Headline
JadedWraith - Light-weight UNIX Backdoor
Lightweight UNIX backdoor for ethical hacking. Useful for red team engagements and CTFs. Something I wrote a few years ago as part of a game I was playing with a friend to try to backdoor as many VMs in each other’s labs without being caught or having our tools reverse engineered/signatured.
Features
JadedWraith is a powerful backdoor capable of either listening on a TCP port or sniffing packets for a “magic” ICMP packet instructing the backdoor to either callback or listen. This is partly inspired by tools such as PRISM , however, unlike PRISM JadedWraith incorporates shoddy cryptography to obfuscate command and control. JadedWraith can be used to execute remote commands or upload follow on payloads.
JadedWraith can be compiled as a standalone executable or as a shared object for process injection.
Components
The source code for the actual implant can be found inside the src directory. client contains a simple python based client for interacting with JadedWraith. The conf_jawr script is used to configure new JadedWraith executables.
Dependencies
The implant requires a modern C library and libpthread. Depending on the target operating system, libpcap may be required (In which case, it you must run the./configure script with --use-libpcap to enable libpcap support).
The Python configuration script and client require the the following packages to work: termcolor, pycryptodomex
How to compile
Simply use the Makefile to compile. Note: The resulting binaries found in bin must be configured before they can be used.
$ ./configure $ make $ ls -lart bin -rwxrwxr-x. 1 root root 19712 Jul 31 13:08 JadedWraith-2.0.0-Linux-x86_64.elf
How to configure
Use the conf_jawr script to configure JadedWraith executables. It will search the bin directory for JadedWraith executables to configure. The configured binary will be written to the configured directory.
$ ./conf_jawr JadedWraith Configuration
Please choose a JadedWraith binary to use:
- JadedWraith-2…