Educational trojan horse.
Make will generate an exec called Durex.
If you launch it, it'll simply print a string.
In the background here's what's happening:
- Compiling and creating a malware daemon called /bin/Durex
- Config init.d to launch the malware at each boot of the system (call the malware service "antivirus")
- Execute the malware
Here's what the malware does:
- Log all keyboard inputs
- Backdoor (root shell on network), connecting to 4242 with a password will let you pop a root shell available on port 4243
- The malware will trick programs such as netstat, top, htop making them believe it's called FirewallService and not /bin/Durex
./run.sh
docker exec -it durex /bin/bash
cd /durex/srcs; make
cd srcs; make