Introduction to pentesting: Maintaining Access with Backdoors and Rootkits

Where do I go from here?

After mastering the basics of backdoors and rootkits, you should expand your horizon by exploring similar tools including Ncat and Socat. Ncat is a modernized version of the original Netcat tool and is included as part of the Nmap project. Ncat improves on the original tool by including many of the original features plus SSL and IPv6 support. Socat is another close Netcat relative that is great for reading and writing network traffic. Socat also extends the original functionality of Netcat by adding support for SSL, IPv6 and several other advanced features.

If you are interested in learning more about backdoors, you should spend time exploring a couple of classic examples including Back Orifice and SubSeven. Back Orifice allows a user to command a control a remote machine. The program was originally released by Sir Dystic in 1998. You can listen to the original talk titled “Cult of the Dead Cow: The announcement of Back Orifice, DirectXploit, and the modular ButtPlugins for BO” by reviewing the Defcon 6 media archives.

Sub7 was originally released in 1999 by Mobman and functions in a client/server manner similar to Back Orifice. Like each of the other tools discussed in this chapter, Sub7 is a software that allows a client to remotely control a server. One interesting point about Sub7 is the fact that after a six-year hiatus, where no development ocurred, project was revived and updated.

If you are interested in expanding your knowledge of rootkits, it’s important to study and master the inner workings of moderns operating systems. Learning the intricate details of an operating system kernel may seem daunting at first, but it’s well worth your time.

This chapter provided a basic overview of the functionality and use of rootkits. It’s important to understand that this material only scratches the surface of rootkits. Advanced topics include hooking system and function calls and understanding the difference between user-mod and kernel-mode kits. Developing a solid grasp of your system programming and programming languages can be extremely beneficial as well.