-
Notifications
You must be signed in to change notification settings - Fork 178
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot get working #2
Comments
root@Kali: root@Kali:~/azazel# make install root@Kali: I might have this running, but I'm not sure. I can't seem to connect to the backdoor (this is on another Kali machine): root@Kali: I'm probably just doing something really dumb. Sorry, but I'm not very good at this. Any help would be excellent. Thanks. |
Google is your friend: Your first issue with missing security/pam_appl.h, the solution will depend on your package management tool but here are two common ones. You're missing pam development files, using RPM run Your second issue with LD_PRELOAD cannot be preloaded, you're assuming that this will run like a typical binary from your working directory. The command you're running If you can't figure it out with this info ask Google. |
Okay thanks, I fixed those errors now. Could someone explain the backdoors and how hooking for that works exactly? I am looking at the documentation, but I'm not understanding it well. Thank you. |
Yes sir, the non PAM, accept backdoors work by intercepting the accept() system call from daemons listening on the system. Before returning a file descriptor to the application, Azazel checks the source port of the remote hosting requesting the connection. If the source port is within LOW_PORT / HIGH_PORT or CRYPT_LOW / CRYPT_HIGH respectively, it silently accepts the connection and listens to the remote host for the hidden shell's password. If the password is correct, the user is rewarded with a shell. Now, in order to set the hooks into a daemon, you need to restart that service to ensure that it uses Azazel's hooked accept() call. I'm marking this issue as closed, but feel free to comment back on this thread if you have any more questions. |
Thanks for the reply- I think I am understanding it a bit more now. In the documentation, it says "For each of these examples we are assuming that sshd is hooked with azazel and able to trigger any of the three operational backdoors." How do I hook into SSH? Also it seems I can't start or restart the SSH service for some reason. On my attacking Kali machine: root@Kali: On the Kali machine with the rootkit: root@Kali: I tried using port 21 where the FTP service is running, but it didn't give me the shell I wanted. Perhaps because it isn't "hooked": Even restarting the daemon: Makes no difference. Thanks. |
You fully installed the kit and injected it using /etc/ld.so.preload? Alternatively you can manually hook different daemons by using the LD_PRELOAD environment variable, but this can be messy. |
Well I ran "make install" and that worked well I think. I believe I also ran "LD_PRELOAD=/lib/libselinux.so bash -l" |
ok, i'm succesfully installed azazel, but connect not work, for example |
Which distro are you using? |
Im try debian7 64bit (proxmox), debian7 i386
|
I too, am interested in hooking individual daemons. I installed everything correctly(far as I can tell) with no errors, but I am having issues connecting to a backdoor. I would like to try to hook to sshd. If I am reading the documentation correctly, I restart the sshd service and LD_PRELOAD=/lib/libselinux.so ssh ? |
root@cp-ub10-01:
# git clone https://github.com/chokepoint/azazel.git# cd azazel/Initialized empty Git repository in /root/azazel/.git/
remote: Counting objects: 44, done.
remote: Compressing objects: 100% (37/37), done.
remote: Total 44 (delta 14), reused 37 (delta 7)
Unpacking objects: 100% (44/44), done.
root@cp-ub10-01:
root@cp-ub10-01:
/azazel# ls/azazel# makeazazel.c azazel.h client.c config.py const.h crypthook.c crypthook.h LICENSE Makefile pam.c pcap.c pcap.h README.md xor.c xor.h
root@cp-ub10-01:
cc -fPIC -g -c azazel.c pam.c xor.c crypthook.c pcap.c
pam.c:8:31: error: security/pam_appl.h: No such file or directory
pam.c:9:34: error: security/pam_modules.h: No such file or directory
pam.c:16: error: expected ‘)’ before ‘’ token
pam.c:36: error: expected ‘)’ before ‘’ token
pam.c:103: error: expected ‘)’ before ‘’ token
pam.c:123: error: expected ‘)’ before ‘’ token
crypthook.c:11:25: error: openssl/evp.h: No such file or directory
crypthook.c:12:25: error: openssl/sha.h: No such file or directory
crypthook.c:13:26: error: openssl/rand.h: No such file or directory
crypthook.c: In function ‘gen_key’:
crypthook.c:42: warning: incompatible implicit declaration of built-in function ‘free’
crypthook.c: In function ‘encrypt_data’:
crypthook.c:63: error: ‘EVP_CIPHER_CTX’ undeclared (first use in this function)
crypthook.c:63: error: (Each undeclared identifier is reported only once
crypthook.c:63: error: for each function it appears in.)
crypthook.c:63: error: ‘ctx’ undeclared (first use in this function)
crypthook.c:78: error: ‘EVP_CTRL_GCM_GET_TAG’ undeclared (first use in this function)
crypthook.c: In function ‘decrypt_data’:
crypthook.c:115: error: ‘EVP_CIPHER_CTX’ undeclared (first use in this function)
crypthook.c:115: error: ‘ctx’ undeclared (first use in this function)
crypthook.c:120: error: ‘EVP_CTRL_GCM_SET_IVLEN’ undeclared (first use in this function)
crypthook.c:127: error: ‘EVP_CTRL_GCM_SET_TAG’ undeclared (first use in this function)
pcap.c:1:23: error: pcap/pcap.h: No such file or directory
In file included from pcap.c:4:
azazel.h:23: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘’ token
In file included from pcap.c:5:
pcap.h:8: error: expected ‘)’ before ‘’ token
pcap.h:9: warning: ‘struct pcap_pkthdr’ declared inside parameter list
pcap.h:9: warning: its scope is only this definition or declaration, which is probably not what you want
pcap.h:10: warning: ‘struct pcap_pkthdr’ declared inside parameter list
pcap.c:7: warning: ‘struct pcap_pkthdr’ declared inside parameter list
pcap.c:7: error: conflicting types for ‘got_packet’
pcap.h:10: note: previous declaration of ‘got_packet’ was here
pcap.c: In function ‘got_packet’:
pcap.c:27: warning: passing argument 2 of ‘old_callback’ from incompatible pointer type
pcap.c:27: note: expected ‘const struct pcap_pkthdr ’ but argument is of type ‘const struct pcap_pkthdr *’
pcap.c:47: warning: passing argument 2 of ‘old_callback’ from incompatible pointer type
pcap.c:47: note: expected ‘const struct pcap_pkthdr *’ but argument is of type ‘const struct pcap_pkthdr *’
pcap.c: At top level:
pcap.c:54: error: expected ‘)’ before ‘’ token
make: *** [libselinux.so] Error 1
root@cp-ub10-01:~/azazel#
and on Kali:
root@Kali:
# git clone https://github.com/chokepoint/azazel.git# cd azazel/Cloning into 'azazel'...
remote: Counting objects: 44, done.
remote: Compressing objects: 100% (37/37), done.
remote: Total 44 (delta 14), reused 37 (delta 7)
Unpacking objects: 100% (44/44), done.
root@Kali:
root@Kali:
/azazel# make/azazel#cc -fPIC -g -c azazel.c pam.c xor.c crypthook.c pcap.c
pam.c:8:31: fatal error: security/pam_appl.h: No such file or directory
compilation terminated.
make: *** [libselinux.so] Error 1
root@Kali:
Any ideas?
The text was updated successfully, but these errors were encountered: