Testing the Backdoor

In order to confirm that our backdoor is functioning as intended, we will proceed with a test by hosting the backdoor on our web server and subsequently downloading it onto the targeted Windows machine. It is important to note that this methodology is solely intended for testing purposes.

Since we know that the Kali machine can function as a website, we will make our backdoor available online and download it from the target computer. We’ll save this download in a directory named “evil-files,” as demonstrated in the accompanying screenshot.

testing-the-backdoor

After successfully creating a backdoor using Veil-Evasion, the next step is to copy the output file located in “var/lib/veil-evasion/output/compiled/” and paste it into the “evil-files” directory. Once completed, the file can be downloaded from Kali for further use. It is important to note that this process should be done without copying someone else’s work to ensure originality.

To initiate the web server or website, please input the provided command in the terminal.

testing-the-backdoor2

In the aforementioned command, “service” is the designated command while “apache2” denotes the specific web server in use. We may proceed with executing this command by pressing the “Enter” key.

Next, we’ll switch to the Windows machine and access our Kali machine’s IP address, which is 10.0.2.15. This should display the simple index.html file that we previously created and indicate that our web server is functioning correctly, as illustrated in the subsequent instructions.

testing-the-backdoor3

To access the directory containing the backdoor, we must navigate to 10.0.2.15/evil-files and subsequently press “Enter.” Once we have reached this location, we may proceed with the download and execution of the backdoor, as depicted in the accompanying screenshot.

testing-the-backdoor4

Upon successfully executing the backdoor on the targeted Windows machine, our Kali machine will display a notification indicating that a connection has been established from the respective target computer, as illustrated in the accompanying screenshot.

testing-the-backdoor5

At this point, we possess unrestricted access to the Windows machine. As evidenced by the preceding screenshot, we have established a Meterpreter session, which grants us the same level of control and access as the legitimate user of said machine.

We can verify if the backdoor is functioning correctly by using the “sysinfo” command. Upon running this command, we’ll observe that we have gained access to the MSEDGEWIN10 machine, which is running Windows 10 (Build 17134), utilizes x64 architecture, and the en_US language, with Meterpreter x86 for Windows, as depicted in the accompanying screenshot.

testing-the-backdoor6

By successfully infiltrating the target computer through the established backdoor, we have effectively carried out a form of computer hacking.

If you wish to acquire additional knowledge and insights on the subject of Ethical Hacking, including the topic of Testing Backdoors, we encourage you to visit our platform @ tutorials.freshersnow.com on a daily basis to stay informed and up-to-date.