Results 1 to 7 of 7

Thread: [Script][Videp] evilDEB.sh (v0.1)

Hybrid View

  1. #1
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Lightbulb [Script] [Video] evilDEB.sh (v0.1)

    Links
    Watch video on-line: http://g0tmi1k.blip.tv/file/3946972Download video: http://www.mediafire.com/?3528ebkqs469g4v
    Download (evilDEB.sh): http://www.mediafire.com/?7aoorgly77teuzo


    What is this?
    This video demonstrates how easy and dangerous it is to inject a backdoor (a metasploit payload) into a .deb file (Debian software package).


    How does this work?

    • Either, download or copy the .deb file to /tmp
    • Extract all the files from the .deb
    • Extract any information about the .deb
    • Create a payload (via metasploit)
    • Inject payload into the deb file
    • Repackage the .deb
    • Start a web server (Not needed...just "helps")
    • Prepare metasploit


    • When the deb is run, it requires root access, which the payload takes advantage of. (=


    What do I need?

    • evilDEB.sh ---The script (see above)
    • Metasploit --- On Backtrack 4 final
    • A deb file--- Optional!



    How to use it?

    • bash evilDEB.sh --- No command lines - automatically downloads "xbomb" and uses that
    • -i [interface] --- Changes interface (defaults is eth0 - check with ifconfig)
    • -d [deb] --- Uses a different deb file. *Has to be the whole path *
    • -h --- Help



    Commands:
    Code:
    bash evilDEB.sh
    hostname
    hostname
    whoami
    ifconfig
    cat /etc/passwd
    exit
    bash evilDEB.sh -h
    bash evilDEB.sh -d /root/gedit_2.30.3-0ubuntu0.1_i386.deb
    --------------------------------------
    ifconfig
    kate evilDEB.sh
    Notes:
    • If your interface isn't eth0, you'll need to either edit the file or use "-i [interface]". Check with "ifconfig"
    • This may not work with every .deb file out there!
    • This is a rushed script


    Song: LMC V U2 - Take Me to the Clouds Above
    Video length: 3:19
    Capture length: 4:18

    Blog Post: http://g0tmi1k.blogspot.com/2010/07/script-video-evildebshv01.html
    Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/31062-%5Bscript%5D%5Bvidep%5D-evildeb-sh-v0-1-a.html#post170151
    Last edited by g0tmi1k; 03-05-2011 at 01:55 PM.
    Have you...g0tmi1k?

  2. #2
    Member m0j4h3d's Avatar
    Join Date
    Jan 2010
    Posts
    84

    Default Re: [Script][Videp] evilDEB.sh (v0.1)

    10x for the thread nice one .. but i have problem and some questions, it might be silly .. but take a look
    first
    if i have to create a payload using metasploit,,then where do i have to put it,,or the script creates it auto . if that i need my ip ,, i've putted it in the script so where the payload goes ? any explanations !

    on the other hand take a look for what is happining
    Code:
    root@bt:~# bash evilDEB-v0.1.sh -i wlan0[*] g0tmilk's evilDEB v0.1
    [>] Checking environment...
    [>] Downloading .DEB...
    [>] Extracting .DEB...
    [>] Creating payload...
    [>] Injecting payload...
    [>] Creating .DEB file...
    [>] Running web server... (http://92.62.166.218:8000)
    [>] Running metasploit...
    Serving HTTP on 0.0.0.0 port 8000 ...[*] Please wait while we load the module tree...
    /opt/metasploit3/msf3/lib/msf/core/data_store.rb:93:in `each': The argument could not be parsed correctly. (Rex::ArgumentParseError)
            from /opt/metasploit3/msf3/lib/msf/core/data_store.rb:93:in `import_options_from_s'
            from /opt/metasploit3/msf3/msfcli:140:in `<main>'
    
    [>] Cleaning up...
    evilDEB-v0.1.sh: line 16: 10751 Terminated              python -m SimpleHTTPServer
    [>] Done! (= Have you... g0tmi1k?
    seems it facing error

    hope replay ,, @ end ,, thanks
    ---> 3v3RY D4y P4ss3S 1 f0uNd N3W th1NGs <---
    Knowing how 2 use BT dsnt mean that u r hacker

  3. #3
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script][Videp] evilDEB.sh (v0.1)

    Quote Originally Posted by m0j4h3d View Post
    10x for the thread nice one .. but i have problem and some questions, it might be silly .. but take a look
    first
    if i have to create a payload using metasploit,,then where do i have to put it,,or the script creates it auto . if that i need my ip ,, i've putted it in the script so where the payload goes ? any explanations !

    on the other hand take a look for what is happining
    Code:
    root@bt:~# bash evilDEB-v0.1.sh -i wlan0[*] g0tmilk's evilDEB v0.1
    [>] Checking environment...
    [>] Downloading .DEB...
    [>] Extracting .DEB...
    [>] Creating payload...
    [>] Injecting payload...
    [>] Creating .DEB file...
    [>] Running web server... (http://92.62.166.218:8000)
    [>] Running metasploit...
    Serving HTTP on 0.0.0.0 port 8000 ...[*] Please wait while we load the module tree...
    /opt/metasploit3/msf3/lib/msf/core/data_store.rb:93:in `each': The argument could not be parsed correctly. (Rex::ArgumentParseError)
            from /opt/metasploit3/msf3/lib/msf/core/data_store.rb:93:in `import_options_from_s'
            from /opt/metasploit3/msf3/msfcli:140:in `<main>'
    
    [>] Cleaning up...
    evilDEB-v0.1.sh: line 16: 10751 Terminated              python -m SimpleHTTPServer
    [>] Done! (= Have you... g0tmi1k?
    seems it facing error

    hope replay ,, @ end ,, thanks
    This SHOULD automate everything, so you don't need to create the payload (therefore no need able worrying where the exploit/payload goes!).
    The same goes with your IP, it SHOULD automatically find it. It reads the value (either from the script, or the command line) to trys to find your IP address on that interface.

    As I said in the post, this script was rushed.
    There isnt too much "checking/debugging" stuff going on...
    Im not 100% sure why your getting that error.
    What DEB file are you trying to inject into?
    Does metasploit create payloads okay?
    Im going to look into this - but Ive got a lot of other things to be doing before I can
    Have you...g0tmi1k?

  4. #4
    Member m0j4h3d's Avatar
    Join Date
    Jan 2010
    Posts
    84

    Default Re: [Script][Videp] evilDEB.sh (v0.1)

    thanks for your replay g0tmi1k,,,, i modified the ip in the code in the script .. i have static ip externally and i fw what i need from the router ,,, any way thanks
    -----------
    go FW until u finish it ,,also am gonna search for a solution ,,, cu
    ---> 3v3RY D4y P4ss3S 1 f0uNd N3W th1NGs <---
    Knowing how 2 use BT dsnt mean that u r hacker

  5. #5
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script][Videp] evilDEB.sh (v0.1)

    *Think I understand now*
    Your welcome?
    Have you...g0tmi1k?

  6. #6
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    17

    Default Re: [Script][Videp] evilDEB.sh (v0.1)

    Mediafire links don't currently seem to be working, could just be high traffic but figured i'd let you know in case it isn't.

  7. #7
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Script][Videp] evilDEB.sh (v0.1)

    Quote Originally Posted by kernel831 View Post
    Mediafire links don't currently seem to be working, could just be high traffic but figured i'd let you know in case it isn't.
    Thanks for reporting.
    Ive just tested all the links - they seem to be working now.
    I will be soon mirroring all the scripts on googlecode and you can download the videos from blip.tv as well.
    Have you...g0tmi1k?

Similar Threads

  1. Replies: 6
    Last Post: 10-08-2010, 11:40 PM
  2. Replies: 10
    Last Post: 07-12-2010, 03:04 PM
  3. Script help
    By isdigit in forum OLD Newbie Area
    Replies: 2
    Last Post: 08-21-2009, 02:35 AM
  4. WPA script
    By procraft7399 in forum OLD Newbie Area
    Replies: 27
    Last Post: 04-29-2009, 10:10 AM
  5. LZM Script/lzm2dir script
    By unseen in forum OLD Tutorials and Guides
    Replies: 2
    Last Post: 11-29-2007, 02:51 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •