//kalinux.info
Maintaining Access 227 просмотров

Cymothoa

Описание пакета Cymothoa

Cymothoa - это скрытый backdooring инструмент, который вводит шелл-код backdoor в существующий процесс. Инструмент использует библиотеку ptrace (доступную почти для всех *nix), чтобы манипулировать процессами и заражать их.

Инструменты, включенные в пакет cymothoa

bgrep - двоичный grep

root@kali:~# bgrep
bgrep version: 0.2
usage: bgrep  [ [...]]

cymothoa - инструмент Stealth backdooring

root@kali:~# cymothoa -h
                              _
                          _  | |
  ____ _   _ ____   ___ _| |_| |__   ___  _____
 / ___) | | |    \ / _ (_   _)  _ \ / _ \(____ |
( (___| |_| | | | | |_| || |_| | | | |_| / ___ |
 \____)\__  |_|_|_|\___/  \__)_| |_|\___/\_____|
      (____/
Ver.1 (beta) - Runtime shellcode injection, for stealthy backdoors...

By codwizard (codwizard@gmail.com) and crossbower (crossbower@gmail.com)
from ES-Malaria by ElectronicSouls (http://www.0x4553.org).

Usage:
    cymothoa -p  -s  [options]

Main options:
    -p  process pid
    -s  shellcode number
    -l  memory region name for shellcode injection (default /lib/ld)
        search for "r-xp" permissions, see /proc/pid/maps...
    -m  memory region name for persistent memory (default /lib/ld)
        search for "rw-p" permissions, see /proc/pid/maps...
    -h  print this help screen
    -S  list available shellcodes

Injection options (overwrite payload flags):
    -f  fork parent process
    -F  don't fork parent process
    -b  create payload thread (probably you need also -F)
    -B  don't create payload thread
    -w  pass persistent memory address
    -W  don't pass persistent memory address
    -a  use alarm scheduler
    -A  don't use alarm scheduler
    -t  use setitimer scheduler
    -T  don't use setitimer scheduler

Payload arguments:
    -j  set timer (seconds)
    -k  set timer (microseconds)
    -x  set the IP
    -y  set the port number
    -r  set the port number 2
    -z  set the username (4 bytes)
    -o  set the password (8 bytes)
    -c  set the script code (ex: "#!/bin/sh\nls; exit 0")
        escape codes will not be interpreted...

udp_server - UDP-сервер для Cymothoa

root@kali:~# udp_server
usage: udp_server port

Пример использования cymothoa

root@kali:~# coming soon