A Linux backdoor that is activated using a “port knocking” scheme
backdoor.cpp:
It is a hidden backdoor service that passively scans incoming packets. When a client makes connection attempts on a prespecified sequence of closed ports, it fetches a Linux command from a preconfigured remote server and executes it.
Command execution syntax: backdoor <path-to-config-file> <URL>
The configuration file will contain the port sequence (one number per line). After the program has received the correct packets in the correct order that match the port-knocking sequence it makes a request to the URL parameter, fetches a linux command and executes it in the local system.
Note: run the program as root to get access to raw sockets.
knocker.c:
The configuration file will contain the port sequence (one per line) and the IP address should be the target IPv4 address that runs the backdoor service.
Command execution syntax: knocker <path-to-config-file> <backdoor-IP>
The primary purpose of port knocking is to prevent an attacker from scanning a system for potentially exploitable services by doing a port scan. Unless the attacker sends the correct knock sequence, the protected ports will appear closed.