4. Maintain access and hide malicious activities

1. Maintain Access

After getting the admin privilege, change to startup folder.

cd C:\ProgramData\Start Menu\Programs\StartUp 

2. Hide malicious activities

1. Convert Files to Base64

Windows

powershell
[CONVERT]::ToBase64String([IO.File]::ReadAllBytes('pwn.jpg')) | Out-File -Filepath pwn.b64 # To convert file to Base 64
type pwn.b64

Linux

base64 -w 0 pwn.jpg > pwn.b64 # To convert file to Base 64
echo "base64data" | base64 -d > pwn.jpg

1. Covert channels using covert_TCP

Networks use network access control permissions to permit or deny the traffic flowing through them. Tunneling is used to bypass the access control rules of firewalls, IDS, IPS, and web proxies to allow certain traffic. Covert channels can be created by inserting data into the unused fields of protocol headers. There are many unused or misused fields in TCP or IP over which data can be sent to bypass firewalls. The Covert_TCP program manipulates the TCP/IP header of the data packets to send a file one byte at a time from any host to a destination. It can act like a server as well as a client and can be used to hide the data transmitted inside an IP header. This is useful when bypassing firewalls and sending data with legitimate-looking packets that contain no data for sniffers to analyze. A professional ethical hacker or pen tester must understand how to carry covert traffic inside the unused fields of TCP and IP headers.

Sending Machine

Download the tool on your sending machine

Now compile it.

2nd Machine

Compile the tool there as well. Now open the tcpdump listener.

Start the listener

Now , from the sending machine send the message.

We, will get the text file as well in the same folder.