Persistent ncat backdoor WindowsMetasploit

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Home Forums Courses Metasploit Persistent ncat backdoor Windows

This topic contains 1 reply, has 1 voice, and was last updated by  Steve 3 years, 8 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #83645


    Hello, I LOVE this course, it is fantastic. I did run into an issue that is confusing me, however. After I establish a reverse_tcp meterpreter session with my Windows target I am trying to set up the nc backdoor. I am able to get a second meterpreter session open which bypasses the UAC and is System level and then copy nc.exe over to system32, BUT I noticed that there is a difference between the Windows/System32 directory for my system-level meterpreter session (session 2) and my default meterpreter session (session 1). Is that because there is a separate Windows account for System? I cannot find ncat.exe in System32 when logged into my user account or in session 1 but I CAN find it by opening System32 in meterpreter session 2. This is of consequence because after adding the HKLM keys, rebooting my machine and logging into my user doesnt seem to make ncat start. Firewalls and Antivirus are off.

    Wondering if anyone can help 🙂




    Woops, problem resolved. First off, System IS a separate “account”. Second off, the port I was using (the same one used in the video) was actually being used by a microsoft service, which is why ncat was not connecting. Which I did not figure out until I tried running ncat manually without the ‘-d’ parameter, so it would tell me the error message.


Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?