Linux Backdoor Techniques

Secondary Categories: 02-Persistence

Description:

There are some really good backdoors that can be reference such as BPFdoor and watershell. There is a great article that breaks down BDFdoor here.

Storage

The typical move is to just place the binary in /tmp but a better method is placing it in /dev/shm this location is ram file storage so if a file is stored here then if the system crashes, reboots, or shutsdown then the file is deleted.

PID Dropper

A zero byte file can be created and placed in /var/run/<BINARY> and used to check if the file has ran on this system before. The caveat is that this file can be left on the system even after reboots

Timestompping

touch -d 20120101 /tmp/goldenfile
touch -r /tmp/goldenfile <BACKDOOR BINARY>

Resources:

Title	URL
place	holder

Also Check Out:

PLACEHOLDER

The Void 🌌

Explorer

Linux Backdoor Techniques

Description:

Storage

PID Dropper

Timestompping

Resources:

Also Check Out:

Graph View

Backlinks

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer

Explorer

Table of Contents

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer