JadedWraith - Light-weight UNIX Backdoor

Lightweight UNIX backdoor for ethical hacking. Useful for red team engagements and CTFs. Something I wrote a few years ago as part of a game I was playing with a friend to try to backdoor as many VMs in each other’s labs without being caught or having our tools reverse engineered/signatured.

Features

JadedWraith is a powerful backdoor capable of either listening on a TCP port or sniffing packets for a “magic” ICMP packet instructing the backdoor to either callback or listen. This is partly inspired by tools such as PRISM , however, unlike PRISM JadedWraith incorporates shoddy cryptography to obfuscate command and control. JadedWraith can be used to execute remote commands or upload follow on payloads.

JadedWraith can be compiled as a standalone executable or as a shared object for process injection.

Components

The source code for the actual implant can be found inside the src directory. client contains a simple python based client for interacting with JadedWraith. The conf_jawr script is used to configure new JadedWraith executables.

Dependencies

The implant requires a modern C library and libpthread. Depending on the target operating system, libpcap may be required (In which case, it you must run the./configure script with --use-libpcap to enable libpcap support).

The Python configuration script and client require the the following packages to work: termcolor, pycryptodomex

How to compile

Simply use the Makefile to compile. Note: The resulting binaries found in bin must be configured before they can be used.

$ ./configure $ make $ ls -lart bin -rwxrwxr-x. 1 root root 19712 Jul 31 13:08 JadedWraith-2.0.0-Linux-x86_64.elf

How to configure

Use the conf_jawr script to configure JadedWraith executables. It will search the bin directory for JadedWraith executables to configure. The configured binary will be written to the configured directory.

$ ./conf_jawr JadedWraith Configuration

Please choose a JadedWraith binary to use:

1. JadedWraith-2…