Running cd00r

  • Download the cd00r.c source code and get it to compile for 64 bit linux with debug disabled.
  1. What are the steps that were required to make that happen?
  • Execute the binary
  1. Why did you have to run as root? This is very important.
  2. What ethernet interface are you listening on? Why?
  • Run "sudo lsof | grep raw"
  1. What does that show you? Why?
  • Set up a nc listener to catch the reverse shell
  • Activate the backdoor using nc -z
  • Start listening on the right interface in Wireshark and watch what happens.
  1. What do you see?
  • Run srings, ldd, readelf, strace on the file
  1. What do you find?
  • Submit the elf to VirusTotal
  1. What did VirusTotal detect it as?