Backdoors
Practical Guide to Backdoors in Red Teaming
Backdoors are tools or methods used by attackers to maintain persistent access to a compromised system. In a red teaming context, backdoors allow penetration testers to ensure they can return to a system even if the initial access vector is closed. Below, we'll explore practical techniques for implementing and using backdoors.
Creating a Persistent Meterpreter Session
Tool: Metasploit
Steps:
Exploit a vulnerability to gain an initial foothold.
Migrate to a stable process to maintain the session.
Set up persistence with a Meterpreter script.
Once the session is established:
This command sets up a persistent Meterpreter backdoor that will start every time the user logs in.
Using Netcat for a Simple Backdoor
Tool: Netcat
Steps:
Transfer Netcat to the target system.
Set up a persistent listener on the target system.
Example:
To make it persistent, add the command to a startup script:
Using PowerShell for Windows Persistence
Tool: PowerShell
Steps:
Create a PowerShell script to establish a reverse shell.
Use Task Scheduler to run the script at startup.
Example:
Save this script and schedule it using Task Scheduler:
Creating a Reverse SSH Tunnel
Tool: SSH
Steps:
Set up a reverse SSH tunnel to maintain access.
Example:
To make it persistent, add the command to cron
:
Deploying Custom Backdoor with C2 Framework
Tool: Cobalt Strike
Steps:
Use Cobalt Strike to create a custom beacon.
Deploy the beacon on the target system and set it to call back periodically.
Example:
In Cobalt Strike:
Hidden User Accounts: Creating hidden user accounts with elevated privileges.
Example: Creating a Hidden Admin User on Windows:
Impact: The hidden user account provides the attacker with administrative access.
Some useful Backdoor references:
Understanding and effectively implementing persistence and backdoor techniques are critical for simulating advanced attack scenarios in red teaming engagements. While common backdoors are increasingly detected by EDRs, some methods can still circumvent these defenses by using advanced Red Teaming techniques that we cover in our live Red Teaming workshops.
Last updated