https://github.com/gregl83/comandare

TCP Command Line Execution
https://github.com/gregl83/comandare

backdoor rust security tcp

Last synced: about 1 year ago
JSON representation

TCP Command Line Execution

• Host: GitHub
• URL: https://github.com/gregl83/comandare
• Owner: gregl83
• License: mit
• Created: 2020-12-02T23:21:50.000Z (over 5 years ago)
• Default Branch: main
• Last Pushed: 2021-02-19T16:57:49.000Z (over 5 years ago)
• Last Synced: 2025-04-09T21:55:03.667Z (about 1 year ago)
• Topics: backdoor, rust, security, tcp
• Language: Rust
• Homepage:
• Size: 39.1 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 6
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# comandare

TCP Command Line Execution.

## Problem Statement

Network ports enable computers to interact around the world but unintentional open ports wreak havoc on system security.

## Intent

Demonstrate how a program can open a port enabling remote access; otherwise, known as a backdoor.

## Goal

Reinforce security intuition with network port management.

## Installation

1. [Install Rust and Cargo](https://doc.rust-lang.org/cargo/getting-started/installation.html)

2. Git clone this repository

3. From cloned repository, run:

   `cargo install --path=.`

4. That's it, `comandare` should now be installed on your system!

## Usage

Run `comandare` to see command execution format.

Supported modes:

- Client (uses command argument)

- Server (doesn't use command argument)

## Model

Comandare uses a server target model which is largely mitigated by any standard firewall. Incoming traffic in most configurations is rightfully blocked. Thus, binding a TCP Server to a specific port might work in a local network but be blocked from remote access over the internet or networks backed by one or more firewalls. A more effective approach, since TCP is a two-way communication protocol, is to initiate a client target model with event-driven connection attempts.

## Caution

This package is not intended on being deployed or used in an environment other than for educational testing; thus, sacrifices have been made to simply assemble a proof of concept. NOT to be used maliciously. 

The TCP Server does not implement any form of Auth leaving your network security as the sole guardian of your data.

Opening TCP Ports on a system *can* be bad, use at your own risk!

## Mitigation

Controlling network port access is paramount to preventing unauthorized remote access to a given machine. Regularily updating, in a timely manner, security patches is important to prevent software vulnerabilities from introducing attack vectors that can circumvent sensible security policies. Defining security policies and locking down network access beyond what's needed for interactions with trusted parties. Choose firewall and monitoring tools from reputable transparent sources. Every time risk is reduced, the likelihood of a successfull attack goes down.

## Detection

An academic background in computer networking is worth its weight in gold while evaluating potential network security threats. While this is true, there are a few tools that can be used to identify potential threats.

- [Wireshark](https://www.wireshark.org/) network analyzer provides comprehensive details on network activity.

- [netstat](https://en.wikipedia.org/wiki/Netstat) networking utility provides insight into port usage with minimal configuration.

Useful `netstat` command to get the ball rolling:

```bash

sudo netstat -tulnp

```

There are many other useful tools available, but between `Wireshark` and `netstat` one can easily evaluate network activity and identify suspicious actors.

## Final Words

Hopefully this package can increase intuition on backdoor implementations indirectly helping secure systems.

## License

[MIT](LICENSE)