Java BackDoor jbd 3.0 – UPDATE

USE ONLY DURING LEGAL AND AUTHORIZED ACTIVITIES, eg Penetration Tests with a legal agreement.

Java BackDoor 3.0 released!

jbd is a normal backdoor (it is NOT a revershe shell, i am working on it), written in Java. This means you can use it everywhere* without rebuild. Like any backdoor, find a way to upload it on the server, then launch it ( if you use jbd without arguments:  /path/to/java -jar /path/to/jbd-3.0.jar, it will open a backdoor for all IPs at port 65000).

Use java -jar jbd-3.0.jar –help for a detailed help and use guide.

jbd has additional options (by command line, there are no config files) to

  • ** NEW: SSL support to encrypt everything passing through the backdoor and keep your customer’s files safe :)
  • Choose ip and/or port, shell and/or its path (for example, listen only on localhost, port 65432 executing /usr/ucb/i/dont/know/csh)
  • Set a password, either in cleartext (-P option) or in MD5 (-M option); if you choose the second one, run on your PC  java -jar jbd-3.0.jar –md5 YourPasswordHere to display the Java MD5 of the password, then use it on the server with the -M option (this will avoid any potential problem related to MD5)

Jbd features:

  • Easy to use, jut telnet IP PORT where you binded it
  • If you created an SSL jbd, on your clients just use the java -jar jbd-3.0.jar –ssl-client to use the backdoor
  • It can handle multiple clients
  • IT IS NOT INTERACTIVE (do not use command like ssh or passwd!!!)
  • You can use it on both Windows and *X (it was writte and tested mostly on *X operative systems)
  • If a telnet session hangs, just exit (Ctrl+Alt+^], …) and open another one.
  • You can kill the process closing the backdoor and disconnect all clients simply typing Bye. at the prompt, while exit will close only your session.
  • You can set a password
  • You can use cd command to change directory
  • Compatibility with Java JDK > 1.3; theorically it should work even with Java 1.3. SSL compatibility is with JDK > 1.3, but you may give it a try on old servers!
  • Tested on GNU/Linux with Java 1.5, 1.6; tested on MS Windows Xp SP2 and Win7 with Java 1.4, 1.5, 1.6. Tested on Sun OS 5.9/8 with Java 1.4. Tested on HP-UX with an unspecified JVM.
  • Trace client activities on stdout (command and execution code, with –verbose you can add much more output)
  • Has some problems with reverse DNS, some SO tries to do a reverse dns query even if we do not care or want it: this can cause unexpected waits, please be patient

Please post any comment if you find it useful. In addition, post any suggestion and, if you know how, give me hints to implement interactivity in Java (it seems the JVM doesn’t provide a “tty handle” API, but I am not so sure).

I am working on jbd since December 2008; it was born as a “copy/paste” of some classes from wsh backdoor spawn feature. Then I used many times on servers where I could not use C backdoors (lack of compiler) or perl ones (lack of perl). While you may not find perl/gcc or you may have issues with a compiled version of a known backdoor, with Java you have a more standard environment that does not usually fail (but this is not definetely true :)). As i started to use it in a continuous way, I added a password and an SSL funcionality, so this is a quite-tested work created by a tester for other tester: remember, use it only if you are doing something legal and approved.


3 thoughts on “Java BackDoor jbd 3.0 – UPDATE

  1. Nice backdoor, reminds me of similar features in my Javapayload:

    Building a bindshell backdoor using can be done like this:

    java -jar JavaPayload.jar builder EmbeddedJar jbd-fake.jar
    Integrated$_BindMultiTCP 65000 — StageMenu JSh — Shell — StopListening

    Then you can upload jbd-fake.jar (17K) anywhere, run java -jar jbd-fake.jar and use telnet to have a working multi bind shell. You can of course also use a naked stager in your jar (5K) and use JavaPayload on client side to stage your stages to it, but in case you refrained from using JavaPayload because it requires you to use it in the client as well: this is history since 0.3-rc1 :-)

    AES encryption and SSL is supported too – some of the other advanced features like MD5 passwords not, but that does not matter if you “bake” the AES passphrase into your binary :-)

    I have to admit, JavaPayload is more like a toolkit and jbd more like a prebuilt Swiss Army Knife, so depending on what you need you can choose your tool :-)

    • seems that the blogging software does not like multiple dashes – here it is more explicitly (spaces between dashes have to be removed):

      java -jar JavaPayload.jar builder EmbeddedJar jbd-fake.jar
      Integrated$_BindMultiTCP 65000 – – StageMenu JSh – – – Shell – – -StopListening

      • Thank you, i didn’t know about your java payload project, i delicioused it, I think it is very very interesting. I will surely try it in the lab or in a PT, as soon as I have a moment :)

        Completely agree with you, mine was just an evolution of a quick&dirty way to get a backdoor in some environments (HP-UX, old SunOS & Tru64!) where I was not able to find a compiler or a python/perl installation or event bash. I created wsh and jdb about 3-4 years ago; at that time, it was very hard to find a backdoor purely in Java…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s