search

⚙️System Attacks

Notes regarding Sys. Attacks from ePTS course + other recourses.

hashtag
Classification:

hashtag
🚪Backdoor

hashtag
Ncat

install it in the victim machine and run it with these commands:

-l listen -e: excute file we choose cmd so we can excute commands.

attacker will

hashtag
can also be executed as a reverse listener especially when the target is on another network:

in the Attacker machine listen:

-v: for verbose give us output.

in the target machine:

hashtag
Persistent Backdoor:

in windows Register Editor in `HKEY_LOCALMACHINE\SOFTWARE\Microsoft\CurrentVersion\Run` we add string value for our ncat (or whatever we name it in the target machine) add command to run :

then restart the victim machine.

as soon as they logged in the attacker who's listening will et a shell.

hashtag
Metasploit

using the Meterpreter (which's just like ncat above but with steroids).

Meterpreter:arrow-up-right is a Metasploit attack payload that provides an interactive shell from which an attacker can explore the target machine and execute code.

Get persistence in target machine:

after hacking one machine you will have already a session that you can browse with sessions command:

starter listener:

hashtag
🔐Password Attacks

🔐Password Attackschevron-right

hashtag
💦Buffer Overflow

hashtag
Shell:

a program that executes commands, check this to see various languages and ways to execute a system commands(getting a shell):

LogoExecute a system command - Rosetta CodeRosetta Codechevron-right

open source webshells (read them before uploading them to a web server):

LogoGitHub - tennc/webshell: This is a webshell open source projectGitHubchevron-right

Previous🌐Web AttacksNext📶Network Attacks

Last updated