Author Topic: EvilBackdoor  (Read 3451 times)

0 Members and 7 Guests are viewing this topic.

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
EvilBackdoor
« on: February 16, 2012, 05:34:22 pm »

O hello,


I am writing a reverse backdoor shell, communication will be c++[hacker]<- -> PHP and/or Python as victim,  so targeting web-servers.


And i am asking you people, got any idea's on features that will just be mind blowing?,  feel free to apply if you like to write python/php modules.


Key features for first release
*Some modules for exploitation, (mysql shell, command line shell etc.)
*Control Application (First for linux,  maybe windows app)
*Reverse Python/PHP Shells
*Python IRC support (possible, may leave it because this type of C&C is oudated)
*Dynamic loading of modules(remote)


Planned features:
*Automatic file infector,  (wordpress, joombla  etc.)
*Remote update
*Encrypted shells, decrypt upon execute
*Encrypted client-server communication
*Handling of multiple hosts by the control application
« Last Edit: March 01, 2012, 10:52:15 pm by Factionwars »
~Factionwars

Offline FuyuKitsune

  • Knight
  • **
  • Posts: 292
  • Cookies: 21
    • View Profile
Re: EvilReverseBackdoorShell
« Reply #1 on: February 16, 2012, 06:40:16 pm »
I REALLY want to say "distributed Bitcoin mining" but any server admin would notice spikes in CPU/GPU usage :P

Offline ca0s

  • VIP
  • Sir
  • *
  • Posts: 432
  • Cookies: 53
    • View Profile
    • ka0labs #
Re: EvilReverseBackdoorShell
« Reply #2 on: February 17, 2012, 09:04:13 am »
Once I though about injectig the connection in the process that launchs us (being us the backdoor) so it goes out from port 80. You need to be able to inject code and take over file descriptors (the socket). Over linux, I can take descriptors, but I don't know how to inject. Over windows, I can inject, but I cannot take descriptors. So I got kinda stuck with it :P

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: EvilReverseBackdoorShell
« Reply #3 on: February 17, 2012, 09:30:16 am »
Hehe:P,  i am building the sockapp on linux, so i know what you mean,   is there a huge difference in code for sockprogramming in windows?
~Factionwars

Offline ca0s

  • VIP
  • Sir
  • *
  • Posts: 432
  • Cookies: 53
    • View Profile
    • ka0labs #
Re: EvilReverseBackdoorShell
« Reply #4 on: February 17, 2012, 01:20:27 pm »
In windows, I couldn't take over a socket descriptor in order to send and receive from it. No dup or dup2.
Before you start receiving and sending you have to call WSAStartup. Before exiting, WSACleanup. It has also some more functions, but I have always used the UNIX style ones.

Offline 10n1z3d

  • Serf
  • *
  • Posts: 42
  • Cookies: 8
    • View Profile
Re: EvilReverseBackdoorShell
« Reply #5 on: February 19, 2012, 09:34:10 am »
And i am asking you people, got any idea's on features that will just be mind blowing?,  feel free to apply if you like to write python/php modules.

Encrypted client-server communication.
Code: [Select]
python -c "print ''.join(chr(x) for x in [int(oct(39)) + 2, 24 * 2, 313 % 203, 0x31, (2 ** 7) - 6, int('051'), (3 << 6) - 92])"

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: EvilReverseBackdoorShell
« Reply #6 on: February 26, 2012, 12:01:22 pm »
Some updates,  i am on 300 lines of c++ code right now :D,  authentication is done, and i have build a whole buffer system to emulate a console.
~Factionwars

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: EvilReverseBackdoorShell
« Reply #7 on: February 26, 2012, 01:35:23 pm »
Will I be able to get a beta version? :D

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: EvilReverseBackdoorShell
« Reply #8 on: February 26, 2012, 01:51:52 pm »
No,   but you will receive a alpha version:P,   i am thinking about completing an alpha this week,  and VIP only.
~Factionwars

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: EvilReverseBackdoorShell
« Reply #9 on: February 26, 2012, 02:17:20 pm »
*updated first post
~Factionwars

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: EvilReverseBackdoorShell
« Reply #10 on: March 01, 2012, 10:51:49 pm »
The first screenshots of the server application :D




The irc module is pure build for testing purposes, but it will be included in the first release.

Hope you guys got excited as much as i am :)
« Last Edit: March 01, 2012, 10:54:18 pm by Factionwars »
~Factionwars

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: EvilBackdoor
« Reply #11 on: March 02, 2012, 12:04:48 pm »
Better show the client. Server looks OK, but I hope it won't have a GUI in the final release :D
What good would be a backdoor that has a GUI for a server.

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: EvilBackdoor
« Reply #12 on: March 02, 2012, 02:24:13 pm »
Better show the client. Server looks OK, but I hope it won't have a GUI in the final release :D
What good would be a backdoor that has a GUI for a server.
There is no such thing as a client to show, the server is the interaction panel for connection with the shells :),  reverse remember?
~Factionwars

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: EvilBackdoor
« Reply #13 on: March 04, 2012, 12:43:02 am »
Will it be open sauwrs?
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: EvilBackdoor
« Reply #14 on: March 04, 2012, 12:55:20 am »
Will it be open sauwrs?
The python and php, yes ofcourse :P.  Not so sure about the c++ code.
~Factionwars