evilDEB.sh (v0.1)

This video demonstrates how easy and dangerous it is to inject a backdoor (a metasploit payload) into a .deb file (Debian software package).

Links

Watch video on-line:

Download video: http://download.g0tmi1k.com/videos_archive/evilDEB_v0.1.mp4

Download (evilDEB.sh): *Coming soon*

Method

  • Either, download or copy the .deb file to /tmp
  • Extract all the files from the .deb
  • Extract any information about the .deb
  • Create a payload (via Metasploit)
  • Inject payload into the deb file
  • Repackage the .deb
  • [*] Start a web server (Not needed... just "helps")
  • Prepare metasploit
  • [*] When the deb is run, it requires root access, which the payload takes advantage of. =)

Tools

  • evilDEB.sh - The script (see above)
  • Metasploit - On Backtrack 4 final
  • A deb file - Optional!

How to use it?

  • bash evilDEB.sh - No command lines - automatically downloads "xbomb" and uses that
  • -i [interface] - Changes interface (defaults is eth0 - check with ifconfig)
  • -d [deb]- Uses a different deb file. Has to be the whole path
  • -h - Help

Commands

1
2
3
4
5
6
7
8
9
10
11
12
bash evilDEB.sh
hostname
hostname
whoami
ifconfig
cat /etc/passwd
exit
bash evilDEB.sh -h
bash evilDEB.sh -d /root/gedit_2.30.3-0ubuntu0.1_i386.deb
--------------------------------------
ifconfig
kate evilDEB.sh

Notes

  • If your interface isn't eth0, you'll need to either edit the file or use "-i [interface]". Check with "ifconfig"
  • This may not work with every .deb file out there!
  • This is a rushed script

Song: LMC V U2 - Take Me to the Clouds Above

Video length: 3:19

Capture length: 4:18

Blog Post: https://blog.g0tmi1k.com/2010/07/evildebsh-v01/