SlideShare a Scribd company logo

50 ton of Backdoors

Ulisses Castro
Ulisses Castro

Through practical demonstrations, techniques to deploy backdoors on Linux systems only with native tools and software, teaching through offensive techniques to defend and detect potential threats on servers and desktops. This presentation puts in a state of alert users, system administrators and security analysts about the dangers of leaving even for a few minutes systems without supervision.

Technology
1 of 19
Download to read offline
50 ton of backdoors Ulisses Castro - Co0L BSidesSP v10 Novembro/2014
about me Ulisses Castro https://twitter.com/usscastro http://ulissescastro.com https://www.youtube.com/user/usscastro ● Black magic security specialist ● Subversive thinker as “lifestyle” ● Hardening systems/apps as “jobstyle” ● Problem solver and pentester addictive ● +10 years pro experience ● Bla, bla, bla… http://br.linkedin.com/in/ulissescastro/
A ton is a unit of mass, volume, energy or power. http://en.wikipedia.org/wiki/Ton_(disambiguation)
motivation Pranks? Intrusion detection? Hardening? (Un)ethical hacking? Exploitation? Reputation? Incident response? Because we can? http://www.passionsmiths.com/admin/images/motivation.jpg MOTIVATION Some people need more than others...
disclaimer PLEASE, don’t blame me! YES, next proof of concepts will be with ROOT user. BUT, stick to the point and remember motivations! Upcoming slides will show you how dangerous “native” Linux tools are and how we can own someone in a blink of an eye!
“...Like many other Version Control Systems, Git has a way to fire off custom scripts when certain important actions occur. There are two groups of these hooks: client-side and server-side. Client-side hooks are triggered by operations such as committing and merging, while server-side hooks run on network operations such as receiving pushed commits. You can use these hooks for all sorts of reasons…” DEMO GIT HOOKS https://www.youtube.com/watch?v=rCVmWUf8x1E http://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks
“...If set, the value is executed as a command prior to issuing each primary prompt.…” DEMO PROMPT_COMMAND https://www.youtube.com/watch?v=lM10kYBoKtg
“...It is possible to include other sudoers files from within the sudoers file currently being parsed using the #include and #includedir directives..…” Pound sign (#) as include character? Really? DEMO SUDOERS https://www.youtube.com/watch?v=tkwEn7q0Cc0
“...If the first-matched access control rule contains a shell command, that command is subjected to %<letter> substitutions (expansions). The result is executed by a /bin/sh child process with standard input, output and error connected to /dev/null. Specify an `&´ at the end of the command if you do not want to wait until it has completed…” DEMO TCP WRAPPERS https://www.youtube.com/watch?v=mOOZwodcm40 https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Reference_Guide/s1-tcpwrappers-access.html http://www.exploit-db.com/exploits/35234/ - CVE 2014-5284
"...File and directory names may be relative or absolute. Absolute names are used directly. Relative paths are looked for in the scripts of each of the following places until found: --datadir $NMAPDIR. ~/.nmap (not searched on Windows). HOMEAppDataRoamingnmap (only on Windows). the directory containing the nmap executable the directory containing the nmap executable, followed by ../share/nmap NMAPDATADIR. the current directory..." DEMO NMAP https://www.youtube.com/watch?v=bPaCfKc4Ow4
ProxyCommand, Specifies the command to use to connect to the server... DEMO SSH https://www.youtube.com/watch?v=byoCWf8SEZc
"...The Unicode character set contains many strongly homoglyphic characters. These present security risks in a variety of situations..." (Wikipedia) DEMO UNICODE HOMOGLYPHS https://www.youtube.com/watch?v=Os0QKZgvE_I
"...List available WiFi access points. iface and bssid options can be used to get just APs for particular interface or specific AP, respectively...." DEMO NETWORK-MANAGER https://www.youtube.com/watch?v=I6kRJbxzcV4
deploy alternatives
“teensyduino” https://www.pjrc.com/teensy/ https://www.pjrc.com/teensy/td_keyboard.html Act like a HID! “The Teensy is a complete USB-based microcontroller development system, in a very small footprint (...)”
DEMO TEENSY
github project Linux Native Backdoors https://github.com/ulissescastro/linux-native-backdoors Check out … Backdoor demos Native Linux backdoors cmds This presentation Code snipets Fork it! ;-) http://2.bp.blogspot.com/-7QZ3mxD2Z3E/T484QFGOw8I/AAAAAAAABDY/8nf1Xso4UnQ/s1600/hiddendoorway.jpg
questions? http://blog.tendtudo.com.br/wp-content/uploads/2013/12/033. jpg QUESTIONS?
THANKS! @usscastro // uss.thebug [a] gmail.com

Recommended

Faster! Faster! Accelerate your business with blazing prototypes
Faster! Faster! Accelerate your business with blazing prototypesFaster! Faster! Accelerate your business with blazing prototypes
Faster! Faster! Accelerate your business with blazing prototypes
OSCON Byrum
 
Oow08slides
Oow08slidesOow08slides
Oow08slides
Jake Kuramoto
 
What do a leaky roof, a greasy spoon, a bear sighting, and a man with a torto...
What do a leaky roof, a greasy spoon, a bear sighting, and a man with a torto...What do a leaky roof, a greasy spoon, a bear sighting, and a man with a torto...
What do a leaky roof, a greasy spoon, a bear sighting, and a man with a torto...
Peter Bromberg
 
Who will test your tests?
Who will test your tests?Who will test your tests?
Who will test your tests?
Yahya Poonawala
 
ORM: Por que isso te interessa? (TDC2010)
ORM: Por que isso te interessa? (TDC2010)ORM: Por que isso te interessa? (TDC2010)
ORM: Por que isso te interessa? (TDC2010)
Antonio Zegunis
 
Creating Compelling Digital Stories
Creating Compelling Digital StoriesCreating Compelling Digital Stories
Creating Compelling Digital Stories
Alan Levine
 
Brian Tracy - High Performance Leadership 14.
Brian Tracy - High Performance Leadership 14.Brian Tracy - High Performance Leadership 14.
Brian Tracy - High Performance Leadership 14.
Önfejlesztő Műhely
 
Játékosítás lépésről lépésre
Játékosítás lépésről lépésreJátékosítás lépésről lépésre
Játékosítás lépésről lépésre
Zsombor Fekete
 

Recommended

Faster! Faster! Accelerate your business with blazing prototypes
Faster! Faster! Accelerate your business with blazing prototypesFaster! Faster! Accelerate your business with blazing prototypes
Faster! Faster! Accelerate your business with blazing prototypes
OSCON Byrum
 
Oow08slides
Oow08slidesOow08slides
Oow08slides
Jake Kuramoto
 
What do a leaky roof, a greasy spoon, a bear sighting, and a man with a torto...
What do a leaky roof, a greasy spoon, a bear sighting, and a man with a torto...What do a leaky roof, a greasy spoon, a bear sighting, and a man with a torto...
What do a leaky roof, a greasy spoon, a bear sighting, and a man with a torto...
Peter Bromberg
 
Who will test your tests?
Who will test your tests?Who will test your tests?
Who will test your tests?
Yahya Poonawala
 
ORM: Por que isso te interessa? (TDC2010)
ORM: Por que isso te interessa? (TDC2010)ORM: Por que isso te interessa? (TDC2010)
ORM: Por que isso te interessa? (TDC2010)
Antonio Zegunis
 
Creating Compelling Digital Stories
Creating Compelling Digital StoriesCreating Compelling Digital Stories
Creating Compelling Digital Stories
Alan Levine
 
Brian Tracy - High Performance Leadership 14.
Brian Tracy - High Performance Leadership 14.Brian Tracy - High Performance Leadership 14.
Brian Tracy - High Performance Leadership 14.
Önfejlesztő Műhely
 
Játékosítás lépésről lépésre
Játékosítás lépésről lépésreJátékosítás lépésről lépésre
Játékosítás lépésről lépésre
Zsombor Fekete
 
BB Coaching - Business Model You
BB Coaching - Business Model YouBB Coaching - Business Model You
BB Coaching - Business Model You
Benedek Frank, MBA
 
Presentation kt zfz_20apr15
Presentation kt zfz_20apr15Presentation kt zfz_20apr15
Presentation kt zfz_20apr15
Zalia Fatin Zaini
 
HR controlling 2011
HR controlling 2011HR controlling 2011
HR controlling 2011Krisztina Timar
 
Leadership in perspectives
Leadership in perspectivesLeadership in perspectives
Leadership in perspectives
Rolling Plans Pvt. Ltd.
 
Modern Motivation and Employee Engagement Theories
Modern Motivation and Employee Engagement TheoriesModern Motivation and Employee Engagement Theories
Modern Motivation and Employee Engagement Theories
Svetlana Lyons
 
HR Business Partners - marketing yourself!
HR Business Partners - marketing yourself!HR Business Partners - marketing yourself!
HR Business Partners - marketing yourself!
Krisztina Timar
 
Employee Motivation
Employee MotivationEmployee Motivation
Employee Motivation
Andleeb Joyia
 
Leadership Perspectives
Leadership PerspectivesLeadership Perspectives
Leadership Perspectives
amyeandrews
 
Hay system
Hay systemHay system
Hay system
Maged Elsakka
 
Financial and non financial motivation
Financial and non financial motivationFinancial and non financial motivation
Financial and non financial motivation
sarameeajan
 
Non monetary non-financial incentives - compensation management - Manu Melwin...
Non monetary non-financial incentives - compensation management - Manu Melwin...Non monetary non-financial incentives - compensation management - Manu Melwin...
Non monetary non-financial incentives - compensation management - Manu Melwin...
manumelwin
 
Hay jobs evaluation
Hay jobs evaluationHay jobs evaluation
Hay jobs evaluation
HR Association
 
A New Blueprint for HR
A New Blueprint for HRA New Blueprint for HR
A New Blueprint for HR
accenture
 
Hr functions and strategy ppt
Hr functions and strategy pptHr functions and strategy ppt
Hr functions and strategy ppt
LOLITA GANDIA
 
Functions and Activities of HRM
Functions and Activities of HRMFunctions and Activities of HRM
Functions and Activities of HRM
Sharon Geroquia
 
Basic of Human Resource Management
Basic of Human Resource ManagementBasic of Human Resource Management
Basic of Human Resource Management
Ashit Jain
 
Basic Concepts of Organisational Behaviour
Basic Concepts of Organisational BehaviourBasic Concepts of Organisational Behaviour
Basic Concepts of Organisational Behaviour
manishray
 
Introduction to human resource management
Introduction to human resource managementIntroduction to human resource management
Introduction to human resource management
Tanuj Poddar
 
Chapter 1 Organizational Behaviour
Chapter 1 Organizational Behaviour Chapter 1 Organizational Behaviour
Chapter 1 Organizational Behaviour
Dr. Rajasshrie Pillai
 
Human Resource Management
Human Resource ManagementHuman Resource Management
Human Resource Management
gumbhir singh
 
Operating Docker
Operating DockerOperating Docker
Operating Docker
Jen Andre
 
Hacking mail server
Hacking mail serverHacking mail server
Hacking mail server
FREDDY KEKANA
 

More Related Content

Viewers also liked

BB Coaching - Business Model You
BB Coaching - Business Model YouBB Coaching - Business Model You
BB Coaching - Business Model You
Benedek Frank, MBA
 
Presentation kt zfz_20apr15
Presentation kt zfz_20apr15Presentation kt zfz_20apr15
Presentation kt zfz_20apr15
Zalia Fatin Zaini
 
Leadership in perspectives
Leadership in perspectivesLeadership in perspectives
Leadership in perspectives
Rolling Plans Pvt. Ltd.
 
Modern Motivation and Employee Engagement Theories
Modern Motivation and Employee Engagement TheoriesModern Motivation and Employee Engagement Theories
Modern Motivation and Employee Engagement Theories
Svetlana Lyons
 
HR Business Partners - marketing yourself!
HR Business Partners - marketing yourself!HR Business Partners - marketing yourself!
HR Business Partners - marketing yourself!
Krisztina Timar
 
Employee Motivation
Employee MotivationEmployee Motivation
Employee Motivation
Andleeb Joyia
 
Leadership Perspectives
Leadership PerspectivesLeadership Perspectives
Leadership Perspectives
amyeandrews
 
Hay system
Hay systemHay system
Hay system
Maged Elsakka
 
Financial and non financial motivation
Financial and non financial motivationFinancial and non financial motivation
Financial and non financial motivation
sarameeajan
 
Non monetary non-financial incentives - compensation management - Manu Melwin...
Non monetary non-financial incentives - compensation management - Manu Melwin...Non monetary non-financial incentives - compensation management - Manu Melwin...
Non monetary non-financial incentives - compensation management - Manu Melwin...
manumelwin
 
Hay jobs evaluation
Hay jobs evaluationHay jobs evaluation
Hay jobs evaluation
HR Association
 
A New Blueprint for HR
A New Blueprint for HRA New Blueprint for HR
A New Blueprint for HR
accenture
 
Hr functions and strategy ppt
Hr functions and strategy pptHr functions and strategy ppt
Hr functions and strategy ppt
LOLITA GANDIA
 
Functions and Activities of HRM
Functions and Activities of HRMFunctions and Activities of HRM
Functions and Activities of HRM
Sharon Geroquia
 
Basic of Human Resource Management
Basic of Human Resource ManagementBasic of Human Resource Management
Basic of Human Resource Management
Ashit Jain
 
Basic Concepts of Organisational Behaviour
Basic Concepts of Organisational BehaviourBasic Concepts of Organisational Behaviour
Basic Concepts of Organisational Behaviour
manishray
 
Introduction to human resource management
Introduction to human resource managementIntroduction to human resource management
Introduction to human resource management
Tanuj Poddar
 
Chapter 1 Organizational Behaviour
Chapter 1 Organizational Behaviour Chapter 1 Organizational Behaviour
Chapter 1 Organizational Behaviour
Dr. Rajasshrie Pillai
 
Human Resource Management
Human Resource ManagementHuman Resource Management
Human Resource Management
gumbhir singh
 

Viewers also liked (20)

BB Coaching - Business Model You
BB Coaching - Business Model YouBB Coaching - Business Model You
BB Coaching - Business Model You
 
Presentation kt zfz_20apr15
Presentation kt zfz_20apr15Presentation kt zfz_20apr15
Presentation kt zfz_20apr15
 
HR controlling 2011
HR controlling 2011HR controlling 2011
HR controlling 2011
 
Leadership in perspectives
Leadership in perspectivesLeadership in perspectives
Leadership in perspectives
 
Modern Motivation and Employee Engagement Theories
Modern Motivation and Employee Engagement TheoriesModern Motivation and Employee Engagement Theories
Modern Motivation and Employee Engagement Theories
 
HR Business Partners - marketing yourself!
HR Business Partners - marketing yourself!HR Business Partners - marketing yourself!
HR Business Partners - marketing yourself!
 
Employee Motivation
Employee MotivationEmployee Motivation
Employee Motivation
 
Leadership Perspectives
Leadership PerspectivesLeadership Perspectives
Leadership Perspectives
 
Hay system
Hay systemHay system
Hay system
 
Financial and non financial motivation
Financial and non financial motivationFinancial and non financial motivation
Financial and non financial motivation
 
Non monetary non-financial incentives - compensation management - Manu Melwin...
Non monetary non-financial incentives - compensation management - Manu Melwin...Non monetary non-financial incentives - compensation management - Manu Melwin...
Non monetary non-financial incentives - compensation management - Manu Melwin...
 
Hay jobs evaluation
Hay jobs evaluationHay jobs evaluation
Hay jobs evaluation
 
A New Blueprint for HR
A New Blueprint for HRA New Blueprint for HR
A New Blueprint for HR
 
Hr functions and strategy ppt
Hr functions and strategy pptHr functions and strategy ppt
Hr functions and strategy ppt
 
Functions and Activities of HRM
Functions and Activities of HRMFunctions and Activities of HRM
Functions and Activities of HRM
 
Basic of Human Resource Management
Basic of Human Resource ManagementBasic of Human Resource Management
Basic of Human Resource Management
 
Basic Concepts of Organisational Behaviour
Basic Concepts of Organisational BehaviourBasic Concepts of Organisational Behaviour
Basic Concepts of Organisational Behaviour
 
Introduction to human resource management
Introduction to human resource managementIntroduction to human resource management
Introduction to human resource management
 
Chapter 1 Organizational Behaviour
Chapter 1 Organizational Behaviour Chapter 1 Organizational Behaviour
Chapter 1 Organizational Behaviour
 
Human Resource Management
Human Resource ManagementHuman Resource Management
Human Resource Management
 

Similar to 50 ton of Backdoors

Operating Docker
Operating DockerOperating Docker
Operating Docker
Jen Andre
 
Hacking mail server
Hacking mail serverHacking mail server
Hacking mail server
FREDDY KEKANA
 
ETCSS: Into the Mind of a Hacker
ETCSS: Into the Mind of a HackerETCSS: Into the Mind of a Hacker
ETCSS: Into the Mind of a Hacker
Rob Gillen
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassThe Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
Rob Fuller
 
Drupal Camp Atlanta 2011 - Drupal Security
Drupal Camp Atlanta 2011 - Drupal SecurityDrupal Camp Atlanta 2011 - Drupal Security
Drupal Camp Atlanta 2011 - Drupal Security
Mediacurrent
 
Linux advanced privilege escalation
Linux advanced privilege escalationLinux advanced privilege escalation
Linux advanced privilege escalation
Jameel Nabbo
 
Chroot Protection and Breaking
Chroot Protection and BreakingChroot Protection and Breaking
Chroot Protection and Breaking
Anton Chuvakin
 
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentRugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
James Wickett
 
The Veil-Framework
The Veil-FrameworkThe Veil-Framework
The Veil-Framework
VeilFramework
 
CLR Exception Handing And Memory Management
CLR Exception Handing And Memory ManagementCLR Exception Handing And Memory Management
CLR Exception Handing And Memory Management
Shiny Zhu
 
HARDENING IN APACHE WEB SERVER
HARDENING IN APACHE WEB SERVERHARDENING IN APACHE WEB SERVER
HARDENING IN APACHE WEB SERVER
Utah Networxs Consultoria e Treinamento
 
Sql Injections With Real Life Scenarious
Sql Injections With Real Life ScenariousSql Injections With Real Life Scenarious
Sql Injections With Real Life Scenarious
Francis Alexander
 
RESEARCHED ARGUMENT ESSAY GUIDELINES (Based on Tom Regan’.docx
RESEARCHED ARGUMENT ESSAY GUIDELINES (Based on Tom Regan’.docxRESEARCHED ARGUMENT ESSAY GUIDELINES (Based on Tom Regan’.docx
RESEARCHED ARGUMENT ESSAY GUIDELINES (Based on Tom Regan’.docx
brittneyj3
 
4Developers 2015: Under the dome (of failure driven pipeline) - Maciej Lasyk
4Developers 2015: Under the dome (of failure driven pipeline) - Maciej Lasyk4Developers 2015: Under the dome (of failure driven pipeline) - Maciej Lasyk
4Developers 2015: Under the dome (of failure driven pipeline) - Maciej Lasyk
PROIDEA
 
Under the Dome (of failure driven pipeline)
Under the Dome (of failure driven pipeline)Under the Dome (of failure driven pipeline)
Under the Dome (of failure driven pipeline)
Maciej Lasyk
 
Drupal Devministration
Drupal DevministrationDrupal Devministration
Drupal Devministration
Darren Mothersele
 
Reversing & malware analysis training part 11 exploit development advanced
Reversing & malware analysis training part 11 exploit development advancedReversing & malware analysis training part 11 exploit development advanced
Reversing & malware analysis training part 11 exploit development advanced
Abdulrahman Bassam
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
Haydn Johnson
 
Ferramentas de apoio ao desenvolvedor
Ferramentas de apoio ao desenvolvedorFerramentas de apoio ao desenvolvedor
Ferramentas de apoio ao desenvolvedor
Luciano Filho
 
Questioning the status quo
Questioning the status quoQuestioning the status quo
Questioning the status quo
Ivano Pagano
 

Similar to 50 ton of Backdoors (20)

Operating Docker
Operating DockerOperating Docker
Operating Docker
 
Hacking mail server
Hacking mail serverHacking mail server
Hacking mail server
 
ETCSS: Into the Mind of a Hacker
ETCSS: Into the Mind of a HackerETCSS: Into the Mind of a Hacker
ETCSS: Into the Mind of a Hacker
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassThe Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
 
Drupal Camp Atlanta 2011 - Drupal Security
Drupal Camp Atlanta 2011 - Drupal SecurityDrupal Camp Atlanta 2011 - Drupal Security
Drupal Camp Atlanta 2011 - Drupal Security
 
Linux advanced privilege escalation
Linux advanced privilege escalationLinux advanced privilege escalation
Linux advanced privilege escalation
 
Chroot Protection and Breaking
Chroot Protection and BreakingChroot Protection and Breaking
Chroot Protection and Breaking
 
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentRugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
 
The Veil-Framework
The Veil-FrameworkThe Veil-Framework
The Veil-Framework
 
CLR Exception Handing And Memory Management
CLR Exception Handing And Memory ManagementCLR Exception Handing And Memory Management
CLR Exception Handing And Memory Management
 
HARDENING IN APACHE WEB SERVER
HARDENING IN APACHE WEB SERVERHARDENING IN APACHE WEB SERVER
HARDENING IN APACHE WEB SERVER
 
Sql Injections With Real Life Scenarious
Sql Injections With Real Life ScenariousSql Injections With Real Life Scenarious
Sql Injections With Real Life Scenarious
 
RESEARCHED ARGUMENT ESSAY GUIDELINES (Based on Tom Regan’.docx
RESEARCHED ARGUMENT ESSAY GUIDELINES (Based on Tom Regan’.docxRESEARCHED ARGUMENT ESSAY GUIDELINES (Based on Tom Regan’.docx
RESEARCHED ARGUMENT ESSAY GUIDELINES (Based on Tom Regan’.docx
 
4Developers 2015: Under the dome (of failure driven pipeline) - Maciej Lasyk
4Developers 2015: Under the dome (of failure driven pipeline) - Maciej Lasyk4Developers 2015: Under the dome (of failure driven pipeline) - Maciej Lasyk
4Developers 2015: Under the dome (of failure driven pipeline) - Maciej Lasyk
 
Under the Dome (of failure driven pipeline)
Under the Dome (of failure driven pipeline)Under the Dome (of failure driven pipeline)
Under the Dome (of failure driven pipeline)
 
Drupal Devministration
Drupal DevministrationDrupal Devministration
Drupal Devministration
 
Reversing & malware analysis training part 11 exploit development advanced
Reversing & malware analysis training part 11 exploit development advancedReversing & malware analysis training part 11 exploit development advanced
Reversing & malware analysis training part 11 exploit development advanced
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
 
Ferramentas de apoio ao desenvolvedor
Ferramentas de apoio ao desenvolvedorFerramentas de apoio ao desenvolvedor
Ferramentas de apoio ao desenvolvedor
 
Questioning the status quo
Questioning the status quoQuestioning the status quo
Questioning the status quo
 

Recently uploaded

Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 

Recently uploaded (20)

Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 

50 ton of Backdoors

  • 1. 50 ton of backdoors Ulisses Castro - Co0L BSidesSP v10 Novembro/2014
  • 2. about me Ulisses Castro https://twitter.com/usscastro http://ulissescastro.com https://www.youtube.com/user/usscastro ● Black magic security specialist ● Subversive thinker as “lifestyle” ● Hardening systems/apps as “jobstyle” ● Problem solver and pentester addictive ● +10 years pro experience ● Bla, bla, bla… http://br.linkedin.com/in/ulissescastro/
  • 3. A ton is a unit of mass, volume, energy or power. http://en.wikipedia.org/wiki/Ton_(disambiguation)
  • 4. motivation Pranks? Intrusion detection? Hardening? (Un)ethical hacking? Exploitation? Reputation? Incident response? Because we can? http://www.passionsmiths.com/admin/images/motivation.jpg MOTIVATION Some people need more than others...
  • 5. disclaimer PLEASE, don’t blame me! YES, next proof of concepts will be with ROOT user. BUT, stick to the point and remember motivations! Upcoming slides will show you how dangerous “native” Linux tools are and how we can own someone in a blink of an eye!
  • 6. “...Like many other Version Control Systems, Git has a way to fire off custom scripts when certain important actions occur. There are two groups of these hooks: client-side and server-side. Client-side hooks are triggered by operations such as committing and merging, while server-side hooks run on network operations such as receiving pushed commits. You can use these hooks for all sorts of reasons…” DEMO GIT HOOKS https://www.youtube.com/watch?v=rCVmWUf8x1E http://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks
  • 7. “...If set, the value is executed as a command prior to issuing each primary prompt.…” DEMO PROMPT_COMMAND https://www.youtube.com/watch?v=lM10kYBoKtg
  • 8. “...It is possible to include other sudoers files from within the sudoers file currently being parsed using the #include and #includedir directives..…” Pound sign (#) as include character? Really? DEMO SUDOERS https://www.youtube.com/watch?v=tkwEn7q0Cc0
  • 9. “...If the first-matched access control rule contains a shell command, that command is subjected to %<letter> substitutions (expansions). The result is executed by a /bin/sh child process with standard input, output and error connected to /dev/null. Specify an `&´ at the end of the command if you do not want to wait until it has completed…” DEMO TCP WRAPPERS https://www.youtube.com/watch?v=mOOZwodcm40 https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Reference_Guide/s1-tcpwrappers-access.html http://www.exploit-db.com/exploits/35234/ - CVE 2014-5284
  • 10. "...File and directory names may be relative or absolute. Absolute names are used directly. Relative paths are looked for in the scripts of each of the following places until found: --datadir $NMAPDIR. ~/.nmap (not searched on Windows). HOMEAppDataRoamingnmap (only on Windows). the directory containing the nmap executable the directory containing the nmap executable, followed by ../share/nmap NMAPDATADIR. the current directory..." DEMO NMAP https://www.youtube.com/watch?v=bPaCfKc4Ow4
  • 11. ProxyCommand, Specifies the command to use to connect to the server... DEMO SSH https://www.youtube.com/watch?v=byoCWf8SEZc
  • 12. "...The Unicode character set contains many strongly homoglyphic characters. These present security risks in a variety of situations..." (Wikipedia) DEMO UNICODE HOMOGLYPHS https://www.youtube.com/watch?v=Os0QKZgvE_I
  • 13. "...List available WiFi access points. iface and bssid options can be used to get just APs for particular interface or specific AP, respectively...." DEMO NETWORK-MANAGER https://www.youtube.com/watch?v=I6kRJbxzcV4
  • 15. “teensyduino” https://www.pjrc.com/teensy/ https://www.pjrc.com/teensy/td_keyboard.html Act like a HID! “The Teensy is a complete USB-based microcontroller development system, in a very small footprint (...)”
  • 17. github project Linux Native Backdoors https://github.com/ulissescastro/linux-native-backdoors Check out … Backdoor demos Native Linux backdoors cmds This presentation Code snipets Fork it! ;-) http://2.bp.blogspot.com/-7QZ3mxD2Z3E/T484QFGOw8I/AAAAAAAABDY/8nf1Xso4UnQ/s1600/hiddendoorway.jpg
  • 19. THANKS! @usscastro // uss.thebug [a] gmail.com