Backdoorme - a powerful auto backdooring utilities.

Backdoorme – a powerful auto backdooring utilities.

The author does not hold any responsibility about the bad use of this script, remmember that attacking targets without prior concent its ilegal and punish by law, this script was build to show how resource files can automate tasks.

Changelog backdoorme 8/12/2016:
+ backdoors; python 3.5 for travis, fixed mixed tabs/spaces.
+, requirements.txt,, modules; python3 support, howto install using virtualenv.
+ compatible with python 2.7
+ python3 support, howto install using virtualenv.

Backdoorme is a powerful utility capable of backdooring Unix machines with a slew of backdoors. Backdoorme uses a familiar metasploit interface with tremendous extensibility.
Backdoorme relies on having an existing SSH connection or credentials to the victim, through which it will transfer and deploy any backdoors. In the future, this reliance will be removed as the tool is expanded.


Backdoors are organized by category:
+ Auxiliary
*** keylogger – Adds a keylogger to the system and gives the option to email results back to you.
*** simplehttp – installs python’s SimpleHTTP server on the client.
+ user – adds a new user to the target.
*** web – installs an Apache Server on the client.
+ Escalation
*** setuid – the SetUID backdoor works by setting the setuid bit on a binary while the user has root acccess, so that when that binary is later run by a user without root access, the binary is executed with root access. By default, this backdoor flips the setuid bit on nano, so that if root access is ever lost, the attacker can SSH back in as an unpriviledged user and still be able to run nano (or any chosen binary) as root. (‘nano /etc/shadow’). Note that root access is initially required to deploy this escalation backdoor.
*** shell – the shell backdoor is a priviledge escalation backdoor, similar to (but more specific than) it’s SetUID escalation brother. It duplicates the bash shell to a hidden binary, and sets the SUID bit. Note that root access is initially required to deploy this escalation backdoor. To use, while SSHed in as an unpriviledged user, simply run “.bash -p”, and you will have root access.
+ Shell
*** bash – uses a simple bash script to connect to a specific ip and port combination and pipe the output into bash.
*** bash2 – a slightly different (and more reliable) version of the above bash backdoor which does not prompt for the password on the client-side.
*** metasploit – employs msfvenom to create a reverse_tcp binary on the target, then runs the binary to connect to a meterpreter shell.
*** netcat – uses netcat to pipe standard input and output to /bin/sh, giving the user an interactive shell.
*** netcat_traditional – utilizes netcat-traditional’s -e option to create a reverse shell.
*** perl – a script written in perl which redirects output to bash, and renames the process to look less conspicuous.
*** php – runs a php backdoor which sends output to bash. It does not automatically install a web server, but instead uses the web module
*** pupy – uses n1nj4sec’s Pupy backdoor, found at
*** python – uses a short python script to perform commands and send output back to the user.
*** web – ships a web server to the target, then uploads msfvenom’s php reverse_tcp backdoor and connects to the host. Although this is also a php backdoor, it is not the same backdoor as the above php backdoor.
+ Access
*** remove_ssh – removes the ssh server on the client. Often good to use at the end of a backdoorme session to remove all traces.
*** ssh_key – creates RSA key and copies to target for a passwordless ssh connection.
*** ssh_port – Adds a new port for ssh.
+ Windows
*** windows – Uses msfvenom to create a windows backdoor.

Modules include:
* Poison
+-+ Performs bin poisoning on the target computer – it compiles an executable to call a system utility and an existing backdoor.
+-+ For example, if the bin poisoning module is triggered with “ls”, it would would compile and move a binary called “ls” that would run both an existing backdoor and the original “ls”, thereby tripping a user to run an existing backdoor more frequently.
* Cron
+-+ Adds an existing backdoor to the root user’s crontab to run with a given frequency.
* Web
+-+ Sets up a web server and places a web page which triggers the backdoor.
+-+ Simply visit the site with your listener open and the backdoor will begin.
* User
+-+ Adds a new user to the target.
* Startup
+-+ Allows for backdoors to be spawned with the bashrc and init files.
* Whitelist
+-+ Whitelists an IP so that only that IP can connect to the backdoor.

+ All Linux Support
+ Metasploit Framework

Usage and Download from source:

Source: | Our Post Before