I can hear what you're thinking. You're wondering whether netcat
is really a good idea for this purpose. It isn't an encrypted tunnel with any authentication mechanism, and nc.exe
is notoriously flagged by AV software. Well, we're running with netcat
for now because it makes for a nice demonstration, but there is a practical purpose: I'm not sure there's anything quite as fast as this method for creating a persistent backdoor into a shell session on a Windows target. Nevertheless, you can leverage this method with any listener you like.
We've seen the easy way to transfer files over the LAN with SimpleHTTPServer
. This time, we're assuming a Meterpreter foothold has been established and we're just setting up a quicker, callback number.
Use the upload
command to get your backdoor on to the target. Next, the part that makes this happen with every boot: adding the executable to the registry...