backdoorme — Auto Backdooring Utility
https://www.ispeech.org/text.to.speech
Backdoorme is a powerful utility capable of backdooring Unix machines with a slew of backdoors. Backdoorme uses a familiar metasploit interface with tremendous extensibility.Backdoorme relies on having an existing SSH connection or credentials to the victim, through which it will transfer and deploy any backdoors. Please only use Backdoorme with explicit permission.
Backdoorme comes with a number of built-in backdoors, modules, and auxiliary modules. Backdoors are specific components to create and deploy a specific backdoor, such as a netcat backdoor or msfvenom backdoor. Modules can be applied to any backdoor, and are used to make backdoors more potent, stealthy, or more readily tripped. Auxiliaries are useful operations that could be performed to help persistence.
To start backdoorme, first ensure that you have the required dependencies.
$ python dependencies.pyLaunching backdoorme:
$ python master.py[adsense size='1']
Backdoors
Currently enabled backdoors include:
- Bash
- Uses a simple bash script to connect to a specific ip and port combination and pipe the output into bash.
- Bash2 (more reliable)
- A slightly different version of the above bash backdoor which does not prompt for the password on the client-side.
- Metasploit
- Employs msfvenom to create a reverse_tcp binary on the target, then runs the binary to connect to a meterpreter shell.
- Netcat
- Uses netcat to pipe standard input and output to /bin/sh, giving the user an interactive shell.
- Netcat-traditional
- Utilizes netcat-traditional’s -e option to create a reverse shell.
- Perl
- A script written in perl which redirects output to bash, and renames the process to look less conspicuous.
- Php (does not automatically install a web server, but use the web module!)
- Runs a php backdoor which sends output to bash.
- Pupy
- Uses n1nj4sec’s Pupy backdoor, found at https://github.com/n1nj4sec/pupy.
- Python
- Uses a short python script to perform commands and send output back to the user.
- SetUID
- The SetUID backdoor works by setting the setuid bit on a binary while the user has root acccess, so that when that binary is later run by a user without root access, the binary is executed with root access. By default, this backdoor flips the setuid bit on nano, so that if root access is ever lost, the attacker can SSH back in as an unpriviledged user and still be able to run nano (or any chosen binary) as root. (‘nano /etc/shadow’).
- SSH Key
- Creates RSA key and copies to target for a passwordless ssh connection
- Web (php – not the same backdoor as the above php backdoor)
- Ships a web server to the target, then uploads msfvenom’s php reverse_tcp backdoor and connects to the host.
[adsense size='2']
Modules
Every backdoor has the ability to have additional modules applied to it to make the backdoor more potent. To add a module, simply use the “add” keyword.
Currently enabled modules include:
- Poison
- Performs bin poisoning on the target computer – it compiles an executable to call a system utility and an existing backdoor.
- For example, if the bin poisoning module is triggered with “ls”, it would would compile and move a binary called “ls” that would run both an existing backdoor and the original “ls”, thereby tripping a user to run an existing backdoor more frequently.
- Cron
- Adds an existing backdoor to the root user’s crontab to run with a given frequency.
- Web
- Sets up a web server and places a web page which triggers the backdoor.
- Simply visit the site with your listener open and the backdoor will begin.
- Keylogger
- Ships a keylogger to the target and starts it.
- Given the option to email the results to you every hour.
- User
- Adds a new user to the target.
- Startup
- Allows for backdoors to be spawned with the bashrc and init files.
[adsense size='3']
Gloss