backdoorme: powerful auto-backdooring utility,powerful auto-backdooring utility

backdoorme

Tools like metasploit are great for exploiting computers, but what happens after you’ve gained access to a computer? Backdoorme answers that question by unleashing a slew of backdoors to establish persistence over long periods of time.

Once an SSH connection has been established with the target, Backdoorme’s strengths can come to fruition. Unfortunately, Backdoorme is not a tool to gain root access – only keep that access once it has been gained.

Please only use Backdoorme with explicit permission – please don’t hack without asking.

Setup

To start backdoorme, first ensure that you have the required dependencies.

For Python 3.5+:

$ sudo apt-get install python3 python3-pip python3-tk nmap
$ cd backdoorme/
$ virtualenv –python=python3.5 env
$ source env/bin/activate
(env) $ pip install -r requirements.txt

For Python 2.7:

$ sudo python dependencies.py

Usage

As in metasploit, backdoors are organized by category.

Auxiliary

keylogger – Adds a keylogger to the system and gives the option to email results back to you.

simplehttp – installs python’s SimpleHTTP server on the client.

user – adds a new user to the target.

web – installs an Apache Server on the client.

Escalation

setuid – the SetUID backdoor works by setting the setuid bit on a binary while the user has root acccess, so that when that binary is later run by a user without root access, the binary is executed with root access. By default, this backdoor flips the setuid bit on nano, so that if root access is ever lost, the attacker can SSH back in as an unpriviledged user and still be able to run nano (or any chosen binary) as root. (‘nano /etc/shadow’). Note that root access is initially required to deploy this escalation backdoor.

shell – the shell backdoor is a priviledge escalation backdoor, similar to (but more specific than) it’s SetUID escalation brother. It duplicates the bash shell to a hidden binary, and sets the SUID bit. Note that root access is initially required to deploy this escalation backdoor. To use, while SSHed in as an unpriviledged user, simply run “.bash -p”, and you will have root access.

Shell

bash – uses a simple bash script to connect to a specific ip and port combination and pipe the output into bash.

bash2 – a slightly different (and more reliable) version of the above bash backdoor which does not prompt for the password on the client-side.

sh – Similar to the first bash backdoor, but redirects input to /bin/sh.

sh2 – Similar to the second bash backdoor, but redirects input to /bin/sh.

metasploit – employs msfvenom to create a reverse_tcp binary on the target, then runs the binary to connect to a meterpreter shell.

java – creates a socket connection using libraries from Java and compiles the backdoor on the target.

ruby – uses ruby’s libraries to create a connection, then redirects to /bin/bash.

netcat – uses netcat to pipe standard input and output to /bin/sh, giving the user an interactive shell.

netcat_traditional – utilizes netcat-traditional’s -e option to create a reverse shell.

perl – a script written in perl which redirects output to bash, and renames the process to look less conspicuous.

php – runs a php backdoor which sends output to bash. It does not automatically install a web server, but instead uses the web module

python – uses a short python script to perform commands and send output back to the user.

web – ships a web server to the target, then uploads msfvenom’s php reverse_tcp backdoor and connects to the host. Although this is also a php backdoor, it is not the same backdoor as the above php backdoor.

Access

remove_ssh – removes the ssh server on the client. Often good to use at the end of a backdoorme session to remove all traces.

ssh_key – creates RSA key and copies to target for a passwordless ssh connection.

ssh_port – Adds a new port for ssh.

Windows

windows – Uses msfvenom to create a windows backdoor.

DEMO

More info, please visit: http://ift.tt/1NTQkNf

The post backdoorme: powerful auto-backdooring utility appeared first on Penetration Testing in Linux. http://ift.tt/2pJQeqM http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s