process
type     Read and show file
info     Show information of system
uptime   Show uptime

/rscmd   Spawn cmd.exe
/rsend   End of cmd.exe
/get     Download file
/put     Unload file
/rdll    Call function of dll

wget     Download file form inet

help     Show help

wget suport http and ftp protocol.

XpyXt 
 

Server:
dropped file:


port:  TCP 


tested on Windows XP
May 22, 2006
MegaSecurity