Linux backdoor script for CCDC. Tested on latest stock Debian, CentOS, and Fedora
you should run this as root. You will need to specify your local webservers IP/port. All other configuration changes are optional
this script:
- adds your key to to root's authorized_keys
- adds an ADDITIONAL authorized_keys file somehwere on the filesystem, and sets sshd_config AuthorizedKeysFile to that location.
- transfers an executable of your choice to to a location of your choice, and sets an hourly crontab to run the executable
- executable also runs whenever a user logs in or when a new user is created
- adds PHP webshell to the given directory. Will find the webroot as long as apache's config is in /etc/apache2
- sets setuid bit on the following binaries for easy root
- nano, vi, vim, emacs
- more, less
- mv, cp
- cat, echo, awk, find
- python, perl, ruby
- adds a new user and attempts to give it sudo access
- chmod 777 on /etc/shadow, /etc/passwd, /etc/group, /etc/sudoers, as well as the /root and /etc directories
- TODO: Add some methods of reinserting backdoors as they are discovered and removed by the blue team
- EVIL MODE: Corrupts some binaries, uninstalls some
- Have a cool way of fucking with a Linux box? I'd love to hear it
additional features
- chattr +i all of the things!
- timestomps everything it touches
- attempts curl, wget (TODO: ftp/scp) to transfer files