Firstly, what is the highest privilege level on a windows box?
It is SYSTEM, The applications run at User Mode, Kernel Mode. When a user invokes an application it runs in User Mode, the application system calls are resolved into native function calls and are executed in Kernel Mode based upon credentials, privileges associated with the User. If user doesn’t have sufficient privileges, some of the native function calls are denied and hence application crashes or halts.
An Attacker always wants be on top and wants to execute at Highest privilege level. So How does a hacker wants to execute an App as SYSTEM?
Execute Regedit using AT Comand
This is how an attacker creates a backdoor using Netcat.
Attacker runs the netcat.bat, which creates a netcat relay using at command so that the victim listening on a port specified by attacker so that attacker can connect using Netcat and hence establish a communication channel.