we're gonna go a little bit further and
I'm trying to do at this point is to create a backdoor. We've really seen some back doors,
but they're not persistent. So we have. It relies on
the user of the victim rather clicking a running a program, running a file, trying to put that in a place on the system where the load every time they boot, for instance, would be a good technique
trying to get a virus in the boot, the master boot record or somewhere else and start up folder. Perhaps you can get get that to run.
But what I want to try to do, in the meantime, is user tool called Net cat.
And that gets very useful because you can set up a listener on a victim's system
and pick a port number of your choice and a program that would like to run
and that lets you connect any time you want
to. That system, assuming that net cat is running
so naked is included
in my interpreter are the best boyfriend work I should say.
And so what I'm gonna do is run the upload command
and I think I've got the same July, Ugo. So this is the path user. Share windows, dash binaries and see Dottie XY
notice I'm using double backslash is as I mentioned before. There are some parsing issues issues, so double backslash just gets us around. That problem,
but we want to do first is upload the net. Can't execute able to the Windows directory on the victim's system.
You see it? Let me do that.
Uh, because again, I am
the system account. If you're not system, you won't be able to put the file in that directory after
trying to put it somewhere else.
But I want to run it from this directory because that's Molly.
All right. Now what we're gonna do is
two at a registry key
so that we can get this,
program to run every time
from my interpreter show,
I need to type this in very carefully.
I'm missing one of my backsplashes. And I said before that little cause problems. There we go.
So it's my veen where ah, user process
and I've got another community to run. I'm gonna up arrow to bring back my last one instead of eat registry in Nam Ki I'm going to run the set, Val Command.
And that should be a TSH k lm software like yourself Windows current version run
and that I need Thio
do a little bit after this
Dash D is the values I'm studying
and I'm gonna give it the path to nightcap
And I'm telling it which port I'd like the listener to run on 445
and then run command out. He actually as the actual,
uh, command when the
listeners connected to
now, I can query the value that I've just set
get rid of all this.
And there are changed that Val to your query valve.
And this left confirmed that indeed, I have the right parameter set here,
so I'm running that cat
Uh, this is the path to it listening port of 4 45 and the command will be command on the exit.
Okay, So unless next task is to
open up a rule in the firewall
created will the firewall rather
so that we can allow this for 45 traffic through
So we're running a nutshell. Advanced firewall,
And then we're gonna add a rule
we're gonna call the rule.
That can't just for now. That's fine. We have to specify several parameters here. But all this should make sense. If you worked with firewalls before,
uh, we're specifying the protocols. TCP
the local port is for 45
Direction is inbound,
the action is allow.
that's being referenced is he calling back slash Windows
system 32 see Daddy XY.
It's a little typing.
Oh, well, the reason that didn't work is because I'm not in a command shell.
Hold on. One surgeon.
Their father. I am still system.
No, I can run that commit.
Okay, so give me my okay. Statement showed me that the firewall rule worked.
Now, since I've put the registry key into the
into this key software Microsoft Windows current version run,
that means that when I reboot
And go ahead. Pause. So I can reboot.
Okay, so we lost our mature precession, which is expected when we memory boot,
and I'm gonna go ahead and go to another command show.
And now I'm going to see if my Net cat connection actually works.
So that cat's built into Callie. You don't need to specify its path.
I'm gonna use the fur boast option,
and I'll get the address of my victim's system
and the port number.
This might take a moment,
Give me a message about in Verceles looking fella. That's fine.
I have long been as an administrator, which is good.
Now, this is a persistent connection that I have to the system. Anytime I wanted
to log in, I just simply use the net cat and go to this port.
All right, that's it for the night cat suction. Thank you.