Cymothoa包装说明
Cymothoa是一个隐形backdooring工具,即借壳注入的shellcode的到现有的过程。该工具使用ptrace的库(适用于几乎所有的* nix中),操作流程和感染他们。 资料来源:http://cymothoa.sourceforge.net/
- 作者:codwizard,crossbower
许可:GPL第二版
0x01 包含在cymothoa包工具
bgrep - 二进制的grep
:~# bgrep bgrep version: 0.2 usage: bgrep <hex> [<path> [...]]0x02 cymothoa - 隐形backdooring工具
:~# cymothoa -h _ _ | | ____ _ _ ____ ___ _| |_| |__ ___ _____ / ___) | | | \ / _ (_ _) _ \ / _ \(____ | ( (___| |_| | | | | |_| || |_| | | | |_| / ___ | \____)\__ |_|_|_|\___/ \__)_| |_|\___/\_____| (____/ Ver.1 (beta) - Runtime shellcode injection, for stealthy backdoors... By codwizard ( ) and crossbower ( ) from ES-Malaria by ElectronicSouls (http://www.0x4553.org). Usage: cymothoa -p <pid> -s <shellcode_number> [options] Main options: -p process pid -s shellcode number -l memory region name for shellcode injection (default /lib/ld) search for "r-xp" permissions, see /proc/pid/maps... -m memory region name for persistent memory (default /lib/ld) search for "rw-p" permissions, see /proc/pid/maps... -h print this help screen -S list available shellcodes Injection options (overwrite payload flags): -f fork parent process -F don't fork parent process -b create payload thread (probably you need also -F) -B don't create payload thread -w pass persistent memory address -W don't pass persistent memory address -a use alarm scheduler -A don't use alarm scheduler -t use setitimer scheduler -T don't use setitimer scheduler Payload arguments: -j set timer (seconds) -k set timer (microseconds) -x set the IP -y set the port number -r set the port number 2 -z set the username (4 bytes) -o set the password (8 bytes) -c set the script code (ex: "#!/bin/sh\nls; exit 0") escape codes will not be interpreted...0x03 udp_server - UDP服务器Cymothoa
:~# udp_server usage: udp_server port0x04 cymothoa用法示例
:~# coming soon
原文来自:https://www.hackfun.org/kali-tools/cymothoa_zh.html。转载请注明原出处,商用请联系原作者授权。