Today I am writing an article to present a proof of concept that I made last week.
The goal of the Proof of Concept was to write a Shell type of backdoor that would communicate with the attacker by GSM message (SMS).
I'll skip steps related to code it is available in two YouTube videos ( with a awesome sound of Mr Robot ) :
One : https://www.youtube.com/watch?v=Cv-SA9nZjiQ
Two : https://www.youtube.com/watch?v=g3FS64_wW6U
I decided to cut the malware in stages, in the first part the malware update a cron task with a simple ping for call and run process.
if a malware as already start the process close, else malware get random ip from fresh proxy list over internet and start one login.
if is a first login, he send a text message with some server informations.
Then the malware enter on part 2, and make two file (Honeypot), if one file as been updated he is removed
Now the malware listen SMS gate.
For moment i'have create only two command, one is only for execute system cmd, second is for send a content of file by the SMS gate.
sample with the first command (System LS)
For the second command , he wait one filename for get content
Next he send file content on website (Like pastebin.com) and we get paste id.
Now he send website name and the paste id by the SMS gate.
Aucun commentaire:
Enregistrer un commentaire