Shulou(Shulou.com)05/31 Report--

In this issue, Xiaobian will bring you about the ping does not work win7 solution and how the nc backdoor is made. The article is rich in content and analyzes and narrates from a professional perspective. After reading this article, I hope you can gain something.

Win7 and Win8 cannot be pinged by default. For security reasons, external hosts are not allowed to ping them. (Turning off the firewall won't fix this!!!)

Workaround: Allow ICMP echo, set as follows:

Firewall.cpl--advanced settings--inbound rules--file and printer sharing (echo request-ICMPv4-In), win7 has two (domain, public private), win8 has three (domain, public, private), right-click to enable rules, IPV6 is also, personal testing process found that as long as the public is enabled, OK. Here are the Windows 7 and Windows 8 firewalls.

nc this Switzerland ××× is indeed tried and tested, the only pity is that it will be killed soft check kill, can only do their own free kill, fortunately the source code is open, understand programming can do source level free kill, the following said under the use of nc in the intranet will not be killed soft check kill the back door, and ignore the remote pc user name password modification, the connection type is positive active connection. Suppose you get the Victim_pc shell through various overflow vulnerabilities, of course nc needs to pass it (This step is a bit of a problem, assuming that the local ftp, remote download nc will be killed by 360, always can not think of any good way to download files to victim_pc without being killed, in addition to do free kill, seek expert guidance), and then in fact is to open an nc monitoring program and return to the shell, of course, this side needs to be booted, the better way is to add to the registry startup entry inside, reg add hkey_local_machine\software\microsoft\windows\currentversion\run /v"key name" /d "nc -d -L -p port -e cmd /f", so added to the boot entry inside, of course, here also need a little social worker's idea, such as nc renaming, key name renaming, you need to write more like, because msconfig and task manager will display.

Here I just changed nc to winsearch, of course, it can be changed to a name that can deceive others, such as some MS service names, etc. This way, after restarting, victim_pc will always listen to the local port, and you can connect its ip and port locally to get its shell. The advantage of this backdoor is that it ignores the detection and killing of antivirus software and the modification of user name and password. The reason is not too deep. I think nc should be started before killing software or at least nc has done its monitoring work before killing software and monitoring. There will also be a problem here, that is, the firewall will pop up the prompt when starting the nc tool for the first time, whether to allow it to pass, if you change the name like a little, generally others will click allow. In addition, it needs to be mentioned that if the OS of victim_pc is win7, local ping is not available, but nc can penetrate, ignoring the firewall restrictions.

Perhaps some people will have doubts, since the shell after downloading local nc was killed, and how to do the subsequent steps, or nc has been done free to kill, can download to the remote pc, that is not casual Mody. Admittedly, this is indeed a contradiction, so what I said is only a way of thinking, do not be too far off the mark. Another situation that may occur is that nc may be useful at that time after doing a good job of killing, but there is no guarantee that it can be killed later. We must believe in the update speed and technology of killing soft, so this method still has certain reference value.

Of course, the situation here is the intranet. In fact, the same is true for the external network. You just need to collect the IP address of the other party. If the other party is on the intranet, you also need to do port forwarding. There is also a benefit in the intranet is that if you give a lot of PCs are planted with this nc backdoor, then you can write a batch process to connect, I will not write the program, the idea is as follows: first scan the surviving host, of course, you need a strong scanning software, the first push nmap, prevent win7\8 ping does not work, and then open n nc connection surviving host.

In addition, this is a forward connection type, in some cases will be intercepted by the firewall, of course, the best is the rebound type of backdoor, in fact, the principle is the same, local nc monitoring, victim_pc active connection, can also be made in the form of boot items, but need to connect to the local host cyclically (For example, the interval time is 1min), and the local needs to connect to the remote when the monitor is turned on, a bit similar to the gray pigeon rebound type ** production idea, in fact, the remote control tool is nothing more than integrating some functions together.

In addition, I have to mention that nc has powerful functions. It can send and receive emails, port forwarding, ftp, send and receive files, and scan ip and port. It is simply omnipotent. I have to note that its size is only 60K.

The above is the ping block win7 solution shared by Xiaobian for everyone and how the production of nc backdoor is, if there is a similar doubt, you may wish to refer to the above analysis to understand. If you want to know more about it, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.