Introduction to the Basic Approach of Maintaining Access

 

1. Course Overview

 

1.1 Course Description

 

This course consists entirely of hands-on experiments. To clarify some of the experimental operations, theoretical content will be added. For the theoretical parts, articles already meticulously written by experts will be featured. During the hands-on practices, you will also be recommended the most insightful articles to solidify your theoretical foundation.

The course primarily focuses on maintaining access to target hosts using backdoors on Kali Linux.

This training camp is mainly about practical backdoor techniques, emphasizing post-exploitation persistence. It includes 10 experiments, each providing detailed steps and screenshots. Among them, three specific experiments will explain the creation of trojans and provide source code analysis of the generated backdoor trojans. It is suitable for learners with a basic understanding of Linux systems who want to quickly get started with Kali penetration testing, are interested in creating trojans, and aim to establish persistence after a successful penetration test.

Note: Due to the high cost of configuring cloud hosts for the experiments, usage is limited to no more than six attempts per experiment.

2. Introduction to Kali Linux

 

2.1 What is Kali Linux?

 

Kali Linux is a Debian-based Linux operating system designed for penetration testing and security auditing. It was introduced in March 2013 as the successor to BackTrack, a system with similar functionality, and continues to be developed by the Offensive Security team. Its functionalities are tailored for security auditing and penetration testing, with special configurations made to the kernel, network services, and user environment.

Compared to Debian, Kali Linux is oriented toward professional penetration testing and security auditing; significant core modifications have been applied. For instance, it is designed to run as a single-user system under root privileges. Due to the inherent nature of security auditing, Kali Linux employs a “single-user, root privilege” design.

Kali Linux comes pre-installed with numerous security tools, such as the renowned Nmap port scanner, John the Ripper password cracker, and the Metasploit Framework for remote exploitation. During this training camp, we will primarily use some of Kali Linux’s pre-installed tools to conduct penetration tests on target hosts, infect them with trojan backdoors, and achieve persistent access.

3. Recommended Reading for This Section

 

3.1 Recommended Reading for This Section

 

The following resources are recommended reading for this experiment:

Getting Started with Kali: http://docs.kali.org/category/introduction

The “Getting Started with Kali” article is recommended for those unfamiliar with the basic operations of Kali.

Metasploitable2 User Guide: https://community.rapid7.com/docs/DOC-1875

This article provides an excellent beginner’s guide to using Metasploitable2.

4. Introduction to Metasploit

 

4.1 What is Metasploit?

 

Metasploit is a free, downloadable framework that makes it simple to obtain, develop, and exploit vulnerabilities in computer software. It provides a modular structure that supports combining any exploit with a payload, making it extremely versatile. It comes equipped with hundreds of exploit tools for known software vulnerabilities.

Users can create different combinations of exploits and payloads based on limited vulnerability data. The framework is expandable through modules, allowing users to focus on writing specific functionalities.

To choose an exploit and payload, users need system information such as the OS version and installed network services. Tools like Nmap can collect these details, and vulnerability scanners like Nexpose or Nessus can identify weaknesses in the target system.