Cymothoa包装说明
Cymothoa是一个隐形backdooring工具,即借壳注入的shellcode的到现有的过程。该工具使用ptrace的库(适用于几乎所有的* nix中),操作流程和感染他们。
资料来源:http://cymothoa.sourceforge.net/
Cymothoa首页 | 卡利Cymothoa回购
- 作者:codwizard,crossbower
- 许可:GPL第二版
包含在cymothoa包工具
bgrep - 二进制的grep
[email protected]:~# bgrep
bgrep version: 0.2
usage: bgrep <hex> [<path> [...]]cymothoa - 隐形backdooring工具
[email protected]:~# cymothoa -h
_
_ | |
____ _ _ ____ ___ _| |_| |__ ___ _____
/ ___) | | | \ / _ (_ _) _ \ / _ \(____ |
( (___| |_| | | | | |_| || |_| | | | |_| / ___ |
\____)\__ |_|_|_|\___/ \__)_| |_|\___/\_____|
(____/
Ver.1 (beta) - Runtime shellcode injection, for stealthy backdoors...
By codwizard ([email protected]) and crossbower ([email protected])
from ES-Malaria by ElectronicSouls (http://www.0x4553.org).
Usage:
cymothoa -p <pid> -s <shellcode_number> [options]
Main options:
-p process pid
-s shellcode number
-l memory region name for shellcode injection (default /lib/ld)
search for "r-xp" permissions, see /proc/pid/maps...
-m memory region name for persistent memory (default /lib/ld)
search for "rw-p" permissions, see /proc/pid/maps...
-h print this help screen
-S list available shellcodes
Injection options (overwrite payload flags):
-f fork parent process
-F don't fork parent process
-b create payload thread (probably you need also -F)
-B don't create payload thread
-w pass persistent memory address
-W don't pass persistent memory address
-a use alarm scheduler
-A don't use alarm scheduler
-t use setitimer scheduler
-T don't use setitimer scheduler
Payload arguments:
-j set timer (seconds)
-k set timer (microseconds)
-x set the IP
-y set the port number
-r set the port number 2
-z set the username (4 bytes)
-o set the password (8 bytes)
-c set the script code (ex: "#!/bin/sh\nls; exit 0")
escape codes will not be interpreted...udp_server - UDP服务器Cymothoa
[email protected]:~# udp_server
usage: udp_server portcymothoa用法示例
[email protected]:~# coming soon