Introduction to pentesting: Maintaining Access with Backdoors and Rootkits

How do I practise this step?

Like each of the steps that have been discussed, becoming proficient with backdoors and rootkits requires practise. Working with tools like Netcat can seem a bit confusing at first, especially when we use the “-e” switch to provide backdoor functionality. The best way to practise this technique is to set up two machines and practise implementing Netcat between them. The more you use Netcat, the more comfortable you’ll become with the concept.

You should practise both sending and receiving files from each machine. It’s important to understand directionality and exactly how to use Netcat to perform this task both ways (downloading and uploading). Once the basics of sending and receiving files have been mastered, begin focusing using Netcat as a backdoor. Remember the “-e” switch is vital in performing this task. Fully understanding how to implement Netcat as a backdoor will require setting up the tool in listener mode on the target and making a connection to it from the attacker machine.

Be sure to practise setting up a backdor and establishing a connection with both Linux and Windows. It’s important to master the difference between the Linux and Windows versions. Remember, a Windows Netcat version can connect to a Linux version and vice versa; however, there are several minor differences in the switches and functionality of each program.

Finally, after becoming proficient with the basics of Netcat, be sure to explore some advanced features like using Netcat as a proxy, reverse shell, port scanning, creating and copying a disk partition image and chaining Netcat instances together to bounce traffic from one machine to another.

Before wrapping up Netcat, be sure to thoroughly review the documentation and examine each parameter. Again, you’ll want to look closely at the differences between the Linux and Windows versions. Examining the switches and reading the documentation pages often provides additional information and can spur some creative uses of the tool.

Practising with rootkits can be a bit of double-edged sword. Exploring and learning to use rootkits can be rewarding and valuable but as with all malware there is certainly some risk involved. Anytime malwared is used or studied, there is a chance that the malware will escape or infect the host system. Readers are strongly encouraged to exercise extreme caution before downloading or installing any type of malware. Advanced malware and rootkit analysis is beyond the scope of this course and ain’t recommended.

If you are still compelled to study these topics, the use of a sandboxed environment and virtual machines is a must. Always disconnect all outside access before proceeding to ensure that nothing escapes your network. Remember that you are legally responsible for any and all traffic that “accidentally” leaves your network and traffic that is sent on purpose.

Actually, rootkits and backdoors are rarely used in a penetration test. It’s highly suggested that you focus on mastering each of the other steps before attempting to advance any further with malware.