This video demonstrates how easy and dangerous it is to inject a backdoor (a metasploit payload) into a .deb file (Debian software package).
Watch video on-line:
Download video: http://download.g0tmi1k.com/videos_archive/evilDEB_v0.1.mp4
- Either, download or copy the .deb file to /tmp
- Extract all the files from the .deb
- Extract any information about the .deb
- Create a payload (via Metasploit)
- Inject payload into the deb file
- Repackage the .deb
- [*] Start a web server (Not needed... just "helps")
- Prepare metasploit
- [*] When the deb is run, it requires root access, which the payload takes advantage of. =)
- evilDEB.sh - The script (see above)
- Metasploit - On Backtrack 4 final
- A deb file - Optional!
How to use it?
bash evilDEB.sh- No command lines - automatically downloads "xbomb" and uses that
-i [interface]- Changes interface (defaults is eth0 - check with ifconfig)
-d [deb]- Uses a different deb file. Has to be the whole path
1 2 3 4 5 6 7 8 9 10 11 12
- If your interface isn't eth0, you'll need to either edit the file or use "
-i [interface]". Check with "
- This may not work with every .deb file out there!
- This is a rushed script
Video length: 3:19
Capture length: 4:18