Java BackDoor jbd 2.0 – UPDATE

USE ONLY DURING LEGAL AND AUTHORIZED ACTIVITIES, eg Penetration Tests with a legal agreement.

Java BackDoor 2.0 released!

jbd is a normal backdoor (it is NOT a revershe shell, i am working on it), written in Java. This means you can use it everywhere* without rebuild. Like any backdoor, find a way to upload it on the server, then launch it ( if you use jbd without arguments:  /path/to/java -jar jbd-2.0.jar, it will open a backdoor for all IPs at port 65000).

jbd has additional options (by command line, there are no config files) to

  • Choose ip and/or port, shell and/or its path (for example, listen only on localhost, port 65432 executing /usr/ucb/i/dont/know/csh)
  • Set a password, either in cleartext (-P option) or in MD5 (-M option); if you choose the second one, run on your PC java -jar jbd-2.0.jar –md5 YourPasswordHere to display the Java MD5 of the password, then use it on the server with the -M option (this will avoid any potential problem related to MD5)

Jbd features:

  • Easy to use, jut telnet IP PORT where you binded it
  • It can handle multiple clients
  • IT IS NOT INTERACTIVE (do not use command like ssh or passwd!!!)
  • You can use it on both Windows and *X (it was writte and tested mostly on *X operative systems)
  • If a telnet session hangs, just exit (Ctrl+Alt+^], …) and open another one.
  • You can kill the process closing the backdoor and disconnect all clients simply typing Bye. at the prompt
  • You can set a password
  • You can use cd command to change directory
  • Compatibility with Java JDK > 1.3; theorically it should work even with Java 1.3
  • Tested on Java 6/5/1.4 and GNU/Linux; tested on MS Windows (has some bugs). Tested on Sun OS 5.9/8. Tested on HP-UX ???.
  • Trace client activities on stdout (command and execution code, with –verbose you can add much more output)
  • Has some problems with reverse DNS, some SO tries to do revdns even if we do not care: this can cause unexpected waits, please be patient

Please post any comment if you find it useful. In addition, post any suggestion and, if you know how, give me hints to implement interactivity in Java (it seems the JVM doesn’t provide a “tty handle” API, but I am not so sure)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s