Backdoor Lab - Hsanokklis/2022-2023-Tech-journal GitHub Wiki

Summary:

Lab Link

Doc Link

Part 1: Getting a command (CMD) shell

Objective: Understand how APT allows access into a corporate network.

Discussion: It is important to understand how attackers are able to obtain a shell on a remote system since it is common method of maintaining access and stealing data (exfiltration or exfil). netcat is a simple but powerful program for establishing connections. netcat derives it’s name from the linux command for typing the contents of files: cat (short for concatenate – join)

1. Change your Kali hostname

  • type sudo nano /etc/hostname into terminal

  • Change kali to hsanokklis

image

image

  • save the file with command x and then restart your VM

image

2. Connect to someone's computer on port 8001

On Bob’s computer, a listener (-l) (lower case L) is started on port 8001 and anyone that connects to it will get a command prompt on Bob's computer. The -v is for verbose mode. It is always a good option so you know what is going on as the shell is being setup.

  • have partner type command nc -lvp 8001 (to open port)

image

Me connected to Lily:

image

Lily connected to mine:

image

  1. Connecting to Antonios part 2

On Bob’s computer, a listener (-l) (lower case L) is started on port 8001 and anyone that connects to it will get a command prompt on Bob's computer. The -v is for verbose mode. It is always a good option so you know what is going on as the shell is being setup.

image

image

image

Antonios

image

image

image

image

image