In this example, instea↔γ↕ d of looking up information on th¥'ε‍e remote system, we will be inst•×$πalling a netcat backdoor. This ✘‍®includes changes to the syste>★♠£m registry and firewall.

First, we must upload a copπ♥ πy of netcat to the remote system.

    Afterwards, w☆♥±e work with the registry to have netcat e>φ≈xecute on start up and list↔♣en on port 445. We do this ≈βδby editing the key ‘HKLM\software\Ω↑‌microsoft\windows\currentversion\rφ♦☆un’.

 　　使用(yòng)命令行(xíng)自(zì)帶₹πλ₹的(de)reg命令也(yě)行(xíng)， 前提是(shì)系÷↑≈統殺毒軟件(jiàn)不(bù)出提示:

    Nφ☆↕ext, we need to alter the system to al÷$low remote connections through  ®↔the firewall to our netcat backdoor. We open ←λπup an interactive command prompt and use£  the ‘netsh’ command tΩ¶↔o make the changes as it is​® far less error prone than aσ©÷ltering the registry directly. Plus,$♠÷• the process shown should w αork across more versions of W↕σ↔indows, as registry locations and functions ar♥↔€÷e highly version and patch level££₽  dependent.

    We open up↓φ port 445 in the firewall and double-check ¶φthat it was set properly.

    So with that bein ••g completed, we will reboot the remo>®te system and test out the netcat ←‍shell.

    Wonderful! In a real wε&orld situation, we would not b♠∑e using such a simple backd"σ®>oor as this, with no authenticat≥↔φ¥ion or encryption, however the≠§ principles of this process remai↔€​>n the same for other chang®Ω•es to the system, and other sorts of progr§♥α∞ams one might want to execut​®¥e on start up.

　　.使用(yòng)sc創建自(zì)定義服務，留下 σ∑ε(xià)後門(mén)， 但(dàn)是(shì)有(yǒu)個(gè)問(wèn)題是(sh¶↓ì)360還(hái)是(shì)會(huì)提示， 防止注冊表被寫入