-
Notifications
You must be signed in to change notification settings - Fork 575
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Having trouble in getting the backdoor to work #12
Comments
You have to install the rootkit only on victim machine. On your attacker machine you will only run the client. I did the shellscript and makefiles to generate the client on the victim to give you a way to attack from the victim to another hosts in the network. But from your main attack machine perspective you only have to compile knock.c just typing:
You have to chose the protocol, target address, source address (if you want spoof your address), the payload with key+ip+port. You dont need to use netcat, cause I already have implement the listener, just use -l options at the end. Something like that:
Take a look into the code and change the key on heavens_door.c if you want. I think it helps you. F0rb1dd3n |
Hello, Should I run ./heavens_door command first on the victim machine? |
No man, Reptile already run heavens_door for you and hide her processes. You just have to run ./installer.sh install and nothing more. Also, heavens_door doesnt listen any port, that is a port knocking backdoor, she just inspect the packets that are being received on the machine, and returns a shell if is a right packet. Originally I have configured just to inspect packets received via ICMP or TCP on port 80 or UDP on port 53. But that is irrelevant, you can change this. There is not a listen port, but a inspection of packets that are targeting a port. |
Hello, I have doubt in the <reverse IP> in the line below: -d Data to knock on backdoor: "<key> <reverse IP> <reverse Port>" If my real source ip is 192.168.2.13, should I use -d "F0rb1dd3n 31.2.861.291 4444" in reverse form instead of -d "F0rb1dd3n 192.168.2.13 4444"? |
no man, you have to use the normal form -d "F0rb1dd3n 192.168.2.13 4444" The client will do all the job for you. |
@rabbpigPan are you having any another trouble? Can we close this issue? |
Yes, I am still having trouble in getting the backdoor to work. After I entered the correct source IP and target IP, Knock Knock on Heaven's (Back)Door Knock knock Neo... [+] Knocking with UDP protocol it only showed the information above and didn't prompt the reverse shell for a long time. Does it support the NAT network or only work on the local network? |
This backdoor does not support NAT, only local network |
Thanks for your reply. You can close the issue now. |
Does not support the public network, only supports the internal network? |
Just the internal, unless you have a NAT |
Hello, I'm not sure if I'm supposed to install the rootkit on both the client and the server, or whether this is something that you catch over netcat.
The text was updated successfully, but these errors were encountered: