[framework] Fw: The best way to make a backdoor.

Tue Jan 15 19:17:40 CST 2008

The windows resource kit comes with a small utility called srvany.exe
that converts any win32 binary to run as a windows service. I have
successfully tested it with a number of executables and it works
pretty well. You can try the same with meterpreter.

--Talha

On 15/01/2008, base <adrian at inetb.com> wrote:
> The windows service manager can not run just any executable as a
> service, the binary would need to support at least the basic windows
> service calls from the scm.
>
> To do this specifically you would need to include a compiled meterpreter
> payload in a custom-built windows service, or have it launched by a
> "service manager" type of service of which several free solutions
> exist.  firedaemon anyone? ;(.
>
> On a side note, I really appreciate what meterpreter can do as of msf2,
> and I'm sure it's improved in msf3 but i have not had the chance to test.
>
> Juan Miguel Paredes wrote:
> > If you have admin level access to the Windows (assuming XP), you can
> > create a meterpreter executable with metasploit, upload it and then
> > use the built in "sc.exe" command to create (or modify) a service:
> >
> > sc create backdoor binPath= c:\meterp.exe start= auto error= ignore
> > type= interact
> >
> > On Jan 14, 2008 11:54 PM, Paris Jones <arckeda at yahoo.com
> > <mailto:arckeda at yahoo.com>> wrote:
> >
> >     Sorry if this is a double post, I don't know if I was signed up or
> >     not when I posted my first one.
> >
> >     From: Paris Jones <arckeda at yahoo.com <mailto:arckeda at yahoo.com>>
> >     To: framework at metasploit.com <mailto:framework at metasploit.com>
> >     Sent: Monday, January 14, 2008 4:37:55 PM
> >     Subject: The best way to make a backdoor.
> >
> >
> >     Hello, first I would just like to say that I love this product, I
> >     think it is amazingly simple to use, and even though there could
> >     be abuse of it, I would recommend this to any security penetration
> >     testing trying to show how insecure Windows can be.
> >
> >     I would like to know your opinions on the best way to make a
> >     backdoor using meterpreter.
> >
> >     Would I edit the registry and put in a netcat command?  How do I
> >     edit the registry on windows with meterpreter?  Can I use
> >     meterpreter as a service on the victim computer?
> >
> >     Also, I would like to know if metasploit includes any features for
> >     dynamic ip addresses, so I could connect to say my own domain or
> >     subdomain to access the ip, is there some program that will change
> >     a sub domain to the ip address of the victim computer that comes
> >     with metasploit?  Thanks.
> >     -ARCKEDA
> >
> >
> >     ------------------------------------------------------------------------
> >     Be a better friend, newshound, and know-it-all with Yahoo! Mobile.
> >     Try it now.
> >     <http://us.rd.yahoo.com/evt=51733/*http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ%20>
> >
> >
> >     ------------------------------------------------------------------------
> >     Looking for last minute shopping deals? Find them fast with Yahoo!
> >     Search.
> >     <http://us.rd.yahoo.com/evt=51734/*http://tools.search.yahoo.com/newsearch/category.php?category=shopping>
> >
> >
>
>