I can hear what you're thinking. You're wondering whether netcat is really a good idea for this purpose. It isn't an encrypted tunnel with any authentication mechanism, and nc.exe is notoriously flagged by AV software. Well, we're running with netcat for now because it makes for a nice demonstration, but there is a practical purpose: I'm not sure there's anything quite as fast as this method for creating a persistent backdoor into a shell session on a Windows target. Nevertheless, you can leverage this method with any listener you like.
Hack tunnels – netcat backdoors on the fly
by Phil Bramwell
Hands-On Penetration Testing on Windows
- Title Page
- Copyright and Credits
- Dedication
- Packt Upsell
- Contributors
- Preface
- Bypassing Network Access Control
- Sniffing and Spoofing
- Windows Passwords on the Network
- Advanced Network Attacks
- Cryptography and the Penetration Tester
- Advanced Exploitation with Metasploit
- Stack and Heap Memory Management
- Windows Kernel Security
- Weaponizing Python
- Windows Shellcoding
- Technical requirements
- Taking out the guesswork – heap spraying
- Memory allocation – stack versus heap
- Shellcode whac-a-mole – heap spraying fundamentals
- Shellcode generation for the Java vulnerability
- Creating the malicious website to exploit Java
- Debugging Internet Explorer with WinDbg
- Examining memory after spraying the heap
- Fine-tuning your attack and getting a shell
- Understanding Metasploit shellcode delivery
- Injection with Backdoor Factory
- Summary
- Questions
- Further reading
- Bypassing Protections with ROP
- Technical requirements
- DEP and ASLR – the intentional and the unavoidable
- Introducing return-oriented programming
- Getting hands-on with the return-to-PLT attack
- Summary
- Questions
- Further reading
- Fuzzing Techniques
- Going Beyond the Foothold
- Taking PowerShell to the Next Level
- Escalating Privileges
- Maintaining Access
- Technical requirements
- Persistence with Metasploit and PowerShell Empire
- Creating a payload for Metasploit persister
- Configuring the Metasploit persistence module and firing away
- Verifying your persistent Meterpreter backdoor
- Not to be outdone – persistence in PS Empire
- Elevating the security context of our Empire agent
- Creating a WMI subscription for stealthy persistence of your agent
- Verifying agent persistence
- Hack tunnels – netcat backdoors on the fly
- Maintaining access with PowerSploit
- Summary
- Questions
- Further reading
- Tips and Tricks
- Assessment
- Chapter 1: Bypassing Network Access Control
- Chapter 2: Sniffing and Spoofing
- Chapter 3: Windows Passwords on the Network
- Chapter 4: Advanced Network Attacks
- Chapter 5: Cryptography and the Penetration Tester
- Chapter 6: Advanced Exploitation with Metasploit
- Chapter 7: Stack and Heap Memory Management
- Chapter 8: Windows Kernel Security
- Chapter 9: Weaponizing Python
- Chapter 10: Windows Shellcoding
- Chapter 11: Bypassing Protections with ROP
- Chapter 12: Fuzzing Techniques
- Chapter 13: Going Beyond the Foothold
- Chapter 14: Taking PowerShell to the Next Level
- Chapter 15: Escalating Privileges
- Chapter 16: Maintaining Access
- Other Books You May Enjoy
Hack tunnels – netcat backdoors on the fly
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.