Fake Backdoor System v1.1 - Binds to a port and waits for a connection. When attacker runs a command known to the backdoor, it will print a cloned response back to trick the user, and then disconnect the user from the host. Will save to a log file of choice (default is fbdlog.txt) which includes the Hostname and Command used by the attacker.
7b61d02047c4b39bf0a429d947a78f7d#!/usr/bin/perl
#fbd.pl -> Fake Backdoor v1.1
#Features:
#Can 'clone' commands such as: id, uname -a, ls, pwd, /etc/shadow.
#Prints attack host, and command which was used back to a log file.
#Updates:
#Next version will include more cloned commands.
#May have a fake password system, to make backdoor seem
#more realistic.
#coded by: butternuts -> butternuts@hushmail.com
#date: 7/7/2002
use IO::Socket;
use Net::hostent;
$id = `id`; #Enables real print back when cloned command ran.
$uname = `uname -a`; #Enables real print back when cloned command ran.
$port = "1337"; #Can change to reflect any port
$log = "fbdlog.txt"; #Can change to reflect any logfile.
#If you wanna keep the log file everytime the fake
#backdoor client is started, take out this command.
`rm -rf $log`;
#Rest needs no change.
$socket = IO::Socket::INET->new(
Listen => 10,
LocalPort => $port,
Proto => 'tcp',
Reuse => 1);
die "Cant bind fake backdoor to $port\n" unless $socket;
while ($attacker = $socket->accept()) {
open LOGFILE, ">>$log" or die "Cant open $log: $!\n";
$attackinfo = gethostbyaddr($attacker->peeraddr);
print $attacker "bash# ";
my $in = <$attacker>;
if ($in =~ /id/) {
print $attacker "$id\n";
} elsif ($in =~ /uname -a/) {
print $attacker "$uname\n";
} elsif ($in =~ /\/etc\/shadow/) {
#fake password file, decrypted root password is "dumbass"
print "root:\$1\$WH9Qpjow\$UF\.lGOcf2TazdKFotoanq1:11785:0:99999:7:::\n";
print "bin:*:11785:0:99999:7:::\n";
print "daemon:*:11785:0:99999:7:::\n";
print "adm:*:11785:0:99999:7:::\n";
print "sync:*:11785:0:99999:7:::\n";
print "shutdown:*:11785:0:99999:7:::\n";
print "halt:*:11785:0:99999:7:::\n";
print "mail:*:11785:0:99999:7:::\n";
print "news:*:11785:0:99999:7:::\n";
print "uucp:*:11785:0:99999:7:::\n";
print "operator:*:11785:0:99999:7:::\n";
print "ftp:*:11785:0:99999:7:::\n";
print "nobody:*:11785:0:99999:7:::\n";
print "nscd:!!:11785:0:99999:7:::\n";
print "mailnull:!!:11785:0:99999:7:::\n";
print "xfs:!!:11785:0:99999:7:::\n";
} elsif ($in =~ /ls/) {
print $attacker "bd\n";
print $attacker "bdoor.conf\n";
print $attacker "bdoor.pid\n";
print $attacker "hide\n";
print $attacker "README\n";
} elsif ($in =~ /pwd/) {
print $attacker "/home/fred/.bd\n";
}
close $attacker;
printf LOGFILE "Attacker Hostname: %s\nCommand ran: %s", $attackinfo->name || $attacker->peerhost, $in;
close LOGFILE;
}
#EOF
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!