Remote shell server with auth for Windows
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
adv
simple
.gitattributes
LICENSE
README.md
nc.exe

README.md

ncRshell

Remote shell server with authentication for Windows. I made this because I love making all sorts of weird and challenging things in Windows Batch, but it actually turned out to be a neat and very usable script!

1stOc2018: Dunno if I'll be updating this anymore. It doesn't really have any bugs, and I don't know what features to add.

Note: This was originally made for use over LAN for a renderfarm in a trusted environment, and it does not encrypt connections! Most of the security concerns of telnet apply. Use cautiously over the internet.

Handy little Windows client script available here.

About

ncRshell (pronounced as neck-er-shell) allows you to remotely execute commands on Windows computers. It's basically a super-broke-living-on-the-street-poor-(wo)man's telnet server.

Simple (boring) version:

Configuration

  • Open listen.cmd in a text editor, and edit the "port" and "password" variables.
  • Save nc.exe (netcat), listen.cmd and auth.cmd in the same folder.

Usage

  • Start listen.cmd. That's it. Your server is now running and listening on the port which you specified.

Connecting

  • Netcat (strongly recommended):
    nc <server-ip> <port>

  • Telnet:
    telnet <server-ip> <port>

(socat, ncat, PuTTY, etc. should also work just fine)


Advanced (fun) version:

This version overcomes all the caveats of the simple version, and is a lot more fun (and usable, too).

Configuration

  • Save all the files in the adv folder in a single directory along with nc.exe.
  • Edit the three variables at the top of _ncRshell.cmd: The password, the port for the main server, and the port for the killswitch.

Usage

  • To start the server, simply run _ncRshell.cmd.
  • If you want remote users to have admin privileges, run _ncRshell-ADMIN.cmd.
  • To stop the server, simply run _ncStop.cmd. Note that simply closing the _ncRshell.cmd window will not stop all server processes. If you ran ncRshell as admin, use _ncStop-ADMIN.cmd to stop all processes.
  • You can also run any of these scripts silently by running inv <script-name>.
  • If you're connected to the server and wish to remotely stop the server, run start _ncRshell.cmd from the remote shell.

Connecting

Main server

Connect with nc <server-ip> <server-port>.

You'll be prompted to enter your password. If you enter the correct password, you will get access to a remote shell.

Killswitch

Connect with: nc <server-ip> <killswitch-port>.

The killswitch comes in useful if there's an open connection to the server from another computer which is preventing you from connecting, or if the server is misbehaving for whatever reason.

It closes any open connections, and restarts all server processes.

If you are unable to connect to the killswitch, it means that there already exists an open connection to the killswitch. In this case, just wait for a few seconds and try again.

Unlike the main server process, the killswitch process is automatically reset and restarted every 30 seconds.


Caveats

  • Only supports one connection at a time (this is why the killswitch exists).
  • No tty support.
  • No encryption.
  • Works wayyyy better with nc than with the windows telnet client, although the latter is also usable.

Requirements

  • Should work on any system running Windows XP or later but why the hell would you still be using XP?
  • nc.exe in either %path% or the same directory.

Custom Command Execution

When a user connects and enters the password, by default, they get access to a remote shell. However, this behaviour can be changed!

Edit line 13 of auth.cmd, and replace cmd.exe with any command of your choice.

For example, an interactive batch file: servconf.cmd, or a command such as: systeminfo, or an executable with flags: servconf.exe -a.

There's very little that you cannot do! You can even use it as a telnet proxy! Try: nc rainmaker.wunderground.com 23!