Undetectable backdoor SAdoor
Posted by creining | Filed under Security
There’s a neat backdoor program called SAdoor that can be compiled on *nix platforms. You run SAdoor server on the …ahem… remotely administered box, which pcap filters
(non-listening mode, won’t show up in a port scan for example) looking for a
particular sequence of tcp packets. This sequence can consist of the
ports and tcp flags of your choosing and come from spoofed addresses.
When this initial sequence is completed successfully by running the
SAdoor client, the server will listen for the right combination of source
address, tcp flag, and port for the command that is to be executed. The
SAdoor client and server communicate using libblowfish by default. Very cool.
Comments are closed.