EvilZone
Programming and Scripting => Projects and Discussion => : Stackprotector February 16, 2012, 05:34:22 PM
-
O hello,
I am writing a reverse backdoor shell, communication will be c++[hacker]<- -> PHP and/or Python as victim, so targeting web-servers.
And i am asking you people, got any idea's on features that will just be mind blowing?, feel free to apply if you like to write python/php modules.
Key features for first release
*Some modules for exploitation, (mysql shell, command line shell etc.)
*Control Application (First for linux, maybe windows app)
*Reverse Python/PHP Shells
*Python IRC support (possible, may leave it because this type of C&C is oudated)
*Dynamic loading of modules(remote)
Planned features:
*Automatic file infector, (wordpress, joombla etc.)
*Remote update
*Encrypted shells, decrypt upon execute
*Encrypted client-server communication
*Handling of multiple hosts by the control application
-
I REALLY want to say "distributed Bitcoin mining" but any server admin would notice spikes in CPU/GPU usage :P
-
Once I though about injectig the connection in the process that launchs us (being us the backdoor) so it goes out from port 80. You need to be able to inject code and take over file descriptors (the socket). Over linux, I can take descriptors, but I don't know how to inject. Over windows, I can inject, but I cannot take descriptors. So I got kinda stuck with it :P
-
Hehe:P, i am building the sockapp on linux, so i know what you mean, is there a huge difference in code for sockprogramming in windows?
-
In windows, I couldn't take over a socket descriptor in order to send and receive from it. No dup or dup2.
Before you start receiving and sending you have to call WSAStartup. Before exiting, WSACleanup. It has also some more functions, but I have always used the UNIX style ones.
-
And i am asking you people, got any idea's on features that will just be mind blowing?, feel free to apply if you like to write python/php modules.
Encrypted client-server communication.
-
Some updates, i am on 300 lines of c++ code right now :D, authentication is done, and i have build a whole buffer system to emulate a console.
-
Will I be able to get a beta version? :D
-
No, but you will receive a alpha version:P, i am thinking about completing an alpha this week, and VIP only.
-
*updated first post
-
The first screenshots of the server application :D
(http://i42.tinypic.com/19wlkj.png)
(http://i39.tinypic.com/25sl5z9.png)
The irc module is pure build for testing purposes, but it will be included in the first release.
Hope you guys got excited as much as i am :)
-
Better show the client. Server looks OK, but I hope it won't have a GUI in the final release :D
What good would be a backdoor that has a GUI for a server.
-
Better show the client. Server looks OK, but I hope it won't have a GUI in the final release :D
What good would be a backdoor that has a GUI for a server.
There is no such thing as a client to show, the server is the interaction panel for connection with the shells :), reverse remember?
-
Will it be open sauwrs?
-
Will it be open sauwrs?
The python and php, yes ofcourse :P. Not so sure about the c++ code.
-
if C++ code won't be released when other stuff will be open then it's gonna be like half-open project. Won't look nice :(
-
I like the red-text version. Looks pretty good, it would tickle me pink if you'd 'open saurce' the whole thing.
-
I like the red-text version. Looks pretty good, it would tickle me pink if you'd 'open saurce' the whole thing.
Man this is great! Can't wait to try the beta version (I'll probably get the Beta since I'm not VIP! :-\ )
It's just an idea, but why don't we get a cloud so that everyone can participate in developing it?
The cloud could be private so only invited members can join...
-
That would be cool:)
-
well, we need a version control system such as Subversion, downloadable here (http://subversion.apache.org/packages.html).
Also some tutorials for those who are new to cloud-based programming:
http://www.clear.rice.edu/comp314/svn.html
http://aymanh.com/subversion-a-quick-tutorial
It's very basic, we have a cloud online, it has the source code in it, and every developer can access and modify that source code if permitted. There are just a bunch of commands for each task such as adding files, updating the repository (the central place which holds the source files), and time travel! (there will be a new revision everytime each developer updates the repository, and we can change back to previous versions if the new one has some nasty bugs!)
I can get the cloud if you want, or you can do it yourself Here, (http://www.assembla.com) Here (http://sourceforge.net) or Here (http://codesion.com/).
-
well, we need a version control system such as Subversion, downloadable here (http://subversion.apache.org/packages.html).
Also some tutorials for those who are new to cloud-based programming:
http://www.clear.rice.edu/comp314/svn.html
http://aymanh.com/subversion-a-quick-tutorial
It's very basic, we have a cloud online, it has the source code in it, and every developer can access and modify that source code if permitted. There are just a bunch of commands for each task such as adding files, updating the repository (the central place which holds the source files), and time travel! (there will be a new revision everytime each developer updates the repository, and we can change back to previous versions if the new one has some nasty bugs!)
I can get the cloud if you want, or you can do it yourself Here, (http://www.assembla.com) Here (http://sourceforge.net) or Here (http://codesion.com/).
That is not called cloud-based programming :), if you call that cloud even this website could be a cloud.
-
show us the source code pastebin?
-
That is not called cloud-based programming :) , if you call that cloud even this website could be a cloud.
hmmm... yeah it could be! :)
im not sure about the term being used, but I meant developing on a cloud (yeah cloud-based programming is kinda wrong to be used). But yeah anyway that was the idea...